Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Wilokii Trojaner - Bitte um Hilfe (https://www.trojaner-board.de/157335-wilokii-trojaner-bitte-um-hilfe.html)

StephanL 07.08.2014 16:34
Wilokii Trojaner - Bitte um Hilfe
 
Hallo, mein erster Post in diesem Forum und ich hoffe man kann mir helfen. Habe heute auf dem System von meinen Eltern einen neuen Virenscanner installiert und dann die Meldung bekommen, dass der Trojaner Wilokii gefunden wurde. Daraufhin habe ich gegoogelt, was man machen kann und bin eurem Forum gelandet.

Ich bin auf diesen Thread gestoßen:
http://www.trojaner-board.de/143670-...entfernen.html

Habe dann versucht, den Schritten wie beschrieben zu folgen.
Zuerst mit Malwarebytes, dann ADW Cleaner, dann JWR Tool (Logs siehe Anhang).
Abschließend habe ich ESET laufen lassen. Leider wurden da aber wieder Bedrohungen gefunden. Und jetzt benötige ich eure Hilfe .Wie kriege ich das System wieder sauber?

Vielen Dank für die Hilfe.
Stephan

schrauber 07.08.2014 16:37
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

StephanL 07.08.2014 16:45
okay, danke für den Hinweis!
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 07.08.2014
Scan Time: 15:22:24
Logfile: MWAB814.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.07.02
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Wolfgang und Anne

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 285572
Time Elapsed: 10 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.Whilokii.A, C:\Program Files (x86)\Whilokii\updateWhilokii.exe, 2416, Delete-on-Reboot, [a618665d13681d19e66d6df29b668f71]
PUP.Optional.Whilokii.A, C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe, 2852, Delete-on-Reboot, [97273d864c2f34029ab9372805fc827e]

Modules: 0
(No malicious items detected)

Registry Keys: 118
PUP.Optional.Whilokii.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Whilokii, Quarantined, [a618665d13681d19e66d6df29b668f71],
PUP.Optional.Whilokii.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Whilokii, Quarantined, [97273d864c2f34029ab9372805fc827e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\APPID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}, Quarantined, [5b6310b3631840f6234fd0cf679b2dd3],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3COMClassService, Quarantined, [5b6310b3631840f6234fd0cf679b2dd3],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3COMClassService.1.0, Quarantined, [5b6310b3631840f6234fd0cf679b2dd3],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3COMClassService, Quarantined, [5b6310b3631840f6234fd0cf679b2dd3],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3COMClassService.1.0, Quarantined, [5b6310b3631840f6234fd0cf679b2dd3],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}, Quarantined, [5b6310b3631840f6234fd0cf679b2dd3],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}, Quarantined, [5b6310b3631840f6234fd0cf679b2dd3],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\APPID\{D34F391D-4CB7-467F-A543-F583857C63B0}, Quarantined, [7e4009ba671414220571623d9f6321df],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc, Quarantined, [7e4009ba671414220571623d9f6321df],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [7e4009ba671414220571623d9f6321df],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc, Quarantined, [7e4009ba671414220571623d9f6321df],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [7e4009ba671414220571623d9f6321df],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D34F391D-4CB7-467F-A543-F583857C63B0}, Quarantined, [7e4009ba671414220571623d9f6321df],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}, Quarantined, [7e4009ba671414220571623d9f6321df],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [6c525172fc7fce68e1069607b64c3ac6],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, Quarantined, [6c525172fc7fce68e1069607b64c3ac6],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}, Quarantined, [516df8cb5328f4425811f4aba45e07f9],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebSvc.1.0, Quarantined, [516df8cb5328f4425811f4aba45e07f9],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebSvc, Quarantined, [516df8cb5328f4425811f4aba45e07f9],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3WebSvc, Quarantined, [516df8cb5328f4425811f4aba45e07f9],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3WebSvc.1.0, Quarantined, [516df8cb5328f4425811f4aba45e07f9],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}, Quarantined, [714dbe059fdcf1458dddcfd0c83a7d83],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.ProcessLauncher.1.0, Quarantined, [714dbe059fdcf1458dddcfd0c83a7d83],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.ProcessLauncher, Quarantined, [714dbe059fdcf1458dddcfd0c83a7d83],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.ProcessLauncher, Quarantined, [714dbe059fdcf1458dddcfd0c83a7d83],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.ProcessLauncher.1.0, Quarantined, [714dbe059fdcf1458dddcfd0c83a7d83],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}, Quarantined, [f9c520a364170531beadebb4c53dc43c],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachine.1.0, Quarantined, [f9c520a364170531beadebb4c53dc43c],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachine, Quarantined, [f9c520a364170531beadebb4c53dc43c],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachine, Quarantined, [f9c520a364170531beadebb4c53dc43c],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachine.1.0, Quarantined, [f9c520a364170531beadebb4c53dc43c],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}, Quarantined, [7747675cf08b2f0709638d1246bcb24e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLive.OneClickCtrl.9, Quarantined, [7747675cf08b2f0709638d1246bcb24e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLive.OneClickCtrl.9, Quarantined, [7747675cf08b2f0709638d1246bcb24e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}, Quarantined, [7747675cf08b2f0709638d1246bcb24e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}, Quarantined, [7747675cf08b2f0709638d1246bcb24e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}, Quarantined, [fdc1645fb3c8c96de18c7c23b54df60a],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0, Quarantined, [fdc1645fb3c8c96de18c7c23b54df60a],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLive.OneClickProcessLauncherMachine, Quarantined, [fdc1645fb3c8c96de18c7c23b54df60a],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLive.OneClickProcessLauncherMachine, Quarantined, [fdc1645fb3c8c96de18c7c23b54df60a],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0, Quarantined, [fdc1645fb3c8c96de18c7c23b54df60a],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{33BAF587-9647-4281-A34F-F4830CDC1B9F}, Quarantined, [fdc1645fb3c8c96de18c7c23b54df60a],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}, Quarantined, [f0ce4d768eedbe7877f7e7b808fafe02],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}, Quarantined, [1ca2497a75068fa72748188750b2b749],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [1ca2497a75068fa72748188750b2b749],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine, Quarantined, [1ca2497a75068fa72748188750b2b749],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine, Quarantined, [1ca2497a75068fa72748188750b2b749],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [1ca2497a75068fa72748188750b2b749],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}, Quarantined, [7747b40f205bbb7ba0d0e4bb2cd6ef11],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}, Quarantined, [8737784b93e8e4529ad7ecb36999a55b],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoreMachineClass.1, Quarantined, [8737784b93e8e4529ad7ecb36999a55b],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoreMachineClass, Quarantined, [8737784b93e8e4529ad7ecb36999a55b],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CoreMachineClass, Quarantined, [8737784b93e8e4529ad7ecb36999a55b],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CoreMachineClass.1, Quarantined, [8737784b93e8e4529ad7ecb36999a55b],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}, Quarantined, [26980ab9106b79bd4132d4cbcf337f81],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoreClass.1, Quarantined, [26980ab9106b79bd4132d4cbcf337f81],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoreClass, Quarantined, [26980ab9106b79bd4132d4cbcf337f81],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CoreClass, Quarantined, [26980ab9106b79bd4132d4cbcf337f81],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CoreClass.1, Quarantined, [26980ab9106b79bd4132d4cbcf337f81],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}, Quarantined, [8c32cff432491f174b29524de2208c74],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [8c32cff432491f174b29524de2208c74],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback, Quarantined, [8c32cff432491f174b29524de2208c74],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback, Quarantined, [8c32cff432491f174b29524de2208c74],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [8c32cff432491f174b29524de2208c74],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}, Quarantined, [02bc7c47e49753e37500118ee61c6e92],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLive.Update3WebControl.3, Quarantined, [02bc7c47e49753e37500118ee61c6e92],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLive.Update3WebControl.3, Quarantined, [02bc7c47e49753e37500118ee61c6e92],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C4BEF720-313C-420A-ACF6-77DD95D8F553}, Quarantined, [02bc7c47e49753e37500118ee61c6e92],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C4BEF720-313C-420A-ACF6-77DD95D8F553}, Quarantined, [02bc7c47e49753e37500118ee61c6e92],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}, Quarantined, [506e81423645082ea0d7029dd52db050],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoCreateAsync.1.0, Quarantined, [506e81423645082ea0d7029dd52db050],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CoCreateAsync, Quarantined, [506e81423645082ea0d7029dd52db050],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CoCreateAsync, Quarantined, [506e81423645082ea0d7029dd52db050],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CoCreateAsync.1.0, Quarantined, [506e81423645082ea0d7029dd52db050],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}, Quarantined, [dbe3675cbbc0b38384f4356a7e84c23e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0, Quarantined, [dbe3675cbbc0b38384f4356a7e84c23e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.CredentialDialogMachine, Quarantined, [dbe3675cbbc0b38384f4356a7e84c23e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CredentialDialogMachine, Quarantined, [dbe3675cbbc0b38384f4356a7e84c23e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0, Quarantined, [dbe3675cbbc0b38384f4356a7e84c23e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}, Quarantined, [26986063ef8c59dd1960900fe41e37c9],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}, Quarantined, [d7e7299a9cdf4de9b9c16a359c66a65a],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0, Quarantined, [d7e7299a9cdf4de9b9c16a359c66a65a],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachineFallback, Quarantined, [d7e7299a9cdf4de9b9c16a359c66a65a],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachineFallback, Quarantined, [d7e7299a9cdf4de9b9c16a359c66a65a],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0, Quarantined, [d7e7299a9cdf4de9b9c16a359c66a65a],
PUP.Optional.Babylon.A, HKU\S-1-5-21-1682701105-3862308186-3827129608-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [1da1bd063e3d0e288cc84d1799698878],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1231839B-064E-4788-B865-465A1B5266FD}, Quarantined, [06b8d9ea5d1eef47cff71a83ec16e917],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}, Quarantined, [d2ec457e6615c3737e48d4c95ba7857b],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2DAC2231-CC35-482B-97C5-CED1D4185080}, Quarantined, [d2ec457e6615c3737e48d4c95ba7857b],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}, Quarantined, [d2ec457e6615c3737e48d4c95ba7857b],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}, Quarantined, [d2ec457e6615c3737e48d4c95ba7857b],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}, Quarantined, [d2ec457e6615c3737e48d4c95ba7857b],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{57C91446-8D81-4156-A70E-624551442DE9}, Quarantined, [d2ec457e6615c3737e48d4c95ba7857b],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}, Quarantined, [d2ec457e6615c3737e48d4c95ba7857b],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}, Quarantined, [d2ec457e6615c3737e48d4c95ba7857b],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{97DD820D-2E20-40AD-B01E-6730B2FCE630}, Quarantined, [d2ec457e6615c3737e48d4c95ba7857b],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B177446D-54A4-4869-BABC-8566110B4BE0}, Quarantined, [d2ec457e6615c3737e48d4c95ba7857b],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}, Quarantined, [d2ec457e6615c3737e48d4c95ba7857b],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}, Quarantined, [d2ec457e6615c3737e48d4c95ba7857b],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F05B12E1-ADE8-4485-B45B-898748B53C37}, Quarantined, [d2ec457e6615c3737e48d4c95ba7857b],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Bonanza Deals, Quarantined, [e3db992a2f4ca88e5c18e23d0ff549b7],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64, Quarantined, [f1cd92312a51ee48ce8387b06f95c838],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\CLASSES\APPID\BonanzaDealsLive.exe, Quarantined, [5a646c57d8a375c1cfa8998672926b95],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BonanzaDealsLive.exe, Quarantined, [734bd8ebcdaec472f48941de8c785ba5],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\BonanzaDealsLive, Quarantined, [9b2313b0c2b9a69077052df2c2423ec2],
PUP.Optional.Whilokii.A, HKLM\SOFTWARE\WOW6432NODE\Whilokii, Quarantined, [3688675c4833e35334c357d747bdae52],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\BONANZADEALS, Quarantined, [cfef299ae89334029dde66b955af827e],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\BonanzaDealsLive.exe, Quarantined, [1aa4efd499e285b1ef8862bd778d0cf4],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BonanzaDealsLive.exe, Quarantined, [4579467dcbb00432ccb1a37cb84c2ad6],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.bdupdater.com/BonanzaDealsLive Update;version=3, Quarantined, [ab1330933b402412205ea37cda2a31cf],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.bdupdater.com/BonanzaDealsLive Update;version=9, Quarantined, [8c322c9791ea3ef8e09e091662a234cc],
PUP.Optional.BitGuard.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BITGUARD, Quarantined, [04ba3390abd0dc5ad9d341da7b89ef11],
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-1682701105-3862308186-3827129608-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BonanzaDealsLive, Quarantined, [b509903313681323b9c1150a4bb9cb35],
PUP.Optional.Whilokii.A, HKU\S-1-5-21-1682701105-3862308186-3827129608-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Whilokii, Quarantined, [10aefec56f0ccc6aa155e14dde26ee12],
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-1682701105-3862308186-3827129608-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BONANZADEALS, Quarantined, [1da1774c433886b04b2e22fd8183f20e],
PUP.Optional.Updater.A, HKU\S-1-5-21-1682701105-3862308186-3827129608-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UpdaterEX, Quarantined, [7c42348fe09b31053ebc05c9e220728e],

Registry Values: 3
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\BONANZADEALS|ChromeCrxPath, C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx, Quarantined, [cfef299ae89334029dde66b955af827e]
PUP.Optional.BitGuard.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BITGUARD|ImagePath, C:\ProgramData\BitGuard\2.6.1694.246\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe, Quarantined, [04ba3390abd0dc5ad9d341da7b89ef11]
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-1682701105-3862308186-3827129608-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BONANZADEALS|ChromeCrxPath, C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx, Quarantined, [1da1774c433886b04b2e22fd8183f20e]

Registry Data: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[289680431f5cac8a86a46f5632d216ea]

Folders: 9
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals, Quarantined, [e3db992a2f4ca88e5c18e23d0ff549b7],
PUP.Optional.BonanzaDeals.A, C:\Users\Wolfgang und Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals, Quarantined, [6f4f09ba2556979f2e47fe210bf9e51b],
PUP.Optional.Delta.A, C:\Users\Wolfgang und Anne\AppData\Local\Temp\mt_ffx\Delta, Quarantined, [a717bf04e497b68093a2b6fb976b8080],
PUP.Optional.Delta.A, C:\Users\Wolfgang und Anne\AppData\Local\Temp\mt_ffx\Delta\delta, Quarantined, [a717bf04e497b68093a2b6fb976b8080],
PUP.Optional.Delta.A, C:\Users\Wolfgang und Anne\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.24.6, Quarantined, [a717bf04e497b68093a2b6fb976b8080],
PUP.Optional.BonanzaDeals.A, C:\Users\Wolfgang und Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj, Quarantined, [bd01705336451125b3592f83d42e8e72],
PUP.Optional.BonanzaDeals.A, C:\Users\Wolfgang und Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0, Quarantined, [bd01705336451125b3592f83d42e8e72],
PUP.Optional.BonanzaDeals.A, C:\Users\Wolfgang und Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images, Quarantined, [bd01705336451125b3592f83d42e8e72],
PUP.Optional.Updater.A, C:\Users\Wolfgang und Anne\AppData\Roaming\UpdaterEX\UpdateProc, Quarantined, [7c42348fe09b31053ebc05c9e220728e],

Files: 47
PUP.Optional.Whilokii.A, C:\Program Files (x86)\Whilokii\updateWhilokii.exe, Delete-on-Reboot, [a618665d13681d19e66d6df29b668f71],
PUP.Optional.Whilokii.A, C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe, Delete-on-Reboot, [97273d864c2f34029ab9372805fc827e],
PUP.Optional.PayByAds.A, C:\Users\Wolfgang und Anne\AppData\Local\Temp\dsrlte.exe, Quarantined, [b5093b88a4d783b3df7431c2dd27af51],
PUP.Optional.Babylon.A, C:\Users\Wolfgang und Anne\AppData\Local\Temp\56C41213-BAB0-7891-848A-794D9950EB08\Latest\BExternal.dll, Quarantined, [3e8011b21c5f1c1a3cc95ac90000eb15],
PUP.Optional.Conduit.A, C:\Users\Wolfgang und Anne\AppData\Local\Temp\56C41213-BAB0-7891-848A-794D9950EB08\Latest\ccp.exe, Quarantined, [3e8042810f6c261066bec16ab0518779],
PUP.Optional.Babylon.A, C:\Users\Wolfgang und Anne\AppData\Local\Temp\56C41213-BAB0-7891-848A-794D9950EB08\Latest\CrxInstaller.dll, Quarantined, [35896e55e992cb6baca13be823de916f],
PUP.Optional.Delta.A, C:\Users\Wolfgang und Anne\AppData\Local\Temp\56C41213-BAB0-7891-848A-794D9950EB08\Latest\DSearchLink.exe, Quarantined, [26984182d1aac670251f621d758fbb45],
PUP.Optional.Babylon.A, C:\Users\Wolfgang und Anne\AppData\Local\Temp\56C41213-BAB0-7891-848A-794D9950EB08\Latest\MntrDLLInstall.dll, Quarantined, [8737576c205ba59125299b885da414ec],
PUP.Optional.Delta.A, C:\Users\Wolfgang und Anne\AppData\Local\Temp\56C41213-BAB0-7891-848A-794D9950EB08\Latest\MyDeltaTB.exe, Quarantined, [0db1418299e2c76f63f9ea908d74db25],
PUP.Optional.Babylon.A, C:\Users\Wolfgang und Anne\AppData\Local\Temp\56C41213-BAB0-7891-848A-794D9950EB08\Latest\Setup.exe, Quarantined, [18a65f64a1da9b9bb1f64fd2e51bd729],
PUP.Optional.CRX.A, C:\Users\Wolfgang und Anne\AppData\Local\Temp\bus5763\CrxUpdater_d.exe, Quarantined, [3e80853eff7c1a1c67d57111768ec33d],
PUP.Optional.Babylon.A, C:\Users\Wolfgang und Anne\AppData\Local\Temp\is1275519350\366719373_stp\DeltaTB.exe, Quarantined, [fac4348f98e3d75f9b89aa6637caa25e],
PUP.Optional.Wajam.A, C:\Users\Wolfgang und Anne\AppData\Local\Temp\is1275519350\366719389_stp\wajam_download.exe, Quarantined, [e8d6f5cef48741f5fc1cfe490ef2eb15],
PUP.Optional.BonanzaDeals.A, C:\Users\Wolfgang und Anne\AppData\Local\Temp\is1275519350\366719549_stp\bd.exe, Quarantined, [3b83a91ab4c7f73f8d724ce0ec15bd43],
PUP.Optional.Elex, C:\Users\Wolfgang und Anne\AppData\Local\Temp\is1275519350\366809900_stp\cor_ar_201392319852_qvo6.exe, Quarantined, [9628477cc9b2ca6c98db859cbb45669a],
PUP.Optional.Elex, C:\Users\Wolfgang und Anne\AppData\Local\Temp\is1275519350\366906043_stp\cor_ar_201392319852_qvo6.exe, Quarantined, [e0de81423348f34382f12af757a9d030],
PUP.Optional.InstallCore, C:\Users\Wolfgang und Anne\Downloads\SkypeSetup(1).exe, Quarantined, [9e2002c1a9d2a1959efff58c986c817f],
PUP.Optional.BonanzaDeals.A, C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore, Quarantined, [06b8824123583006de906f6fa959bb45],
PUP.Optional.BonanzaDeals.A, C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA, Quarantined, [8c32447f6c0f74c2422c518dd230e818],
PUP.Optional.BonanzaDeals.A, C:\Windows\System32\Tasks\BonanzaDealsUpdate, Quarantined, [e3db8142d6a5979facc203dbfd05cb35],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.crx, Quarantined, [e3db992a2f4ca88e5c18e23d0ff549b7],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals\BonanzaDeals.xpi, Quarantined, [e3db992a2f4ca88e5c18e23d0ff549b7],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll, Quarantined, [e3db992a2f4ca88e5c18e23d0ff549b7],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE64.dll, Quarantined, [e3db992a2f4ca88e5c18e23d0ff549b7],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals\BonanzaDealsUpdate.exe, Quarantined, [e3db992a2f4ca88e5c18e23d0ff549b7],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals\BonanzaDealsUpdate.log, Quarantined, [e3db992a2f4ca88e5c18e23d0ff549b7],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals\BonanzaDealsUpdateRun.exe, Quarantined, [e3db992a2f4ca88e5c18e23d0ff549b7],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals\icon.ico, Quarantined, [e3db992a2f4ca88e5c18e23d0ff549b7],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals\uninst.exe, Quarantined, [e3db992a2f4ca88e5c18e23d0ff549b7],
PUP.Optional.BonanzaDeals.A, C:\Users\Wolfgang und Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals\Bonanza Deals Help.url, Quarantined, [6f4f09ba2556979f2e47fe210bf9e51b],
PUP.Optional.BonanzaDeals.A, C:\Users\Wolfgang und Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals\Bonanza Deals.url, Quarantined, [6f4f09ba2556979f2e47fe210bf9e51b],
PUP.Optional.BonanzaDeals.A, C:\Users\Wolfgang und Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals\Uninstall Bonanza Deals.lnk, Quarantined, [6f4f09ba2556979f2e47fe210bf9e51b],
PUP.Optional.BonanzaDeals.A, C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job, Quarantined, [724cc201324963d35d19140b9e66f20e],
PUP.Optional.BonanzaDeals.A, C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job, Quarantined, [823cfac915669b9bda9ca7783dc748b8],
PUP.Optional.Sanbreel.A, C:\Windows\System32\Drivers\{fed5e6b2-4fc4-43ba-8e95-001d959d8008}w64.sys, Quarantined, [f1cd92312a51ee48ce8387b06f95c838],
PUP.Optional.BonanzaDeals.A, C:\Users\Wolfgang und Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\background.js, Quarantined, [bd01705336451125b3592f83d42e8e72],
PUP.Optional.BonanzaDeals.A, C:\Users\Wolfgang und Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\info.txt, Quarantined, [bd01705336451125b3592f83d42e8e72],
PUP.Optional.BonanzaDeals.A, C:\Users\Wolfgang und Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\manifest.json, Quarantined, [bd01705336451125b3592f83d42e8e72],
PUP.Optional.BonanzaDeals.A, C:\Users\Wolfgang und Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images\icon128.png, Quarantined, [bd01705336451125b3592f83d42e8e72],
PUP.Optional.BonanzaDeals.A, C:\Users\Wolfgang und Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images\icon16.png, Quarantined, [bd01705336451125b3592f83d42e8e72],
PUP.Optional.BonanzaDeals.A, C:\Users\Wolfgang und Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\images\icon48.png, Quarantined, [bd01705336451125b3592f83d42e8e72],
PUP.Optional.Updater.A, C:\Users\Wolfgang und Anne\AppData\Roaming\UpdaterEX\UpdateProc\config.dat, Quarantined, [7c42348fe09b31053ebc05c9e220728e],
PUP.Optional.Updater.A, C:\Users\Wolfgang und Anne\AppData\Roaming\UpdaterEX\UpdateProc\info.dat, Quarantined, [7c42348fe09b31053ebc05c9e220728e],
PUP.Optional.Updater.A, C:\Users\Wolfgang und Anne\AppData\Roaming\UpdaterEX\UpdateProc\prod.dat, Quarantined, [7c42348fe09b31053ebc05c9e220728e],
PUP.Optional.Updater.A, C:\Users\Wolfgang und Anne\AppData\Roaming\UpdaterEX\UpdateProc\STTL.DAT, Quarantined, [7c42348fe09b31053ebc05c9e220728e],
PUP.Optional.Updater.A, C:\Users\Wolfgang und Anne\AppData\Roaming\UpdaterEX\UpdateProc\TTL.DAT, Quarantined, [7c42348fe09b31053ebc05c9e220728e],
PUP.Optional.Updater.A, C:\Users\Wolfgang und Anne\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe, Quarantined, [7c42348fe09b31053ebc05c9e220728e],

Physical Sectors: 0
(No malicious items detected)


(end)
AdwCleaner Logfile:
Code:
# AdwCleaner v3.303 - Bericht erstellt am 07/08/2014 um 15:47:53
# Aktualisiert 06/08/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Wolfgang und Anne - WOLFGANG
# Gestartet von : C:\Users\Wolfgang und Anne\Downloads\adwcleaner_3.303.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Whilokii
Ordner Gelöscht : C:\Users\WOLFGA~1\AppData\Local\Temp\mt_ffx
Ordner Gelöscht : C:\Users\Wolfgang und Anne\AppData\Roaming\UpdaterEX
Datei Gelöscht : C:\Users\Wolfgang und Anne\AppData\Roaming\Mozilla\Firefox\Profiles\wldm4hs5.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}.xpi

***** [ Tasks ] *****

Task Gelöscht : BonanzaDealsUpdate
Task Gelöscht : UpdaterEX

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Wolfgang und Anne\Desktop\Search.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\d
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updatewhilokii_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKCU\Software\UpdaterEX
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Whilokii
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.17028


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Wolfgang und Anne\AppData\Roaming\Mozilla\Firefox\Profiles\wldm4hs5.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [17680 octets] - [29/09/2013 22:38:44]
AdwCleaner[R1].txt - [2990 octets] - [07/08/2014 15:46:29]
AdwCleaner[S0].txt - [15142 octets] - [29/09/2013 22:40:01]
AdwCleaner[S1].txt - [2742 octets] - [07/08/2014 15:47:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2802 octets] ##########
--- --- ---

JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Wolfgang und Anne on 07.08.2014 at 15:52:49,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1682701105-3862308186-3827129608-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update whilokii



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.08.2014 at 15:58:32,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Und hier noch ESET

Code:
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe.vir        Win32/DealPly.L evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLive.exe.vir        Win32/DealPly.L evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveBroker.exe.vir        Win32/DealPly.L evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveHandler.exe.vir        Win32/DealPly.L evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveOnDemand.exe.vir        Variante von Win32/DealPly.L evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\goopdate.dll.vir        Win32/DealPly.L evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir        Win32/DealPly.N evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\psmachine.dll.vir        Win32/DealPly.L evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\psuser.dll.vir        Variante von Win32/DealPly.L evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\delta\delta\1.8.24.6\deltaApp.dll.vir        Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\delta\delta\1.8.24.6\deltaEng.dll.vir        möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\delta\delta\1.8.24.6\deltasrv.exe.vir        Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\delta\delta\1.8.24.6\deltaTlbr.dll.vir        Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\delta\delta\1.8.24.6\uninstall.exe.vir        Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\delta\delta\1.8.24.6\bh\delta.dll.vir        Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\IE\priam_bho.dll.vir        Variante von Win32/Wajam.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wajam\Updater\WajamUpdater.exe.vir        Win32/Wajam.A evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\WhilokiiUn.exe.vir        möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\Whilokii.BrowserAdapter.exe.vir        Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\Whilokii.BRT.Helper.exe.vir        Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\WhilokiiBAApp.dll.vir        Win32/BrowseFox.N evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\{fed5e6b2-4fc4-43ba-8e95-001d959d8008}.dll.vir        Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\plugins\Whilokii.Bromon.dll.vir        Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\plugins\Whilokii.BroStats.dll.vir        Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\plugins\Whilokii.BrowserAdapter.dll.vir        möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\plugins\Whilokii.BrowserAdapterS.dll.vir        möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\plugins\Whilokii.BRT.dll.vir        Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\plugins\Whilokii.CompatibilityChecker.dll.vir        Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\plugins\Whilokii.FeSvc.dll.vir        Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\plugins\Whilokii.FFUpdate.dll.vir        Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\plugins\Whilokii.IEUpdate.dll.vir        Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\plugins\Whilokii.OfSvc.dll.vir        Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\plugins\Whilokii.PurBrowse.dll.vir        Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\plugins\Whilokii.PurBrowseG.dll.vir        Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Whilokii\bin\plugins\Whilokii.Repmon.dll.vir        Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir        Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Wolfgang und Anne\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir        Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Wolfgang und Anne\AppData\Roaming\Mozilla\Firefox\Profiles\wldm4hs5.default\Extensions\ffxtlbr@delta.com\uninstall.exe.vir        Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung
C:\Users\Wolfgang und Anne\AppData\Local\Temp\56C41213-BAB0-7891-848A-794D9950EB08\Latest\BabMaint.exe        Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung
C:\Users\Wolfgang und Anne\AppData\Local\Temp\56C41213-BAB0-7891-848A-794D9950EB08\Latest\IEHelper.dll        Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung
C:\Users\Wolfgang und Anne\AppData\Local\Temp\is1275519350\366719332_stp\wajam_validate.exe        Win32/Wajam.F evtl. unerwünschte Anwendung
C:\Users\Wolfgang und Anne\AppData\Local\Temp\is1275519350\366809812_stp\wajam_validate.exe        Win32/Wajam.F evtl. unerwünschte Anwendung
C:\Users\Wolfgang und Anne\AppData\Local\Temp\is1275519350\366854570_stp\wajam_validate.exe        Win32/Wajam.F evtl. unerwünschte Anwendung
C:\Users\Wolfgang und Anne\AppData\Local\Temp\is1275519350\366905956_stp\wajam_validate.exe        Win32/Wajam.F evtl. unerwünschte Anwendung
C:\Users\Wolfgang und Anne\AppData\Local\Temp\is1275519350\366906226_stp\whilokii_is.exe        Win32/BrowseFox.C evtl. unerwünschte Anwendung

schrauber 08.08.2014 13:25
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


StephanL 08.08.2014 15:43
Hi, also hier die Logdateien:

FRST.txt:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2014
Ran by Wolfgang und Anne (administrator) on WOLFGANG on 08-08-2014 16:38:24
Running from C:\Users\Wolfgang und Anne\Downloads
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Mozilla Corporation) C:\Program Files (x86)\Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [11229696 2012-09-18] (Dell Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-07-10] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {B0F70CAC-ED2A-44BA-B8DA-B2590975421A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - {B0F70CAC-ED2A-44BA-B8DA-B2590975421A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {E2E8FB6F-D5AA-4FD9-B821-8344A1233128} URL = hxxp://rts.dsrlte.com/?q={searchTerms}&r=494
SearchScopes: HKCU - {B0F70CAC-ED2A-44BA-B8DA-B2590975421A} URL =
SearchScopes: HKCU - {E2E8FB6F-D5AA-4FD9-B821-8344A1233128} URL = hxxp://rts.dsrlte.com/?q={searchTerms}&r=494
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Wolfgang und Anne\AppData\Roaming\Mozilla\Firefox\Profiles\wldm4hs5.default
FF NewTab: user_pref("browser.newtab.url", "");
FF Homepage: https://www.google.de/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\Wolfgang und Anne\AppData\Roaming\Mozilla\Firefox\Profiles\wldm4hs5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-21]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Firefox\firefox.exe

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-07-10] (AVG Technologies CZ, s.r.o.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2227992 2012-10-02] (Broadcom Corporation.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6334464 2012-09-18] (Dell Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [169240 2012-10-02] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6834760 2012-09-13] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
S3 iscFlash; C:\Users\Wolfgang und Anne\AppData\Local\Temp\7zS6B52.tmp\iscflashx64.sys [58464 2012-07-12] (Insyde Software)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 16:38 - 2014-08-08 16:38 - 00013038 _____ () C:\Users\Wolfgang und Anne\Downloads\FRST.txt
2014-08-08 16:38 - 2014-08-08 16:38 - 00000000 ____D () C:\FRST
2014-08-08 16:37 - 2014-08-08 16:37 - 02094080 _____ (Farbar) C:\Users\Wolfgang und Anne\Downloads\FRST64.exe
2014-08-07 17:33 - 2014-08-07 17:33 - 00006830 _____ () C:\Users\Wolfgang und Anne\Desktop\ESET.txt
2014-08-07 16:03 - 2014-08-07 16:03 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-07 16:02 - 2014-08-07 16:02 - 02347384 _____ (ESET) C:\Users\Wolfgang und Anne\Desktop\esetsmartinstaller_deu.exe
2014-08-07 15:58 - 2014-08-07 15:58 - 00000942 _____ () C:\Users\Wolfgang und Anne\Desktop\JRT.txt
2014-08-07 15:52 - 2014-08-07 15:52 - 00000000 ____D () C:\Windows\ERUNT
2014-08-07 15:50 - 2014-08-07 15:50 - 00002902 _____ () C:\Users\Wolfgang und Anne\Desktop\AdwCleaner[S1].txt
2014-08-07 15:45 - 2014-08-07 15:45 - 01475072 _____ () C:\Users\Wolfgang und Anne\Downloads\adwcleaner_3.303.exe
2014-08-07 15:41 - 2014-08-07 15:41 - 00029763 _____ () C:\Users\Wolfgang und Anne\Desktop\MWAB814.txt
2014-08-07 13:34 - 2014-08-07 15:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 13:34 - 2014-08-07 13:34 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-07 13:34 - 2014-08-07 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-07 13:34 - 2014-08-07 13:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-07 13:34 - 2014-08-07 13:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-07 13:34 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-07 13:34 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-07 13:34 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-07 13:33 - 2014-08-07 13:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Wolfgang und Anne\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-07 13:01 - 2014-08-07 13:01 - 00000000 ____D () C:\Users\Wolfgang und Anne\AppData\Roaming\AVG2014
2014-08-07 12:59 - 2014-08-07 12:59 - 00000983 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-07 12:59 - 2014-08-07 12:59 - 00000000 ____D () C:\Users\Wolfgang und Anne\AppData\Roaming\TuneUp Software
2014-08-07 12:59 - 2014-08-07 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-07 12:58 - 2014-08-07 12:59 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-07 12:58 - 2014-08-07 12:58 - 00000000 ___HD () C:\$AVG
2014-08-07 12:58 - 2014-08-07 12:58 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-08-07 12:55 - 2014-08-07 17:57 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-07 12:55 - 2014-08-07 13:00 - 00000000 ____D () C:\Users\Wolfgang und Anne\AppData\Local\Avg2014
2014-08-07 12:55 - 2014-08-07 12:55 - 00000000 ____D () C:\Users\Wolfgang und Anne\AppData\Local\MFAData
2014-08-07 12:32 - 2014-01-19 09:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-07 12:25 - 2014-08-07 12:28 - 156406824 _____ (AVG Technologies) C:\Users\Wolfgang und Anne\Downloads\avg_free_x86_all_2014_4744a7830.exe
2014-08-07 11:34 - 2014-08-07 11:34 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-08-05 12:08 - 2014-08-05 12:08 - 00000000 ____D () C:\Users\Wolfgang und Anne\AppData\Roaming\BRT
2014-07-20 19:25 - 2014-07-20 19:25 - 00292200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-16 04:43 - 2014-06-26 22:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-16 04:43 - 2014-06-26 22:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-16 04:40 - 2014-07-16 04:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 05:12 - 2014-07-12 21:09 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 05:12 - 2014-07-12 21:09 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 05:12 - 2014-07-12 21:09 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 05:12 - 2014-07-12 21:07 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-10 05:12 - 2014-07-12 21:06 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-10 05:12 - 2014-07-12 21:06 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-10 05:12 - 2014-07-12 21:06 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-10 05:12 - 2014-07-12 21:06 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-10 05:12 - 2014-07-12 21:06 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-10 05:12 - 2014-07-12 21:06 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-10 05:12 - 2014-07-12 21:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 05:12 - 2014-07-12 21:06 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-10 05:12 - 2014-07-12 21:06 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 05:12 - 2014-07-12 21:06 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-10 05:12 - 2014-02-08 06:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-10 05:11 - 2014-07-12 21:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 05:11 - 2014-07-12 21:08 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 05:11 - 2014-07-12 21:08 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-10 05:11 - 2014-07-12 21:08 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 05:11 - 2014-07-12 21:08 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-10 05:11 - 2014-07-12 21:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-10 05:11 - 2014-07-12 21:08 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-10 05:11 - 2014-07-12 21:08 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-07-10 05:11 - 2014-07-12 21:06 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 05:11 - 2014-07-12 21:06 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 05:11 - 2014-07-12 21:06 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 05:11 - 2014-07-12 21:06 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 05:11 - 2014-07-12 21:06 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 05:11 - 2014-07-12 21:06 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 05:11 - 2014-07-12 21:06 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 05:11 - 2014-07-12 21:06 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 05:11 - 2014-07-12 21:05 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 05:11 - 2014-07-12 21:05 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 05:11 - 2014-07-12 21:05 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 05:10 - 2014-07-12 21:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 05:10 - 2014-07-12 21:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 05:10 - 2014-07-12 21:06 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 05:10 - 2014-07-12 21:06 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 05:10 - 2014-07-12 21:06 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 05:10 - 2014-07-12 21:06 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 05:10 - 2014-07-12 21:06 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-10 05:10 - 2014-07-12 21:06 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-10 05:10 - 2014-07-12 21:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-10 05:10 - 2014-07-12 21:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-10 05:10 - 2014-07-12 21:06 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 05:10 - 2014-07-12 21:06 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 05:10 - 2014-07-12 21:06 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 05:10 - 2014-07-12 21:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 05:10 - 2014-07-12 21:06 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-10 05:10 - 2014-07-12 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 05:10 - 2014-07-12 21:06 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-10 05:10 - 2014-07-12 21:06 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 05:10 - 2014-07-12 21:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-10 05:10 - 2014-07-12 21:06 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 05:10 - 2014-07-12 21:05 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 05:10 - 2014-07-12 21:05 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 05:10 - 2014-07-12 21:05 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 05:10 - 2014-07-12 21:05 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 05:10 - 2014-07-12 21:05 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 05:10 - 2014-07-12 21:05 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 05:10 - 2014-07-12 21:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-10 05:10 - 2014-07-12 21:05 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 05:10 - 2014-07-12 21:05 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 05:10 - 2014-07-12 21:05 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 05:10 - 2014-07-12 21:05 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 05:10 - 2014-07-12 21:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 05:10 - 2014-07-12 21:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 05:10 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 05:10 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 16:38 - 2014-08-08 16:38 - 00013038 _____ () C:\Users\Wolfgang und Anne\Downloads\FRST.txt
2014-08-08 16:38 - 2014-08-08 16:38 - 00000000 ____D () C:\FRST
2014-08-08 16:37 - 2014-08-08 16:37 - 02094080 _____ (Farbar) C:\Users\Wolfgang und Anne\Downloads\FRST64.exe
2014-08-08 16:37 - 2013-04-01 08:48 - 01961624 _____ () C:\Windows\WindowsUpdate.log
2014-08-08 16:36 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-08 08:29 - 2013-04-01 09:18 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-08-07 20:07 - 2013-04-07 16:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-07 17:57 - 2014-08-07 12:55 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-07 17:33 - 2014-08-07 17:33 - 00006830 _____ () C:\Users\Wolfgang und Anne\Desktop\ESET.txt
2014-08-07 16:03 - 2014-08-07 16:03 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-07 16:02 - 2014-08-07 16:02 - 02347384 _____ (ESET) C:\Users\Wolfgang und Anne\Desktop\esetsmartinstaller_deu.exe
2014-08-07 15:58 - 2014-08-07 15:58 - 00000942 _____ () C:\Users\Wolfgang und Anne\Desktop\JRT.txt
2014-08-07 15:56 - 2012-07-26 12:27 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-08-07 15:56 - 2012-07-26 12:27 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-08-07 15:56 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-07 15:52 - 2014-08-07 15:52 - 00000000 ____D () C:\Windows\ERUNT
2014-08-07 15:50 - 2014-08-07 15:50 - 00002902 _____ () C:\Users\Wolfgang und Anne\Desktop\AdwCleaner[S1].txt
2014-08-07 15:49 - 2013-04-01 08:34 - 00064602 _____ () C:\Windows\PFRO.log
2014-08-07 15:49 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-07 15:48 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-07 15:47 - 2013-09-29 22:38 - 00000000 ____D () C:\AdwCleaner
2014-08-07 15:47 - 2013-09-29 21:56 - 00000601 _____ () C:\Users\Wolfgang und Anne\Desktop\Search.lnk
2014-08-07 15:45 - 2014-08-07 15:45 - 01475072 _____ () C:\Users\Wolfgang und Anne\Downloads\adwcleaner_3.303.exe
2014-08-07 15:41 - 2014-08-07 15:41 - 00029763 _____ () C:\Users\Wolfgang und Anne\Desktop\MWAB814.txt
2014-08-07 15:41 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-08-07 15:22 - 2014-08-07 13:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-07 15:21 - 2013-04-01 09:15 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-07 15:12 - 2012-07-26 07:26 - 00000226 _____ () C:\Windows\win.ini
2014-08-07 13:34 - 2014-08-07 13:34 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-07 13:34 - 2014-08-07 13:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-07 13:34 - 2014-08-07 13:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-07 13:34 - 2014-08-07 13:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-07 13:33 - 2014-08-07 13:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Wolfgang und Anne\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-07 13:04 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-07 13:01 - 2014-08-07 13:01 - 00000000 ____D () C:\Users\Wolfgang und Anne\AppData\Roaming\AVG2014
2014-08-07 13:00 - 2014-08-07 12:55 - 00000000 ____D () C:\Users\Wolfgang und Anne\AppData\Local\Avg2014
2014-08-07 12:59 - 2014-08-07 12:59 - 00000983 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-07 12:59 - 2014-08-07 12:59 - 00000000 ____D () C:\Users\Wolfgang und Anne\AppData\Roaming\TuneUp Software
2014-08-07 12:59 - 2014-08-07 12:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-08-07 12:59 - 2014-08-07 12:58 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-07 12:59 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-08-07 12:58 - 2014-08-07 12:58 - 00000000 ___HD () C:\$AVG
2014-08-07 12:58 - 2014-08-07 12:58 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-08-07 12:55 - 2014-08-07 12:55 - 00000000 ____D () C:\Users\Wolfgang und Anne\AppData\Local\MFAData
2014-08-07 12:28 - 2014-08-07 12:25 - 156406824 _____ (AVG Technologies) C:\Users\Wolfgang und Anne\Downloads\avg_free_x86_all_2014_4744a7830.exe
2014-08-07 11:34 - 2014-08-07 11:34 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-08-07 11:34 - 2012-07-26 09:21 - 00018186 _____ () C:\Windows\setupact.log
2014-08-05 12:08 - 2014-08-05 12:08 - 00000000 ____D () C:\Users\Wolfgang und Anne\AppData\Roaming\BRT
2014-08-01 12:19 - 2014-07-03 01:48 - 00000000 ____D () C:\Program Files (x86)\Firefox
2014-07-29 06:24 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-07-23 06:53 - 2014-04-19 12:43 - 00001104 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-07-23 06:53 - 2014-04-19 12:43 - 00001092 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-07-20 19:25 - 2014-07-20 19:25 - 00292200 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-19 11:04 - 2013-12-19 20:59 - 00000176 _____ () C:\Users\Wolfgang und Anne\AppData\Roaming\WB.CFG
2014-07-16 16:24 - 2013-04-07 17:50 - 00000000 ____D () C:\Users\Wolfgang und Anne\AppData\Roaming\PCDr
2014-07-16 05:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-07-16 04:40 - 2014-07-16 04:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-16 04:40 - 2014-07-07 06:05 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-16 04:40 - 2014-07-07 06:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-16 04:40 - 2014-07-07 06:05 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-16 04:40 - 2014-07-07 06:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-16 04:40 - 2012-07-26 12:29 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-16 04:40 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-16 04:40 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-16 04:40 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-07-16 04:40 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-16 04:39 - 2014-07-07 06:05 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-16 04:39 - 2014-07-07 06:05 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-16 04:39 - 2014-07-07 06:05 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-16 04:39 - 2014-07-07 06:05 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-16 04:39 - 2014-07-07 06:05 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-07-16 04:39 - 2014-07-07 06:05 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-07-16 04:39 - 2014-07-07 06:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-16 04:39 - 2014-07-07 06:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-16 04:39 - 2014-07-07 06:05 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-12 21:09 - 2014-07-10 05:12 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-12 21:09 - 2014-07-10 05:12 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-12 21:09 - 2014-07-10 05:12 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-12 21:08 - 2014-07-10 05:11 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-12 21:08 - 2014-07-10 05:11 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-12 21:08 - 2014-07-10 05:11 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-12 21:08 - 2014-07-10 05:11 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-12 21:08 - 2014-07-10 05:11 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-12 21:08 - 2014-07-10 05:11 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-12 21:08 - 2014-07-10 05:11 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-12 21:08 - 2014-07-10 05:11 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-07-12 21:07 - 2014-07-10 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-12 21:06 - 2014-07-10 05:12 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-12 21:06 - 2014-07-10 05:12 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-12 21:06 - 2014-07-10 05:12 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-12 21:06 - 2014-07-10 05:12 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-12 21:06 - 2014-07-10 05:12 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-12 21:06 - 2014-07-10 05:12 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-12 21:06 - 2014-07-10 05:12 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-12 21:06 - 2014-07-10 05:12 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-12 21:06 - 2014-07-10 05:12 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-12 21:06 - 2014-07-10 05:12 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-12 21:06 - 2014-07-10 05:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-12 21:06 - 2014-07-10 05:11 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-12 21:06 - 2014-07-10 05:11 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-12 21:06 - 2014-07-10 05:11 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-12 21:06 - 2014-07-10 05:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-12 21:06 - 2014-07-10 05:11 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-12 21:06 - 2014-07-10 05:11 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-12 21:06 - 2014-07-10 05:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-12 21:06 - 2014-07-10 05:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-12 21:06 - 2014-07-10 05:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-12 21:06 - 2014-07-10 05:10 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-12 21:06 - 2014-07-10 05:10 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-12 21:06 - 2014-07-10 05:10 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-12 21:06 - 2014-07-10 05:10 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-12 21:06 - 2014-07-10 05:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-12 21:06 - 2014-07-10 05:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-12 21:06 - 2014-07-10 05:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-12 21:06 - 2014-07-10 05:10 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-12 21:06 - 2014-07-10 05:10 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-12 21:06 - 2014-07-10 05:10 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-12 21:06 - 2014-07-10 05:10 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-12 21:06 - 2014-07-10 05:10 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-12 21:06 - 2014-07-10 05:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-12 21:06 - 2014-07-10 05:10 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-12 21:06 - 2014-07-10 05:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-12 21:06 - 2014-07-10 05:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-12 21:06 - 2014-07-10 05:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-12 21:06 - 2014-07-10 05:10 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-12 21:05 - 2014-07-10 05:11 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-12 21:05 - 2014-07-10 05:11 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-12 21:05 - 2014-07-10 05:11 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-12 21:05 - 2014-07-10 05:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-12 21:05 - 2014-07-10 05:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-12 21:05 - 2014-07-10 05:10 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-12 21:05 - 2014-07-10 05:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-12 21:05 - 2014-07-10 05:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-12 21:05 - 2014-07-10 05:10 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-12 21:05 - 2014-07-10 05:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-12 21:05 - 2014-07-10 05:10 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-12 21:05 - 2014-07-10 05:10 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-12 21:05 - 2014-07-10 05:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-12 21:05 - 2014-07-10 05:10 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-12 21:05 - 2014-07-10 05:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-12 21:05 - 2014-07-10 05:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-12 00:07 - 2013-04-06 17:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-10 05:32 - 2013-08-15 17:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 05:30 - 2013-04-07 07:20 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 09:07 - 2013-04-07 16:07 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\Wolfgang und Anne\AppData\Local\Temp\Quarantine.exe
C:\Users\Wolfgang und Anne\AppData\Local\Temp\Sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 13:28

==================== End Of Log ============================
--- --- ---


und Addition.txt:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2014
Ran by Wolfgang und Anne at 2014-08-08 16:39:16
Running from C:\Users\Wolfgang und Anne\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4744 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4744 - AVG Technologies) Hidden
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.59.74 - Dell Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.3900 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

20-07-2014 05:33:55 Geplanter Prüfpunkt
29-07-2014 05:30:01 Geplanter Prüfpunkt
07-08-2014 09:58:41 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1BCD747F-C5D2-4EC8-84CA-64EC45C25E93} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3FEA1B20-439D-4FCA-A25F-F4094679C466} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {79A6FB24-A10A-4600-8971-1605CBF65972} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-10] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AA9354D8-D58F-4CE8-8914-090C386DC991} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {AAF185B3-7C66-4C3F-989E-7DFE46E0747A} - System32\Tasks\{308B79FA-0FF8-4E60-BD15-3EDFE8F3F8EF} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.6.0.106&LastError=12002
Task: {B3FEFBF5-7A1C-4083-BDCD-481889D8B815} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {C1C49D87-A3CD-41CB-9497-7394C8D04AA9} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-10-29 19:00 - 2012-10-29 19:00 - 00047480 _____ () c:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2013-04-01 09:12 - 2012-04-25 04:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-06-01 19:28 - 2013-06-01 19:28 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-04-01 17:41 - 2012-10-16 12:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-07-06 18:09 - 2013-04-20 00:51 - 00023328 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-07-06 18:09 - 2013-04-20 00:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2014-04-10 14:30 - 2014-04-10 14:30 - 00134664 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-02-18 15:32 - 2014-02-18 15:32 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\5baeeabc4ba71e8eeb8ccc7162c475b2\PSIClient.ni.dll
2013-04-01 09:05 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-04-01 09:11 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-07-06 18:09 - 2013-05-03 01:01 - 01813792 _____ () C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll
2014-07-03 01:48 - 2014-07-03 01:48 - 03852912 _____ () C:\Program Files (x86)\Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/07/2014 04:03:00 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/07/2014 04:02:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.


System errors:
=============
Error: (08/08/2014 08:26:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.

Error: (08/08/2014 08:26:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.

Error: (08/08/2014 08:25:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.

Error: (08/08/2014 08:25:02 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.

Error: (08/08/2014 08:24:32 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.

Error: (08/07/2014 08:58:26 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "STEPHAN-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{6DE86786-C4C6-4FAF-8A57-BCE11FE16D13}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (08/07/2014 04:03:00 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Wolfgang und Anne\Desktop\esetsmartinstaller_deu.exe

Error: (08/07/2014 04:02:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Wolfgang und Anne\Desktop\esetsmartinstaller_deu.exe


==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 3965.27 MB
Available physical RAM: 2087.6 MB
Total Pagefile: 4669.27 MB
Available Pagefile: 2647.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.98 GB) (Free:416.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 53B91347)

Partition: GPT Partition Type.

==================== End Of Log ============================
Danke für die Hilfe schonmal!
Stephan

schrauber 09.08.2014 10:57
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
SearchScopes: HKCU - {E2E8FB6F-D5AA-4FD9-B821-8344A1233128} URL = hxxp://rts.dsrlte.com/?q={searchTerms}&r=494
FF NewTab: user_pref("browser.newtab.url", "");
FF Homepage: https://www.google.de/
FF Keyword.URL: user_pref("keyword.URL", "");

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Noch Probleme?

StephanL 09.08.2014 13:45
Hi, hier die Fixlog
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-08-2014
Ran by Wolfgang und Anne at 2014-08-09 14:41:09 Run:1
Running from C:\Users\Wolfgang und Anne\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - {E2E8FB6F-D5AA-4FD9-B821-8344A1233128} URL = hxxp://rts.dsrlte.com/?q={searchTerms}&r=494
FF NewTab: user_pref("browser.newtab.url", "");
FF Homepage: https://www.google.de/
FF Keyword.URL: user_pref("keyword.URL", "");
       
*****************

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E2E8FB6F-D5AA-4FD9-B821-8344A1233128}" => Key deleted successfully.
"HKCR\CLSID\{E2E8FB6F-D5AA-4FD9-B821-8344A1233128}" => Key not found.
Firefox newtab deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.

==== End of Fixlog ====
Die Bedrohungne die im ESET Log gefunden wurden sind nicht weiter schlimm?

Vielen Dank und Grüße
Stephan

schrauber 10.08.2014 05:52
die sind doch alle schon in Quarantäne :). Ausser ein paar harmlosen Temps, die machen wir jetzt:

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:02 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131