Internetbrowser verzweigt immer auf ihavenet

springbok4 · 29.07.2013, 17:12

Hallo,

habe so seit 1 Woche einen Trojaner mit dem Namen ihavenet auf meinem Laptop.

Anhang 58392

Anhang 58393

Anhang 58394

Brauche Hilfe wie ich den Bug wieder los werde. Wäre super wenn mir hier jemand helfen könnte.

Gruss Max

schrauber · 29.07.2013, 17:58

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

springbok4 · 29.07.2013, 18:43

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-07-2013
Ran by Alexander Beisheim (administrator) on 29-07-2013 19:40:34
Running from C:\Users\Alexander Beisheim\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE
(Spotify Ltd) C:\Users\Alexander Beisheim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Windows\system32\spool\DRIVERS\x64\3\EBAPIx32.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [278112 2011-11-02] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [Spotify] - C:\Users\Alexander Beisheim\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-07-05] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Alexander Beisheim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-05] (Spotify Ltd)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1679360 2012-02-28] (Wondershare)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=12E3206A8A239425&affID=119357&tsp=4958
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=12E3206A8A239425&affID=119357&tsp=4958
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO-x32: LyricXeeker - {17E58097-6CA5-448B-830F-2A19678248FB} - C:\Program Files (x86)\LyriXeeker\125.dll (LyriXeeker Tech)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Alexander Beisheim\AppData\Roaming\Mozilla\Firefox\Profiles\oxmtsb7j.default
FF user.js: detected! => C:\Users\Alexander Beisheim\AppData\Roaming\Mozilla\Firefox\Profiles\oxmtsb7j.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Alexander Beisheim\AppData\Roaming\Mozilla\Firefox\Profiles\oxmtsb7j.default\searchplugins\babylon.xml
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\125.xpi
FF Extension: No Name - C:\Program Files (x86)\LyriXeeker\125.xpi

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files (x86)\LyriXeeker\125.crx

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-05-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-05-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-05-26] (Avira Operations GmbH & Co. KG)
R3 k57nd; C:\Windows\System32\DRIVERS\k57amd64.sys [333864 2013-05-26] (Broadcom Corporation)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2013-01-08] (Wondershare)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U3 uwdyipod; \??\C:\Users\ALEXAN~1\AppData\Local\Temp\uwdyipod.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-29 19:40 - 2013-07-29 19:40 - 01780549 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64.exe
2013-07-29 19:40 - 2013-07-29 19:40 - 00000000 ____D C:\FRST
2013-07-29 18:02 - 2013-07-29 18:02 - 00006952 _____ C:\Users\Alexander Beisheim\Downloads\gmer_29072013.log
2013-07-29 13:24 - 2013-07-29 13:24 - 00377856 _____ C:\Users\Alexander Beisheim\Downloads\gmer_2.1.19163.exe
2013-07-29 13:20 - 2013-07-29 13:20 - 00045880 _____ C:\Users\Alexander Beisheim\Downloads\OTL.Txt
2013-07-29 13:20 - 2013-07-29 13:20 - 00032372 _____ C:\Users\Alexander Beisheim\Downloads\Extras.Txt
2013-07-29 13:14 - 2013-07-29 13:14 - 00602112 _____ (OldTimer Tools) C:\Users\Alexander Beisheim\Downloads\OTL.exe
2013-07-29 13:13 - 2013-07-29 13:13 - 00000498 _____ C:\Users\Alexander Beisheim\Downloads\defogger_disable.log
2013-07-29 13:13 - 2013-07-29 13:13 - 00000000 _____ C:\Users\Alexander Beisheim\defogger_reenable
2013-07-29 13:12 - 2013-07-29 13:12 - 00050477 _____ C:\Users\Alexander Beisheim\Downloads\Defogger.exe
2013-07-29 11:24 - 2013-07-29 11:24 - 00000000 ____D C:\Users\Alexander Beisheim\Qtrax
2013-07-29 11:20 - 2013-07-29 11:20 - 00003854 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-29 11:18 - 2013-07-29 11:26 - 00000414 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-07-29 11:18 - 2013-07-29 11:18 - 00718920 _____ C:\Users\Alexander Beisheim\Downloads\ZipOpenerSetup.exe
2013-07-29 11:18 - 2013-07-29 11:18 - 00003566 _____ C:\Windows\System32\Tasks\DealPly
2013-07-29 11:18 - 2013-07-29 11:18 - 00003292 _____ C:\Windows\System32\Tasks\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00003088 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-07-29 11:18 - 2013-07-29 11:18 - 00000324 _____ C:\Windows\Tasks\DigitalSite.job
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\Alexander Beisheim\AppData\Roaming\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\Alexander Beisheim\AppData\Roaming\DealPly
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\Alexander Beisheim\AppData\Roaming\Babylon
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Google
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\ProgramData\Babylon
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Program Files (x86)\LyriXeeker
2013-07-29 10:51 - 2013-07-29 10:51 - 00000000 ____D C:\ProgramData\XoftSpySE
2013-07-29 10:50 - 2013-07-29 10:50 - 04322608 _____ (ParetoLogic Inc.) C:\Users\Alexander Beisheim\Downloads\XoftSpySE_Setup_RW.exe
2013-07-21 18:35 - 2013-07-21 18:36 - 00000000 ____D C:\Users\Alexander Beisheim\Desktop\Beachturnier_Giebelstadt_072013
2013-07-11 22:09 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 22:09 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 22:09 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 22:09 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 22:09 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 22:09 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 22:09 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 22:09 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 22:09 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 19:08 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 19:08 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 19:08 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 19:08 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 19:08 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 19:08 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 19:08 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 17:12 - 2013-07-29 11:26 - 00001366 _____ C:\Windows\PFRO.log
2013-07-07 12:36 - 2013-07-29 11:26 - 00000330 _____ C:\Windows\Tasks\Ilmui.job
2013-07-07 12:36 - 2013-07-07 12:36 - 00471040 __RSH C:\Windows\SysWOW64\inetcommp.dll
2013-07-07 12:36 - 2013-07-07 12:36 - 00002610 _____ C:\Windows\System32\Tasks\Ilmui
2013-07-03 19:51 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 19:14 - 2013-07-03 19:14 - 00032768 _____ C:\Users\Alexander Beisheim\Downloads\_Persönlichkeitscheck
2013-07-01 18:24 - 2013-07-29 11:26 - 00001232 _____ C:\Windows\setupact.log
2013-07-01 18:24 - 2013-07-01 18:24 - 00000000 _____ C:\Windows\setuperr.log
2013-06-30 13:48 - 2013-06-30 13:50 - 00000000 ____D C:\Users\Alexander Beisheim\Desktop\Area47_Italien_062013

==================== One Month Modified Files and Folders =======

2013-07-29 19:40 - 2013-07-29 19:40 - 00000000 ____D C:\FRST
2013-07-29 19:00 - 2013-05-30 11:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-29 18:02 - 2013-07-29 18:02 - 00006952 _____ C:\Users\Alexander Beisheim\Downloads\gmer_29072013.log
2013-07-29 13:24 - 2013-07-29 13:24 - 00377856 _____ C:\Users\Alexander Beisheim\Downloads\gmer_2.1.19163.exe
2013-07-29 13:20 - 2013-07-29 13:20 - 00045880 _____ C:\Users\Alexander Beisheim\Downloads\OTL.Txt
2013-07-29 13:20 - 2013-07-29 13:20 - 00032372 _____ C:\Users\Alexander Beisheim\Downloads\Extras.Txt
2013-07-29 13:14 - 2013-07-29 13:14 - 00602112 _____ (OldTimer Tools) C:\Users\Alexander Beisheim\Downloads\OTL.exe
2013-07-29 13:13 - 2013-07-29 13:13 - 00000498 _____ C:\Users\Alexander Beisheim\Downloads\defogger_disable.log
2013-07-29 13:13 - 2013-07-29 13:13 - 00000000 _____ C:\Users\Alexander Beisheim\defogger_reenable
2013-07-29 13:13 - 2013-03-28 18:18 - 00000000 ____D C:\Users\Alexander Beisheim
2013-07-29 13:12 - 2013-07-29 13:12 - 00050477 _____ C:\Users\Alexander Beisheim\Downloads\Defogger.exe
2013-07-29 11:33 - 2009-07-14 06:45 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-29 11:33 - 2009-07-14 06:45 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-29 11:32 - 2009-07-14 19:58 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-07-29 11:32 - 2009-07-14 19:58 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-07-29 11:32 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-29 11:30 - 2013-06-02 10:49 - 01368194 _____ C:\Windows\WindowsUpdate.log
2013-07-29 11:27 - 2013-06-02 10:53 - 00000000 ____D C:\Users\Alexander Beisheim\AppData\Roaming\Spotify
2013-07-29 11:26 - 2013-07-29 11:18 - 00000414 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-07-29 11:26 - 2013-07-09 17:12 - 00001366 _____ C:\Windows\PFRO.log
2013-07-29 11:26 - 2013-07-07 12:36 - 00000330 _____ C:\Windows\Tasks\Ilmui.job
2013-07-29 11:26 - 2013-07-01 18:24 - 00001232 _____ C:\Windows\setupact.log
2013-07-29 11:26 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-29 11:24 - 2013-07-29 11:24 - 00000000 ____D C:\Users\Alexander Beisheim\Qtrax
2013-07-29 11:20 - 2013-07-29 11:20 - 00003854 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-29 11:19 - 2013-07-03 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-29 11:18 - 2013-07-29 11:18 - 00718920 _____ C:\Users\Alexander Beisheim\Downloads\ZipOpenerSetup.exe
2013-07-29 11:18 - 2013-07-29 11:18 - 00003566 _____ C:\Windows\System32\Tasks\DealPly
2013-07-29 11:18 - 2013-07-29 11:18 - 00003292 _____ C:\Windows\System32\Tasks\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00003088 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-07-29 11:18 - 2013-07-29 11:18 - 00000324 _____ C:\Windows\Tasks\DigitalSite.job
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\Alexander Beisheim\AppData\Roaming\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\Alexander Beisheim\AppData\Roaming\DealPly
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\Alexander Beisheim\AppData\Roaming\Babylon
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Google
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\ProgramData\Babylon
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Program Files (x86)\LyriXeeker
2013-07-29 10:51 - 2013-07-29 10:51 - 00000000 ____D C:\ProgramData\XoftSpySE
2013-07-29 10:50 - 2013-07-29 10:50 - 04322608 _____ (ParetoLogic Inc.) C:\Users\Alexander Beisheim\Downloads\XoftSpySE_Setup_RW.exe
2013-07-28 19:07 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-21 18:36 - 2013-07-21 18:35 - 00000000 ____D C:\Users\Alexander Beisheim\Desktop\Beachturnier_Giebelstadt_072013
2013-07-12 14:31 - 2013-03-28 18:10 - 00000000 ____D C:\Windows\Panther
2013-07-12 14:31 - 2009-07-14 06:45 - 00275856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 14:29 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 14:29 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 14:29 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 22:10 - 2013-05-27 20:22 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 19:26 - 2013-06-02 10:53 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Spotify
2013-07-07 12:36 - 2013-07-07 12:36 - 00471040 __RSH C:\Windows\SysWOW64\inetcommp.dll
2013-07-07 12:36 - 2013-07-07 12:36 - 00002610 _____ C:\Windows\System32\Tasks\Ilmui
2013-07-04 17:14 - 2013-05-30 12:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 19:14 - 2013-07-03 19:14 - 00032768 _____ C:\Users\Alexander Beisheim\Downloads\_Persönlichkeitscheck
2013-07-02 18:06 - 2013-05-26 20:48 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-07-01 18:24 - 2013-07-01 18:24 - 00000000 _____ C:\Windows\setuperr.log
2013-06-30 15:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-30 13:50 - 2013-06-30 13:48 - 00000000 ____D C:\Users\Alexander Beisheim\Desktop\Area47_Italien_062013

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 19:05

==================== End Of Log ============================

--- --- ---

[/CODE]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-07-2013
Ran by Alexander Beisheim at 2013-07-29 19:40:52
Running from C:\Users\Alexander Beisheim\Downloads
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212)
Adobe Digital Editions 2.0 (x32 Version: 2.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Ashampoo Burning Studio 2013 v.11.0.6 (x32 Version: 11.0.6)
Atheros Client Installation Program (x32 Version: 7.0)
Avira Free Antivirus (x32 Version: 13.0.0.3884)
Benutzerhandbuch EPSON XP-205 207 Series (x32)
Download Navigator (x32 Version: 1.1.0)
Druckerdeinstallation für EPSON XP-205 207 Series
eaner (Version: 4.02)
Epson Easy Photo Print 2 (x32 Version: 2.3.2.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)
Epson Event Manager (x32 Version: 3.01.0000)
EPSON Scan (x32)
EpsonNet Print (x32 Version: 2.5.00)
LyricXeeker (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Netzwerkhandbuch EPSON XP-205 207 Series (x32)
Spotify (HKCU Version: 0.9.1.57.ge7405149)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
VLC media player 2.0.6 (Version: 2.0.6)
Wondershare Player(Build 1.0.2) (x32 Version: 1.0.2.1)
Wondershare Streaming Audio Recorder(Build 2.1.1.1) (x32 Version: 2.1.1.1)

==================== Restore Points =========================

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {155FD838-8F29-4590-A9D2-23FFFE498B0E} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {18FA3605-779C-4ACC-8DFD-864C2FDB0D62} - System32\Tasks\DigitalSite => C:\Users\ALEXAN~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE No File
Task: {1C84CE38-6855-423D-B973-FAB28F7B9BDF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {32670D5F-CD88-4476-BA60-498B50C67220} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe [2013-05-13] (Microsoft Corporation)
Task: {4AFBE439-76D7-49ED-BE46-1617C9FC52A4} - System32\Tasks\DealPly => C:\Users\ALEXAN~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE [2013-02-27] ()
Task: {66088763-A9BA-4B06-B362-241EF8B52DE4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {BBCE665A-50C2-47CA-8759-821C8024D08A} - System32\Tasks\LyricXeeker Update => C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe [2013-07-27] (LyriXeeker Tech)
Task: {ED99BAAC-BAB8-4966-A06A-ACDFB703C9A0} - System32\Tasks\Ilmui => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DigitalSite.job => ?
Task: C:\Windows\Tasks\Ilmui.job => C:\Windows\system32\rundll32.exe
Task: C:\Windows\Tasks\LyricXeeker Update.job => C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2013 10:09:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917, Zeitstempel: 0x51c06b1b
Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917, Zeitstempel: 0x51c06a5b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00173668
ID des fehlerhaften Prozesses: 0x9f8
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3

Error: (07/01/2013 06:25:31 PM) (Source: Windows Search Service) (User: )
Description: Der Index kann nicht initialisiert werden.

Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/01/2013 06:25:31 PM) (Source: Windows Search Service) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung

Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/01/2013 06:25:31 PM) (Source: Windows Search Service) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/01/2013 06:25:31 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)

Error: (07/01/2013 06:25:31 PM) (Source: Windows Search Service) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/01/2013 06:25:31 PM) (Source: Windows Search Service) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog

Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/01/2013 06:25:31 PM) (Source: Windows Search Service) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.

Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/01/2013 06:25:31 PM) (Source: Windows Search Service) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.

Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/01/2013 06:25:31 PM) (Source: Windows Search Service) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.

Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))

System errors:
=============
Error: (07/29/2013 11:26:17 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (07/29/2013 09:17:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (07/28/2013 07:05:00 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (07/25/2013 05:42:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (07/24/2013 06:45:09 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (07/23/2013 05:59:07 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (07/21/2013 06:26:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (07/21/2013 08:50:55 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (07/20/2013 06:35:47 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\athExt.dll
Fehlercode: 126

Error: (07/20/2013 08:04:44 AM) (Source: DCOM) (User: )
Description: {6E993643-8FBC-44FE-BC85-D318495C4D96}

Microsoft Office Sessions:
=========================
Error: (07/10/2013 10:09:05 PM) (Source: Application Error)(User: )
Description: firefox.exe22.0.0.491751c06b1bxul.dll22.0.0.491751c06a5bc0000005001736689f801ce7da53996191dC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll91e5657a-e99c-11e2-80ab-206a8a239425

Error: (07/01/2013 06:25:31 PM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/01/2013 06:25:31 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung

Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/01/2013 06:25:31 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog

Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)

Error: (07/01/2013 06:25:31 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog

Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (07/01/2013 06:25:31 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog

Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (07/01/2013 06:25:31 PM) (Source: Windows Search Service)(User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog

Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)

Error: (07/01/2013 06:25:31 PM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (07/01/2013 06:25:31 PM) (Source: Windows Search Service)(User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (07/01/2013 06:25:31 PM) (Source: Windows Search Service)(User: )
Description:
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))

==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 3956.5 MB
Available physical RAM: 2389.32 MB
Total Pagefile: 7911.18 MB
Available Pagefile: 6377.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:451.99 GB) (Free:421.96 GB) NTFS (Disk=0 Partition=3)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4FE94FE9)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Code:

ATTFilter

schrauber · 29.07.2013, 20:06

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

springbok4 · 30.07.2013, 15:12

hier die gewünschten Dateien

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 30/07/2013 um 15:28:07 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Alexander Beisheim - APPLESEED
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Alexander Beisheim\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Alexander Beisheim\AppData\Roaming\Mozilla\Firefox\Profiles\oxmtsb7j.default\searchplugins\Babylon.xml
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Wondershare
Ordner Gelöscht : C:\Program Files (x86)\Wondershare
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Ordner Gelöscht : C:\Users\Alexander Beisheim\AppData\Local\Wondershare
Ordner Gelöscht : C:\Users\Alexander Beisheim\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Alexander Beisheim\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Alexander Beisheim\AppData\Roaming\Wondershare

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5a48bdab23bb948

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=12E3206A8A239425&affID=119357&tsp=4958 --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Alexander Beisheim\AppData\Roaming\Mozilla\Firefox\Profiles\oxmtsb7j.default\prefs.js

C:\Users\Alexander Beisheim\AppData\Roaming\Mozilla\Firefox\Profiles\oxmtsb7j.default\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.bbDpng", "29");
Gelöscht : user_pref("extensions.delta.cntry", "DE");
Gelöscht : user_pref("extensions.delta.dfltLng", "de");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.hdrMd5", "69C3CDB89C11F571244A4804597D4A65");
Gelöscht : user_pref("extensions.delta.id", "12e367e9000000000000206a8a239425");
Gelöscht : user_pref("extensions.delta.instlDay", "15915");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.22.011:19:07");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.sg", "czb");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.22.0");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.22.011:19:07");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.22.0");
Gelöscht : user_pref("extensions.delta_i.babExt", "");
Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4958");
Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");

*************************

AdwCleaner[S1].txt - [4161 octets] - [30/07/2013 15:28:07]

########## EOF - C:\AdwCleaner[S1].txt - [4221 octets] ##########

--- --- ---

[/CODE]

Hier der nächste Code JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.8 (07.29.2013:2)
OS: Windows 7 Ultimate x64
Ran by Alexander Beisheim on 30.07.2013 at 15:33:35,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17E58097-6CA5-448B-830F-2A19678248FB}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\lyrixeeker"



~~~ FireFox

Successfully deleted: [File] C:\Users\Alexander Beisheim\AppData\Roaming\mozilla\firefox\profiles\oxmtsb7j.default\invalidprefs.js
Emptied folder: C:\Users\Alexander Beisheim\AppData\Roaming\mozilla\firefox\profiles\oxmtsb7j.default\minidumps [44 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.07.2013 at 15:37:12,09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und noch die FRST Code:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by Alexander Beisheim (administrator) on 30-07-2013 16:03:33
Running from C:\Users\Alexander Beisheim\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE
(Spotify Ltd) C:\Users\Alexander Beisheim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [278112 2011-11-02] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [Spotify] - C:\Users\Alexander Beisheim\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-07-05] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Alexander Beisheim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-05] (Spotify Ltd)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [x]

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Alexander Beisheim\AppData\Roaming\Mozilla\Firefox\Profiles\oxmtsb7j.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\125.xpi

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files (x86)\LyriXeeker\125.crx

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-05-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-05-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-05-26] (Avira Operations GmbH & Co. KG)
R3 k57nd; C:\Windows\System32\DRIVERS\k57amd64.sys [333864 2013-05-26] (Broadcom Corporation)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2013-01-08] (Wondershare)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 16:03 - 2013-07-30 16:03 - 01781589 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64(1).exe
2013-07-30 15:37 - 2013-07-30 15:37 - 00001355 _____ C:\Users\Alexander Beisheim\Desktop\JRT.txt
2013-07-30 15:33 - 2013-07-30 15:33 - 00562042 _____ (Oleg N. Scherbakov) C:\Users\Alexander Beisheim\Downloads\JRT.exe
2013-07-30 15:33 - 2013-07-30 15:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-30 15:30 - 2013-07-30 15:30 - 00004288 _____ C:\Users\Alexander Beisheim\Downloads\AdwCleaner[S1].txt
2013-07-30 15:28 - 2013-07-30 15:28 - 00004288 _____ C:\AdwCleaner[S1].txt
2013-07-30 15:27 - 2013-07-30 15:27 - 00666633 _____ C:\Users\Alexander Beisheim\Downloads\adwcleaner.exe
2013-07-29 19:40 - 2013-07-29 19:41 - 00012760 _____ C:\Users\Alexander Beisheim\Downloads\Addition.txt
2013-07-29 19:40 - 2013-07-29 19:40 - 01780549 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64.exe
2013-07-29 19:40 - 2013-07-29 19:40 - 00000000 ____D C:\FRST
2013-07-29 18:02 - 2013-07-29 18:02 - 00006952 _____ C:\Users\Alexander Beisheim\Downloads\gmer_29072013.log
2013-07-29 13:24 - 2013-07-29 13:24 - 00377856 _____ C:\Users\Alexander Beisheim\Downloads\gmer_2.1.19163.exe
2013-07-29 13:20 - 2013-07-29 13:20 - 00045880 _____ C:\Users\Alexander Beisheim\Downloads\OTL.Txt
2013-07-29 13:20 - 2013-07-29 13:20 - 00032372 _____ C:\Users\Alexander Beisheim\Downloads\Extras.Txt
2013-07-29 13:14 - 2013-07-29 13:14 - 00602112 _____ (OldTimer Tools) C:\Users\Alexander Beisheim\Downloads\OTL.exe
2013-07-29 13:13 - 2013-07-29 13:13 - 00000498 _____ C:\Users\Alexander Beisheim\Downloads\defogger_disable.log
2013-07-29 13:13 - 2013-07-29 13:13 - 00000000 _____ C:\Users\Alexander Beisheim\defogger_reenable
2013-07-29 13:12 - 2013-07-29 13:12 - 00050477 _____ C:\Users\Alexander Beisheim\Downloads\Defogger.exe
2013-07-29 11:24 - 2013-07-29 11:24 - 00000000 ____D C:\Users\Alexander Beisheim\Qtrax
2013-07-29 11:20 - 2013-07-29 11:20 - 00003854 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-29 11:18 - 2013-07-30 15:29 - 00000414 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-07-29 11:18 - 2013-07-29 11:18 - 00718920 _____ C:\Users\Alexander Beisheim\Downloads\ZipOpenerSetup.exe
2013-07-29 11:18 - 2013-07-29 11:18 - 00003566 _____ C:\Windows\System32\Tasks\DealPly
2013-07-29 11:18 - 2013-07-29 11:18 - 00003292 _____ C:\Windows\System32\Tasks\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00003088 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-07-29 11:18 - 2013-07-29 11:18 - 00000324 _____ C:\Windows\Tasks\DigitalSite.job
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\Alexander Beisheim\AppData\Roaming\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Google
2013-07-29 10:51 - 2013-07-29 10:51 - 00000000 ____D C:\ProgramData\XoftSpySE
2013-07-29 10:50 - 2013-07-29 10:50 - 04322608 _____ (ParetoLogic Inc.) C:\Users\Alexander Beisheim\Downloads\XoftSpySE_Setup_RW.exe
2013-07-21 18:35 - 2013-07-21 18:36 - 00000000 ____D C:\Users\Alexander Beisheim\Desktop\Beachturnier_Giebelstadt_072013
2013-07-11 22:09 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 22:09 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 22:09 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 22:09 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 22:09 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 22:09 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 22:09 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 22:09 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 22:09 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 19:08 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 19:08 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 19:08 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 19:08 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 19:08 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 19:08 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 19:08 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 17:12 - 2013-07-30 15:24 - 00004362 _____ C:\Windows\PFRO.log
2013-07-07 12:36 - 2013-07-30 15:35 - 00000330 _____ C:\Windows\Tasks\Ilmui.job
2013-07-07 12:36 - 2013-07-07 12:36 - 00471040 __RSH C:\Windows\SysWOW64\inetcommp.dll
2013-07-07 12:36 - 2013-07-07 12:36 - 00002610 _____ C:\Windows\System32\Tasks\Ilmui
2013-07-03 19:51 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 19:14 - 2013-07-03 19:14 - 00032768 _____ C:\Users\Alexander Beisheim\Downloads\_Persönlichkeitscheck
2013-07-01 18:24 - 2013-07-30 15:29 - 00001344 _____ C:\Windows\setupact.log
2013-07-01 18:24 - 2013-07-01 18:24 - 00000000 _____ C:\Windows\setuperr.log
2013-06-30 13:48 - 2013-06-30 13:50 - 00000000 ____D C:\Users\Alexander Beisheim\Desktop\Area47_Italien_062013

==================== One Month Modified Files and Folders =======

2013-07-30 16:00 - 2013-05-30 11:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-30 15:37 - 2013-07-30 15:37 - 00001355 _____ C:\Users\Alexander Beisheim\Desktop\JRT.txt
2013-07-30 15:36 - 2009-07-14 19:58 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-07-30 15:36 - 2009-07-14 19:58 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-07-30 15:36 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-30 15:36 - 2009-07-14 06:45 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-30 15:36 - 2009-07-14 06:45 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-30 15:35 - 2013-07-07 12:36 - 00000330 _____ C:\Windows\Tasks\Ilmui.job
2013-07-30 15:33 - 2013-07-30 15:33 - 00562042 _____ (Oleg N. Scherbakov) C:\Users\Alexander Beisheim\Downloads\JRT.exe
2013-07-30 15:33 - 2013-07-30 15:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-30 15:31 - 2013-06-02 10:53 - 00000000 ____D C:\Users\Alexander Beisheim\AppData\Roaming\Spotify
2013-07-30 15:30 - 2013-07-30 15:30 - 00004288 _____ C:\Users\Alexander Beisheim\Downloads\AdwCleaner[S1].txt
2013-07-30 15:29 - 2013-07-29 11:18 - 00000414 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-07-30 15:29 - 2013-07-01 18:24 - 00001344 _____ C:\Windows\setupact.log
2013-07-30 15:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-30 15:28 - 2013-07-30 15:28 - 00004288 _____ C:\AdwCleaner[S1].txt
2013-07-30 15:28 - 2013-06-02 10:49 - 01407439 _____ C:\Windows\WindowsUpdate.log
2013-07-30 15:27 - 2013-07-30 15:27 - 00666633 _____ C:\Users\Alexander Beisheim\Downloads\adwcleaner.exe
2013-07-30 15:26 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-30 15:24 - 2013-07-09 17:12 - 00004362 _____ C:\Windows\PFRO.log
2013-07-29 19:41 - 2013-07-29 19:40 - 00012760 _____ C:\Users\Alexander Beisheim\Downloads\Addition.txt
2013-07-29 19:40 - 2013-07-29 19:40 - 01780549 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64.exe
2013-07-29 19:40 - 2013-07-29 19:40 - 00000000 ____D C:\FRST
2013-07-29 18:02 - 2013-07-29 18:02 - 00006952 _____ C:\Users\Alexander Beisheim\Downloads\gmer_29072013.log
2013-07-29 13:24 - 2013-07-29 13:24 - 00377856 _____ C:\Users\Alexander Beisheim\Downloads\gmer_2.1.19163.exe
2013-07-29 13:20 - 2013-07-29 13:20 - 00045880 _____ C:\Users\Alexander Beisheim\Downloads\OTL.Txt
2013-07-29 13:20 - 2013-07-29 13:20 - 00032372 _____ C:\Users\Alexander Beisheim\Downloads\Extras.Txt
2013-07-29 13:14 - 2013-07-29 13:14 - 00602112 _____ (OldTimer Tools) C:\Users\Alexander Beisheim\Downloads\OTL.exe
2013-07-29 13:13 - 2013-07-29 13:13 - 00000498 _____ C:\Users\Alexander Beisheim\Downloads\defogger_disable.log
2013-07-29 13:13 - 2013-07-29 13:13 - 00000000 _____ C:\Users\Alexander Beisheim\defogger_reenable
2013-07-29 13:13 - 2013-03-28 18:18 - 00000000 ____D C:\Users\Alexander Beisheim
2013-07-29 13:12 - 2013-07-29 13:12 - 00050477 _____ C:\Users\Alexander Beisheim\Downloads\Defogger.exe
2013-07-29 11:24 - 2013-07-29 11:24 - 00000000 ____D C:\Users\Alexander Beisheim\Qtrax
2013-07-29 11:20 - 2013-07-29 11:20 - 00003854 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-29 11:19 - 2013-07-03 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-29 11:18 - 2013-07-29 11:18 - 00718920 _____ C:\Users\Alexander Beisheim\Downloads\ZipOpenerSetup.exe
2013-07-29 11:18 - 2013-07-29 11:18 - 00003566 _____ C:\Windows\System32\Tasks\DealPly
2013-07-29 11:18 - 2013-07-29 11:18 - 00003292 _____ C:\Windows\System32\Tasks\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00003088 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-07-29 11:18 - 2013-07-29 11:18 - 00000324 _____ C:\Windows\Tasks\DigitalSite.job
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\Alexander Beisheim\AppData\Roaming\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Google
2013-07-29 10:51 - 2013-07-29 10:51 - 00000000 ____D C:\ProgramData\XoftSpySE
2013-07-29 10:50 - 2013-07-29 10:50 - 04322608 _____ (ParetoLogic Inc.) C:\Users\Alexander Beisheim\Downloads\XoftSpySE_Setup_RW.exe
2013-07-21 18:36 - 2013-07-21 18:35 - 00000000 ____D C:\Users\Alexander Beisheim\Desktop\Beachturnier_Giebelstadt_072013
2013-07-12 14:31 - 2013-03-28 18:10 - 00000000 ____D C:\Windows\Panther
2013-07-12 14:31 - 2009-07-14 06:45 - 00275856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 14:29 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 14:29 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 14:29 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 22:10 - 2013-05-27 20:22 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 19:26 - 2013-06-02 10:53 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Spotify
2013-07-07 12:36 - 2013-07-07 12:36 - 00471040 __RSH C:\Windows\SysWOW64\inetcommp.dll
2013-07-07 12:36 - 2013-07-07 12:36 - 00002610 _____ C:\Windows\System32\Tasks\Ilmui
2013-07-04 17:14 - 2013-05-30 12:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 19:14 - 2013-07-03 19:14 - 00032768 _____ C:\Users\Alexander Beisheim\Downloads\_Persönlichkeitscheck
2013-07-02 18:06 - 2013-05-26 20:48 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-07-01 18:24 - 2013-07-01 18:24 - 00000000 _____ C:\Windows\setuperr.log
2013-06-30 15:08 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-30 13:50 - 2013-06-30 13:48 - 00000000 ____D C:\Users\Alexander Beisheim\Desktop\Area47_Italien_062013

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 19:05

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 31.07.2013, 06:56

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

springbok4 · 31.07.2013, 14:09

Hi,

nachfolgend die benötigten Dateien.

Kann ich kurz einen Zwischenstand zu dem Trojaner bzw. Virus haben den ich mir eingefangen habe?
Schicke hier ständig Dateien und weiss nicht so wirklich was wir hier tun?!?! DANKE

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9da6f9fd6e06f7438b3adb148b7a69cb
# engine=14599
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-31 01:00:56
# local_time=2013-07-31 03:00:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 62930 5681824 55718 0
# compatibility_mode=5893 16776574 100 94 1643471 126905506 0 0
# scanned=110690
# found=0
# cleaned=0
# scan_time=1859

Hier der nächste Code

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.71  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Mozilla Firefox (22.0) 
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

und nochmal die FRST Code

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by Alexander Beisheim (administrator) on 31-07-2013 15:06:59
Running from C:\Users\Alexander Beisheim\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE
(Spotify Ltd) C:\Users\Alexander Beisheim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [278112 2011-11-02] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [Spotify] - C:\Users\Alexander Beisheim\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-07-05] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Alexander Beisheim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-05] (Spotify Ltd)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [x]

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Alexander Beisheim\AppData\Roaming\Mozilla\Firefox\Profiles\oxmtsb7j.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\125.xpi

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files (x86)\LyriXeeker\125.crx

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-05-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-05-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-05-26] (Avira Operations GmbH & Co. KG)
R3 k57nd; C:\Windows\System32\DRIVERS\k57amd64.sys [333864 2013-05-26] (Broadcom Corporation)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2013-01-08] (Wondershare)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-31 15:05 - 2013-07-31 15:05 - 00891098 _____ C:\Users\Alexander Beisheim\Downloads\SecurityCheck.exe
2013-07-31 14:28 - 2013-07-31 14:28 - 02347384 _____ (ESET) C:\Users\Alexander Beisheim\Downloads\esetsmartinstaller_enu.exe
2013-07-31 14:28 - 2013-07-31 14:28 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-30 16:03 - 2013-07-30 16:03 - 01781589 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64(1).exe
2013-07-30 15:37 - 2013-07-30 15:37 - 00001355 _____ C:\Users\Alexander Beisheim\Desktop\JRT.txt
2013-07-30 15:33 - 2013-07-30 15:33 - 00562042 _____ (Oleg N. Scherbakov) C:\Users\Alexander Beisheim\Downloads\JRT.exe
2013-07-30 15:33 - 2013-07-30 15:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-30 15:30 - 2013-07-30 15:30 - 00004288 _____ C:\Users\Alexander Beisheim\Downloads\AdwCleaner[S1].txt
2013-07-30 15:28 - 2013-07-30 15:28 - 00004288 _____ C:\AdwCleaner[S1].txt
2013-07-30 15:27 - 2013-07-30 15:27 - 00666633 _____ C:\Users\Alexander Beisheim\Downloads\adwcleaner.exe
2013-07-29 19:40 - 2013-07-29 19:41 - 00012760 _____ C:\Users\Alexander Beisheim\Downloads\Addition.txt
2013-07-29 19:40 - 2013-07-29 19:40 - 01780549 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64.exe
2013-07-29 19:40 - 2013-07-29 19:40 - 00000000 ____D C:\FRST
2013-07-29 18:02 - 2013-07-29 18:02 - 00006952 _____ C:\Users\Alexander Beisheim\Downloads\gmer_29072013.log
2013-07-29 13:24 - 2013-07-29 13:24 - 00377856 _____ C:\Users\Alexander Beisheim\Downloads\gmer_2.1.19163.exe
2013-07-29 13:20 - 2013-07-29 13:20 - 00045880 _____ C:\Users\Alexander Beisheim\Downloads\OTL.Txt
2013-07-29 13:20 - 2013-07-29 13:20 - 00032372 _____ C:\Users\Alexander Beisheim\Downloads\Extras.Txt
2013-07-29 13:14 - 2013-07-29 13:14 - 00602112 _____ (OldTimer Tools) C:\Users\Alexander Beisheim\Downloads\OTL.exe
2013-07-29 13:13 - 2013-07-29 13:13 - 00000498 _____ C:\Users\Alexander Beisheim\Downloads\defogger_disable.log
2013-07-29 13:13 - 2013-07-29 13:13 - 00000000 _____ C:\Users\Alexander Beisheim\defogger_reenable
2013-07-29 13:12 - 2013-07-29 13:12 - 00050477 _____ C:\Users\Alexander Beisheim\Downloads\Defogger.exe
2013-07-29 11:24 - 2013-07-29 11:24 - 00000000 ____D C:\Users\Alexander Beisheim\Qtrax
2013-07-29 11:20 - 2013-07-29 11:20 - 00003854 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-29 11:18 - 2013-07-31 14:24 - 00000414 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-07-29 11:18 - 2013-07-29 11:18 - 00718920 _____ C:\Users\Alexander Beisheim\Downloads\ZipOpenerSetup.exe
2013-07-29 11:18 - 2013-07-29 11:18 - 00003566 _____ C:\Windows\System32\Tasks\DealPly
2013-07-29 11:18 - 2013-07-29 11:18 - 00003292 _____ C:\Windows\System32\Tasks\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00003088 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-07-29 11:18 - 2013-07-29 11:18 - 00000324 _____ C:\Windows\Tasks\DigitalSite.job
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\Alexander Beisheim\AppData\Roaming\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Google
2013-07-29 10:51 - 2013-07-29 10:51 - 00000000 ____D C:\ProgramData\XoftSpySE
2013-07-29 10:50 - 2013-07-29 10:50 - 04322608 _____ (ParetoLogic Inc.) C:\Users\Alexander Beisheim\Downloads\XoftSpySE_Setup_RW.exe
2013-07-21 18:35 - 2013-07-21 18:36 - 00000000 ____D C:\Users\Alexander Beisheim\Desktop\Beachturnier_Giebelstadt_072013
2013-07-11 22:09 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 22:09 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 22:09 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 22:09 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 22:09 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 22:09 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 22:09 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 22:09 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 22:09 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 19:08 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 19:08 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 19:08 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 19:08 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 19:08 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 19:08 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 19:08 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 17:12 - 2013-07-30 15:24 - 00004362 _____ C:\Windows\PFRO.log
2013-07-07 12:36 - 2013-07-31 14:23 - 00000330 _____ C:\Windows\Tasks\Ilmui.job
2013-07-07 12:36 - 2013-07-07 12:36 - 00471040 __RSH C:\Windows\SysWOW64\inetcommp.dll
2013-07-07 12:36 - 2013-07-07 12:36 - 00002610 _____ C:\Windows\System32\Tasks\Ilmui
2013-07-03 19:51 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-03 19:14 - 2013-07-03 19:14 - 00032768 _____ C:\Users\Alexander Beisheim\Downloads\_Persönlichkeitscheck
2013-07-01 18:24 - 2013-07-31 14:23 - 00001400 _____ C:\Windows\setupact.log
2013-07-01 18:24 - 2013-07-01 18:24 - 00000000 _____ C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

2013-07-31 15:05 - 2013-07-31 15:05 - 00891098 _____ C:\Users\Alexander Beisheim\Downloads\SecurityCheck.exe
2013-07-31 15:00 - 2013-05-30 11:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 14:31 - 2009-07-14 06:45 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-31 14:31 - 2009-07-14 06:45 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-31 14:28 - 2013-07-31 14:28 - 02347384 _____ (ESET) C:\Users\Alexander Beisheim\Downloads\esetsmartinstaller_enu.exe
2013-07-31 14:28 - 2013-07-31 14:28 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-31 14:28 - 2009-07-14 19:58 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-07-31 14:28 - 2009-07-14 19:58 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-07-31 14:28 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-31 14:27 - 2013-06-02 10:49 - 01449800 _____ C:\Windows\WindowsUpdate.log
2013-07-31 14:24 - 2013-07-29 11:18 - 00000414 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-07-31 14:24 - 2013-06-02 10:53 - 00000000 ____D C:\Users\Alexander Beisheim\AppData\Roaming\Spotify
2013-07-31 14:23 - 2013-07-07 12:36 - 00000330 _____ C:\Windows\Tasks\Ilmui.job
2013-07-31 14:23 - 2013-07-01 18:24 - 00001400 _____ C:\Windows\setupact.log
2013-07-31 14:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-30 16:03 - 2013-07-30 16:03 - 01781589 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64(1).exe
2013-07-30 15:37 - 2013-07-30 15:37 - 00001355 _____ C:\Users\Alexander Beisheim\Desktop\JRT.txt
2013-07-30 15:33 - 2013-07-30 15:33 - 00562042 _____ (Oleg N. Scherbakov) C:\Users\Alexander Beisheim\Downloads\JRT.exe
2013-07-30 15:33 - 2013-07-30 15:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-30 15:30 - 2013-07-30 15:30 - 00004288 _____ C:\Users\Alexander Beisheim\Downloads\AdwCleaner[S1].txt
2013-07-30 15:28 - 2013-07-30 15:28 - 00004288 _____ C:\AdwCleaner[S1].txt
2013-07-30 15:27 - 2013-07-30 15:27 - 00666633 _____ C:\Users\Alexander Beisheim\Downloads\adwcleaner.exe
2013-07-30 15:26 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-30 15:24 - 2013-07-09 17:12 - 00004362 _____ C:\Windows\PFRO.log
2013-07-29 19:41 - 2013-07-29 19:40 - 00012760 _____ C:\Users\Alexander Beisheim\Downloads\Addition.txt
2013-07-29 19:40 - 2013-07-29 19:40 - 01780549 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64.exe
2013-07-29 19:40 - 2013-07-29 19:40 - 00000000 ____D C:\FRST
2013-07-29 18:02 - 2013-07-29 18:02 - 00006952 _____ C:\Users\Alexander Beisheim\Downloads\gmer_29072013.log
2013-07-29 13:24 - 2013-07-29 13:24 - 00377856 _____ C:\Users\Alexander Beisheim\Downloads\gmer_2.1.19163.exe
2013-07-29 13:20 - 2013-07-29 13:20 - 00045880 _____ C:\Users\Alexander Beisheim\Downloads\OTL.Txt
2013-07-29 13:20 - 2013-07-29 13:20 - 00032372 _____ C:\Users\Alexander Beisheim\Downloads\Extras.Txt
2013-07-29 13:14 - 2013-07-29 13:14 - 00602112 _____ (OldTimer Tools) C:\Users\Alexander Beisheim\Downloads\OTL.exe
2013-07-29 13:13 - 2013-07-29 13:13 - 00000498 _____ C:\Users\Alexander Beisheim\Downloads\defogger_disable.log
2013-07-29 13:13 - 2013-07-29 13:13 - 00000000 _____ C:\Users\Alexander Beisheim\defogger_reenable
2013-07-29 13:13 - 2013-03-28 18:18 - 00000000 ____D C:\Users\Alexander Beisheim
2013-07-29 13:12 - 2013-07-29 13:12 - 00050477 _____ C:\Users\Alexander Beisheim\Downloads\Defogger.exe
2013-07-29 11:24 - 2013-07-29 11:24 - 00000000 ____D C:\Users\Alexander Beisheim\Qtrax
2013-07-29 11:20 - 2013-07-29 11:20 - 00003854 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-29 11:19 - 2013-07-03 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-29 11:18 - 2013-07-29 11:18 - 00718920 _____ C:\Users\Alexander Beisheim\Downloads\ZipOpenerSetup.exe
2013-07-29 11:18 - 2013-07-29 11:18 - 00003566 _____ C:\Windows\System32\Tasks\DealPly
2013-07-29 11:18 - 2013-07-29 11:18 - 00003292 _____ C:\Windows\System32\Tasks\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00003088 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-07-29 11:18 - 2013-07-29 11:18 - 00000324 _____ C:\Windows\Tasks\DigitalSite.job
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\Alexander Beisheim\AppData\Roaming\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Google
2013-07-29 10:51 - 2013-07-29 10:51 - 00000000 ____D C:\ProgramData\XoftSpySE
2013-07-29 10:50 - 2013-07-29 10:50 - 04322608 _____ (ParetoLogic Inc.) C:\Users\Alexander Beisheim\Downloads\XoftSpySE_Setup_RW.exe
2013-07-21 18:36 - 2013-07-21 18:35 - 00000000 ____D C:\Users\Alexander Beisheim\Desktop\Beachturnier_Giebelstadt_072013
2013-07-12 14:31 - 2013-03-28 18:10 - 00000000 ____D C:\Windows\Panther
2013-07-12 14:31 - 2009-07-14 06:45 - 00275856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 14:29 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 14:29 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 14:29 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 22:10 - 2013-05-27 20:22 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 19:26 - 2013-06-02 10:53 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Spotify
2013-07-07 12:36 - 2013-07-07 12:36 - 00471040 __RSH C:\Windows\SysWOW64\inetcommp.dll
2013-07-07 12:36 - 2013-07-07 12:36 - 00002610 _____ C:\Windows\System32\Tasks\Ilmui
2013-07-04 17:14 - 2013-05-30 12:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 19:14 - 2013-07-03 19:14 - 00032768 _____ C:\Users\Alexander Beisheim\Downloads\_Persönlichkeitscheck
2013-07-02 18:06 - 2013-05-26 20:48 - 00083672 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-07-01 18:24 - 2013-07-01 18:24 - 00000000 _____ C:\Windows\setuperr.log

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-23 19:05

==================== End Of Log ============================

--- --- ---

--- --- ---

Mein Avira AntiVir habe ich wieder aktiviert

schrauber · 31.07.2013, 19:22

Du hast ne Adware-Schleuder. Das ist soweit alles gerichtet, jetzt scannen wir noch nach verbogenen Diensten, richten diese, und entfernen die Reste

Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

springbok4 · 01.08.2013, 17:33

Code:

ATTFilter

Farbar Service Scanner Version: 26-07-2013
Ran by Alexander Beisheim (administrator) on 01-08-2013 at 18:31:48
Running from "C:\Users\Alexander Beisheim\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

schrauber · 02.08.2013, 10:45

http://download.bleepingcomputer.com...s/7/wscsvc.reg

Auf dem Desktop speichern und mit Rechtsklick als ADmin ausführen, erlauben, reboot und ein frisches FSS und FRST log bitte.

Noch Probleme?

springbok4 · 05.08.2013, 16:07

Code:

ATTFilter

Farbar Service Scanner Version: 26-07-2013
Ran by Alexander Beisheim (administrator) on 05-08-2013 at 16:06:35
Running from "C:\Users\Alexander Beisheim\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03 (ATTENTION: ====> FRST version is 6 days old and could be outdated)
Ran by Alexander Beisheim (administrator) on 05-08-2013 16:08:56
Running from C:\Users\Alexander Beisheim\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE
(Spotify Ltd) C:\Users\Alexander Beisheim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [278112 2011-11-02] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [Spotify] - C:\Users\Alexander Beisheim\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-07-05] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Alexander Beisheim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-05] (Spotify Ltd)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [x]

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Alexander Beisheim\AppData\Roaming\Mozilla\Firefox\Profiles\oxmtsb7j.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\125.xpi

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files (x86)\LyriXeeker\125.crx

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-05-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-05-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-05-26] (Avira Operations GmbH & Co. KG)
R3 k57nd; C:\Windows\System32\DRIVERS\k57amd64.sys [333864 2013-05-26] (Broadcom Corporation)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2013-01-08] (Wondershare)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-05 16:04 - 2013-08-05 16:04 - 00005256 _____ C:\Users\Alexander Beisheim\Downloads\wscsvc.reg
2013-08-01 18:31 - 2013-08-05 16:06 - 00002740 _____ C:\Users\Alexander Beisheim\Downloads\FSS.txt
2013-08-01 18:31 - 2013-08-01 18:31 - 00357145 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FSS.exe
2013-07-31 15:05 - 2013-07-31 15:05 - 00891098 _____ C:\Users\Alexander Beisheim\Downloads\SecurityCheck.exe
2013-07-31 14:28 - 2013-07-31 14:28 - 02347384 _____ (ESET) C:\Users\Alexander Beisheim\Downloads\esetsmartinstaller_enu.exe
2013-07-30 16:03 - 2013-07-30 16:03 - 01781589 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64(1).exe
2013-07-30 15:33 - 2013-07-30 15:33 - 00562042 _____ (Oleg N. Scherbakov) C:\Users\Alexander Beisheim\Downloads\JRT.exe
2013-07-30 15:33 - 2013-07-30 15:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-30 15:30 - 2013-07-30 15:30 - 00004288 _____ C:\Users\Alexander Beisheim\Downloads\AdwCleaner[S1].txt
2013-07-30 15:28 - 2013-07-30 15:28 - 00004288 _____ C:\AdwCleaner[S1].txt
2013-07-30 15:27 - 2013-07-30 15:27 - 00666633 _____ C:\Users\Alexander Beisheim\Downloads\adwcleaner.exe
2013-07-29 19:40 - 2013-07-29 19:41 - 00012760 _____ C:\Users\Alexander Beisheim\Downloads\Addition.txt
2013-07-29 19:40 - 2013-07-29 19:40 - 01780549 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64.exe
2013-07-29 19:40 - 2013-07-29 19:40 - 00000000 ____D C:\FRST
2013-07-29 18:02 - 2013-07-29 18:02 - 00006952 _____ C:\Users\Alexander Beisheim\Downloads\gmer_29072013.log
2013-07-29 13:24 - 2013-07-29 13:24 - 00377856 _____ C:\Users\Alexander Beisheim\Downloads\gmer_2.1.19163.exe
2013-07-29 13:20 - 2013-07-29 13:20 - 00045880 _____ C:\Users\Alexander Beisheim\Downloads\OTL.Txt
2013-07-29 13:20 - 2013-07-29 13:20 - 00032372 _____ C:\Users\Alexander Beisheim\Downloads\Extras.Txt
2013-07-29 13:14 - 2013-07-29 13:14 - 00602112 _____ (OldTimer Tools) C:\Users\Alexander Beisheim\Downloads\OTL.exe
2013-07-29 13:13 - 2013-07-29 13:13 - 00000498 _____ C:\Users\Alexander Beisheim\Downloads\defogger_disable.log
2013-07-29 13:13 - 2013-07-29 13:13 - 00000000 _____ C:\Users\Alexander Beisheim\defogger_reenable
2013-07-29 13:12 - 2013-07-29 13:12 - 00050477 _____ C:\Users\Alexander Beisheim\Downloads\Defogger.exe
2013-07-29 11:24 - 2013-07-29 11:24 - 00000000 ____D C:\Users\Alexander Beisheim\Qtrax
2013-07-29 11:20 - 2013-07-29 11:20 - 00003854 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-29 11:18 - 2013-08-05 11:08 - 00000414 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-07-29 11:18 - 2013-07-29 11:18 - 00718920 _____ C:\Users\Alexander Beisheim\Downloads\ZipOpenerSetup.exe
2013-07-29 11:18 - 2013-07-29 11:18 - 00003566 _____ C:\Windows\System32\Tasks\DealPly
2013-07-29 11:18 - 2013-07-29 11:18 - 00003292 _____ C:\Windows\System32\Tasks\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00003088 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-07-29 11:18 - 2013-07-29 11:18 - 00000324 _____ C:\Windows\Tasks\DigitalSite.job
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\Alexander Beisheim\AppData\Roaming\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Google
2013-07-29 10:51 - 2013-07-29 10:51 - 00000000 ____D C:\ProgramData\XoftSpySE
2013-07-29 10:50 - 2013-07-29 10:50 - 04322608 _____ (ParetoLogic Inc.) C:\Users\Alexander Beisheim\Downloads\XoftSpySE_Setup_RW.exe
2013-07-21 18:35 - 2013-07-21 18:36 - 00000000 ____D C:\Users\Alexander Beisheim\Desktop\Beachturnier_Giebelstadt_072013
2013-07-11 22:09 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 22:09 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 22:09 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 22:09 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 22:09 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 22:09 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 22:09 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 22:09 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 22:09 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 19:08 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 19:08 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 19:08 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 19:08 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 19:08 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 19:08 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 19:08 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-07 12:36 - 2013-08-03 08:58 - 00000330 _____ C:\Windows\Tasks\Ilmui.job
2013-07-07 12:36 - 2013-07-07 12:36 - 00471040 __RSH C:\Windows\SysWOW64\inetcommp.dll
2013-07-07 12:36 - 2013-07-07 12:36 - 00002610 _____ C:\Windows\System32\Tasks\Ilmui

==================== One Month Modified Files and Folders =======

2013-08-05 16:06 - 2013-08-01 18:31 - 00002740 _____ C:\Users\Alexander Beisheim\Downloads\FSS.txt
2013-08-05 16:04 - 2013-08-05 16:04 - 00005256 _____ C:\Users\Alexander Beisheim\Downloads\wscsvc.reg
2013-08-05 16:00 - 2013-05-30 11:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-05 16:00 - 2013-03-28 18:10 - 00000000 ____D C:\Windows\Panther
2013-08-05 15:59 - 2013-06-02 10:49 - 01662173 ____N C:\Windows\WindowsUpdate.log
2013-08-05 11:08 - 2013-07-29 11:18 - 00000414 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-08-05 10:16 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-05 09:30 - 2009-07-14 06:45 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-05 09:30 - 2009-07-14 06:45 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-03 09:03 - 2009-07-14 19:58 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-08-03 09:03 - 2009-07-14 19:58 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-08-03 09:03 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-03 09:01 - 2013-06-02 10:53 - 00000000 ____D C:\Users\Alexander Beisheim\AppData\Roaming\Spotify
2013-08-03 08:58 - 2013-07-07 12:36 - 00000330 _____ C:\Windows\Tasks\Ilmui.job
2013-08-03 08:58 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-01 18:31 - 2013-08-01 18:31 - 00357145 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FSS.exe
2013-07-31 15:05 - 2013-07-31 15:05 - 00891098 _____ C:\Users\Alexander Beisheim\Downloads\SecurityCheck.exe
2013-07-31 14:28 - 2013-07-31 14:28 - 02347384 _____ (ESET) C:\Users\Alexander Beisheim\Downloads\esetsmartinstaller_enu.exe
2013-07-30 16:03 - 2013-07-30 16:03 - 01781589 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64(1).exe
2013-07-30 15:33 - 2013-07-30 15:33 - 00562042 _____ (Oleg N. Scherbakov) C:\Users\Alexander Beisheim\Downloads\JRT.exe
2013-07-30 15:33 - 2013-07-30 15:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-30 15:30 - 2013-07-30 15:30 - 00004288 _____ C:\Users\Alexander Beisheim\Downloads\AdwCleaner[S1].txt
2013-07-30 15:28 - 2013-07-30 15:28 - 00004288 _____ C:\AdwCleaner[S1].txt
2013-07-30 15:27 - 2013-07-30 15:27 - 00666633 _____ C:\Users\Alexander Beisheim\Downloads\adwcleaner.exe
2013-07-29 19:41 - 2013-07-29 19:40 - 00012760 _____ C:\Users\Alexander Beisheim\Downloads\Addition.txt
2013-07-29 19:40 - 2013-07-29 19:40 - 01780549 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64.exe
2013-07-29 19:40 - 2013-07-29 19:40 - 00000000 ____D C:\FRST
2013-07-29 18:02 - 2013-07-29 18:02 - 00006952 _____ C:\Users\Alexander Beisheim\Downloads\gmer_29072013.log
2013-07-29 13:24 - 2013-07-29 13:24 - 00377856 _____ C:\Users\Alexander Beisheim\Downloads\gmer_2.1.19163.exe
2013-07-29 13:20 - 2013-07-29 13:20 - 00045880 _____ C:\Users\Alexander Beisheim\Downloads\OTL.Txt
2013-07-29 13:20 - 2013-07-29 13:20 - 00032372 _____ C:\Users\Alexander Beisheim\Downloads\Extras.Txt
2013-07-29 13:14 - 2013-07-29 13:14 - 00602112 _____ (OldTimer Tools) C:\Users\Alexander Beisheim\Downloads\OTL.exe
2013-07-29 13:13 - 2013-07-29 13:13 - 00000498 _____ C:\Users\Alexander Beisheim\Downloads\defogger_disable.log
2013-07-29 13:13 - 2013-07-29 13:13 - 00000000 _____ C:\Users\Alexander Beisheim\defogger_reenable
2013-07-29 13:13 - 2013-03-28 18:18 - 00000000 ____D C:\Users\Alexander Beisheim
2013-07-29 13:12 - 2013-07-29 13:12 - 00050477 _____ C:\Users\Alexander Beisheim\Downloads\Defogger.exe
2013-07-29 11:24 - 2013-07-29 11:24 - 00000000 ____D C:\Users\Alexander Beisheim\Qtrax
2013-07-29 11:20 - 2013-07-29 11:20 - 00003854 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-29 11:19 - 2013-07-03 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-29 11:18 - 2013-07-29 11:18 - 00718920 _____ C:\Users\Alexander Beisheim\Downloads\ZipOpenerSetup.exe
2013-07-29 11:18 - 2013-07-29 11:18 - 00003566 _____ C:\Windows\System32\Tasks\DealPly
2013-07-29 11:18 - 2013-07-29 11:18 - 00003292 _____ C:\Windows\System32\Tasks\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00003088 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-07-29 11:18 - 2013-07-29 11:18 - 00000324 _____ C:\Windows\Tasks\DigitalSite.job
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\Alexander Beisheim\AppData\Roaming\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Google
2013-07-29 10:51 - 2013-07-29 10:51 - 00000000 ____D C:\ProgramData\XoftSpySE
2013-07-29 10:50 - 2013-07-29 10:50 - 04322608 _____ (ParetoLogic Inc.) C:\Users\Alexander Beisheim\Downloads\XoftSpySE_Setup_RW.exe
2013-07-21 18:36 - 2013-07-21 18:35 - 00000000 ____D C:\Users\Alexander Beisheim\Desktop\Beachturnier_Giebelstadt_072013
2013-07-12 14:31 - 2009-07-14 06:45 - 00275856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 14:29 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 14:29 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 14:29 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 22:10 - 2013-05-27 20:22 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-11 19:26 - 2013-06-02 10:53 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Spotify
2013-07-07 12:36 - 2013-07-07 12:36 - 00471040 __RSH C:\Windows\SysWOW64\inetcommp.dll
2013-07-07 12:36 - 2013-07-07 12:36 - 00002610 _____ C:\Windows\System32\Tasks\Ilmui

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-03 09:40

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Problem ist leider immernoch unverändert!

Code:

ATTFilter

Farbar Service Scanner Version: 26-07-2013
Ran by Alexander Beisheim (administrator) on 05-08-2013 at 17:06:02
Running from "C:\Users\Alexander Beisheim\Downloads"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03 (ATTENTION: ====> FRST version is 6 days old and could be outdated)
Ran by Alexander Beisheim (administrator) on 05-08-2013 17:06:50
Running from C:\Users\Alexander Beisheim\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE
(Spotify Ltd) C:\Users\Alexander Beisheim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Spotify Ltd) C:\Users\Alexander Beisheim\AppData\Roaming\Spotify\spotify.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE [278112 2011-11-02] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [Spotify] - C:\Users\Alexander Beisheim\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-07-05] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Alexander Beisheim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-05] (Spotify Ltd)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [x]

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Alexander Beisheim\AppData\Roaming\Mozilla\Firefox\Profiles\oxmtsb7j.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\125.xpi

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files (x86)\LyriXeeker\125.crx

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-05-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-05-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-05-26] (Avira Operations GmbH & Co. KG)
R3 k57nd; C:\Windows\System32\DRIVERS\k57amd64.sys [333864 2013-05-26] (Broadcom Corporation)
R3 WsAudioDevice_383S(1); C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [29288 2013-01-08] (Wondershare)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-05 17:05 - 2013-08-05 17:05 - 00005256 _____ C:\Users\Alexander Beisheim\Downloads\wscsvc(1).reg
2013-08-05 16:04 - 2013-08-05 16:04 - 00005256 _____ C:\Users\Alexander Beisheim\Downloads\wscsvc.reg
2013-08-01 18:31 - 2013-08-05 17:06 - 00002695 _____ C:\Users\Alexander Beisheim\Downloads\FSS.txt
2013-08-01 18:31 - 2013-08-01 18:31 - 00357145 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FSS.exe
2013-07-31 15:05 - 2013-07-31 15:05 - 00891098 _____ C:\Users\Alexander Beisheim\Downloads\SecurityCheck.exe
2013-07-31 14:28 - 2013-07-31 14:28 - 02347384 _____ (ESET) C:\Users\Alexander Beisheim\Downloads\esetsmartinstaller_enu.exe
2013-07-30 16:03 - 2013-07-30 16:03 - 01781589 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64(1).exe
2013-07-30 15:33 - 2013-07-30 15:33 - 00562042 _____ (Oleg N. Scherbakov) C:\Users\Alexander Beisheim\Downloads\JRT.exe
2013-07-30 15:33 - 2013-07-30 15:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-30 15:30 - 2013-07-30 15:30 - 00004288 _____ C:\Users\Alexander Beisheim\Downloads\AdwCleaner[S1].txt
2013-07-30 15:28 - 2013-07-30 15:28 - 00004288 _____ C:\AdwCleaner[S1].txt
2013-07-30 15:27 - 2013-07-30 15:27 - 00666633 _____ C:\Users\Alexander Beisheim\Downloads\adwcleaner.exe
2013-07-29 19:40 - 2013-07-29 19:41 - 00012760 _____ C:\Users\Alexander Beisheim\Downloads\Addition.txt
2013-07-29 19:40 - 2013-07-29 19:40 - 01780549 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64.exe
2013-07-29 19:40 - 2013-07-29 19:40 - 00000000 ____D C:\FRST
2013-07-29 18:02 - 2013-07-29 18:02 - 00006952 _____ C:\Users\Alexander Beisheim\Downloads\gmer_29072013.log
2013-07-29 13:24 - 2013-07-29 13:24 - 00377856 _____ C:\Users\Alexander Beisheim\Downloads\gmer_2.1.19163.exe
2013-07-29 13:20 - 2013-07-29 13:20 - 00045880 _____ C:\Users\Alexander Beisheim\Downloads\OTL.Txt
2013-07-29 13:20 - 2013-07-29 13:20 - 00032372 _____ C:\Users\Alexander Beisheim\Downloads\Extras.Txt
2013-07-29 13:14 - 2013-07-29 13:14 - 00602112 _____ (OldTimer Tools) C:\Users\Alexander Beisheim\Downloads\OTL.exe
2013-07-29 13:13 - 2013-07-29 13:13 - 00000498 _____ C:\Users\Alexander Beisheim\Downloads\defogger_disable.log
2013-07-29 13:13 - 2013-07-29 13:13 - 00000000 _____ C:\Users\Alexander Beisheim\defogger_reenable
2013-07-29 13:12 - 2013-07-29 13:12 - 00050477 _____ C:\Users\Alexander Beisheim\Downloads\Defogger.exe
2013-07-29 11:24 - 2013-07-29 11:24 - 00000000 ____D C:\Users\Alexander Beisheim\Qtrax
2013-07-29 11:20 - 2013-07-29 11:20 - 00003854 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-29 11:18 - 2013-08-05 11:08 - 00000414 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-07-29 11:18 - 2013-07-29 11:18 - 00718920 _____ C:\Users\Alexander Beisheim\Downloads\ZipOpenerSetup.exe
2013-07-29 11:18 - 2013-07-29 11:18 - 00003566 _____ C:\Windows\System32\Tasks\DealPly
2013-07-29 11:18 - 2013-07-29 11:18 - 00003292 _____ C:\Windows\System32\Tasks\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00003088 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-07-29 11:18 - 2013-07-29 11:18 - 00000324 _____ C:\Windows\Tasks\DigitalSite.job
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\Alexander Beisheim\AppData\Roaming\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Google
2013-07-29 10:51 - 2013-07-29 10:51 - 00000000 ____D C:\ProgramData\XoftSpySE
2013-07-29 10:50 - 2013-07-29 10:50 - 04322608 _____ (ParetoLogic Inc.) C:\Users\Alexander Beisheim\Downloads\XoftSpySE_Setup_RW.exe
2013-07-21 18:35 - 2013-07-21 18:36 - 00000000 ____D C:\Users\Alexander Beisheim\Desktop\Beachturnier_Giebelstadt_072013
2013-07-11 22:09 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 22:09 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 22:09 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 22:09 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 22:09 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 22:09 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 22:09 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 22:09 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 22:09 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 22:09 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 22:09 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 22:09 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 19:08 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 19:08 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 19:08 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 19:08 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 19:08 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 19:08 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 19:08 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-07 12:36 - 2013-08-03 08:58 - 00000330 _____ C:\Windows\Tasks\Ilmui.job
2013-07-07 12:36 - 2013-07-07 12:36 - 00471040 __RSH C:\Windows\SysWOW64\inetcommp.dll
2013-07-07 12:36 - 2013-07-07 12:36 - 00002610 _____ C:\Windows\System32\Tasks\Ilmui

==================== One Month Modified Files and Folders =======

2013-08-05 17:06 - 2013-08-01 18:31 - 00002695 _____ C:\Users\Alexander Beisheim\Downloads\FSS.txt
2013-08-05 17:05 - 2013-08-05 17:05 - 00005256 _____ C:\Users\Alexander Beisheim\Downloads\wscsvc(1).reg
2013-08-05 17:00 - 2013-05-30 11:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-05 16:53 - 2013-06-02 10:53 - 00000000 ____D C:\Users\Alexander Beisheim\AppData\Roaming\Spotify
2013-08-05 16:14 - 2013-06-02 10:53 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Spotify
2013-08-05 16:04 - 2013-08-05 16:04 - 00005256 _____ C:\Users\Alexander Beisheim\Downloads\wscsvc.reg
2013-08-05 16:00 - 2013-03-28 18:10 - 00000000 ____D C:\Windows\Panther
2013-08-05 15:59 - 2013-06-02 10:49 - 01666991 _____ C:\Windows\WindowsUpdate.log
2013-08-05 11:08 - 2013-07-29 11:18 - 00000414 _____ C:\Windows\Tasks\LyricXeeker Update.job
2013-08-05 10:16 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-05 09:30 - 2009-07-14 06:45 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-05 09:30 - 2009-07-14 06:45 - 00014592 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-03 09:03 - 2009-07-14 19:58 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-08-03 09:03 - 2009-07-14 19:58 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-08-03 09:03 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-03 08:58 - 2013-07-07 12:36 - 00000330 _____ C:\Windows\Tasks\Ilmui.job
2013-08-03 08:58 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-01 18:31 - 2013-08-01 18:31 - 00357145 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FSS.exe
2013-07-31 15:05 - 2013-07-31 15:05 - 00891098 _____ C:\Users\Alexander Beisheim\Downloads\SecurityCheck.exe
2013-07-31 14:28 - 2013-07-31 14:28 - 02347384 _____ (ESET) C:\Users\Alexander Beisheim\Downloads\esetsmartinstaller_enu.exe
2013-07-30 16:03 - 2013-07-30 16:03 - 01781589 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64(1).exe
2013-07-30 15:33 - 2013-07-30 15:33 - 00562042 _____ (Oleg N. Scherbakov) C:\Users\Alexander Beisheim\Downloads\JRT.exe
2013-07-30 15:33 - 2013-07-30 15:33 - 00000000 ____D C:\Windows\ERUNT
2013-07-30 15:30 - 2013-07-30 15:30 - 00004288 _____ C:\Users\Alexander Beisheim\Downloads\AdwCleaner[S1].txt
2013-07-30 15:28 - 2013-07-30 15:28 - 00004288 _____ C:\AdwCleaner[S1].txt
2013-07-30 15:27 - 2013-07-30 15:27 - 00666633 _____ C:\Users\Alexander Beisheim\Downloads\adwcleaner.exe
2013-07-29 19:41 - 2013-07-29 19:40 - 00012760 _____ C:\Users\Alexander Beisheim\Downloads\Addition.txt
2013-07-29 19:40 - 2013-07-29 19:40 - 01780549 _____ (Farbar) C:\Users\Alexander Beisheim\Downloads\FRST64.exe
2013-07-29 19:40 - 2013-07-29 19:40 - 00000000 ____D C:\FRST
2013-07-29 18:02 - 2013-07-29 18:02 - 00006952 _____ C:\Users\Alexander Beisheim\Downloads\gmer_29072013.log
2013-07-29 13:24 - 2013-07-29 13:24 - 00377856 _____ C:\Users\Alexander Beisheim\Downloads\gmer_2.1.19163.exe
2013-07-29 13:20 - 2013-07-29 13:20 - 00045880 _____ C:\Users\Alexander Beisheim\Downloads\OTL.Txt
2013-07-29 13:20 - 2013-07-29 13:20 - 00032372 _____ C:\Users\Alexander Beisheim\Downloads\Extras.Txt
2013-07-29 13:14 - 2013-07-29 13:14 - 00602112 _____ (OldTimer Tools) C:\Users\Alexander Beisheim\Downloads\OTL.exe
2013-07-29 13:13 - 2013-07-29 13:13 - 00000498 _____ C:\Users\Alexander Beisheim\Downloads\defogger_disable.log
2013-07-29 13:13 - 2013-07-29 13:13 - 00000000 _____ C:\Users\Alexander Beisheim\defogger_reenable
2013-07-29 13:13 - 2013-03-28 18:18 - 00000000 ____D C:\Users\Alexander Beisheim
2013-07-29 13:12 - 2013-07-29 13:12 - 00050477 _____ C:\Users\Alexander Beisheim\Downloads\Defogger.exe
2013-07-29 11:24 - 2013-07-29 11:24 - 00000000 ____D C:\Users\Alexander Beisheim\Qtrax
2013-07-29 11:20 - 2013-07-29 11:20 - 00003854 _____ C:\Windows\System32\Tasks\QtraxPlayer
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-29 11:19 - 2013-07-29 11:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-29 11:19 - 2013-07-03 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-29 11:18 - 2013-07-29 11:18 - 00718920 _____ C:\Users\Alexander Beisheim\Downloads\ZipOpenerSetup.exe
2013-07-29 11:18 - 2013-07-29 11:18 - 00003566 _____ C:\Windows\System32\Tasks\DealPly
2013-07-29 11:18 - 2013-07-29 11:18 - 00003292 _____ C:\Windows\System32\Tasks\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00003088 _____ C:\Windows\System32\Tasks\LyricXeeker Update
2013-07-29 11:18 - 2013-07-29 11:18 - 00000324 _____ C:\Windows\Tasks\DigitalSite.job
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\Alexander Beisheim\AppData\Roaming\DigitalSite
2013-07-29 11:18 - 2013-07-29 11:18 - 00000000 ____D C:\Users\ALEXAN~1\AppData\Local\Google
2013-07-29 10:51 - 2013-07-29 10:51 - 00000000 ____D C:\ProgramData\XoftSpySE
2013-07-29 10:50 - 2013-07-29 10:50 - 04322608 _____ (ParetoLogic Inc.) C:\Users\Alexander Beisheim\Downloads\XoftSpySE_Setup_RW.exe
2013-07-21 18:36 - 2013-07-21 18:35 - 00000000 ____D C:\Users\Alexander Beisheim\Desktop\Beachturnier_Giebelstadt_072013
2013-07-12 14:31 - 2009-07-14 06:45 - 00275856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-12 14:29 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-12 14:29 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 14:29 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 22:10 - 2013-05-27 20:22 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-07 12:36 - 2013-07-07 12:36 - 00471040 __RSH C:\Windows\SysWOW64\inetcommp.dll
2013-07-07 12:36 - 2013-07-07 12:36 - 00002610 _____ C:\Windows\System32\Tasks\Ilmui

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-03 09:40

==================== End Of Log ============================

--- --- ---

--- --- ---

Leider habe ich immernoch das gleiche Problem, hat sich bisher nichts geändert :-(

schrauber · 06.08.2013, 15:49

Downloade dir bitte Windows Repair (All In One) von hier.

Installiere das Programm. Starte es, nachdem die Installation abgeschlossen wurde.
Klicke auf Step 2 und drücke unter Check Disk auf Do It.
Wenn der Vorgang abgeschlossen ist, klicke auf Step 3 und drücke unter System File Check auf Do It.
Nachdem der Vorgang abgeschlossen ist, klicke auf Start Repairs, wähle den Advanced Mode und drücke Start.
Gehe bitte sicher, dass die Kästchen wie unten zu sehen angehakt sind. Bitte hake zusätzlich noch Set Windows Services to Default Startup an.
Hake Restart System when Finished an.
Drücke Start.

dann nochmal ein frisches FRST log bitte.

Internetbrowser verzweigt immer auf ihavenet

Plagegeister aller Art und deren Bekämpfung: Internetbrowser verzweigt immer auf ihavenet