| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Pop Up in Firefox, http://rou.resyncload.net, Trojaner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.07.2013, 12:30
| #1 |
| |  Pop Up in Firefox, http://rou.resyncload.net, Trojaner? Hallo, seit gestern bekomme ich beim Surfen häufiger das Pop-Up "hxxp://rou.resyncload.net/sd/wrap-0.01.html?u=http%3A%2F%2Frou.resyncload.net%2Fsd%2Fapps%2Fyb1024.html" in meinem Firefox Browser. Hab nen Viren Scanner über meinen Rechner laufen lassen, der hat auch was gefunden. Leider besteht das Problem weiterhin. Kann mir dabei jemand weiterhelfen? Grüße |
|
24.07.2013, 12:48
| #2 | |
| /// TB-Ausbilder   | Pop Up in Firefox, http://rou.resyncload.net, Trojaner? Hallo,
__________________Zitat:
Zusätzlich: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
25.07.2013, 09:13
| #3 |
| | Pop Up in Firefox, http://rou.resyncload.net, Trojaner? Hej,
__________________hier der Log vom Antivirus, hoffe das ist der richtige: Code:
ATTFilter Log
Version der Signaturdatenbank: 8144 (20130321)
Datum: 24.07.2013 Uhrzeit: 10:58:55
Geprüfte Laufwerke, Ordner und Dateien: Arbeitsspeicher;C:\Bootsektor;D:\Bootsektor;C:\;D:\
Bootsektor von Laufwerk C: - Fehler beim Öffnen [4]
Bootsektor von Laufwerk D: - Fehler beim Öffnen [4]
C:\hiberfil.sys - Fehler beim Öffnen [4]
C:\pagefile.sys - Fehler beim Öffnen [4]
C:\$Recycle.Bin\S-1-5-21-865626263-3618072766-3713962884-1000\$IEYHVZX.zip = ZIP = - Archiv beschädigt
C:\$Recycle.Bin\S-1-5-21-865626263-3618072766-3713962884-1000\$IF1OZJ0.zip = ZIP = - Archiv beschädigt
C:\$Recycle.Bin\S-1-5-21-865626263-3618072766-3713962884-1000\$II4IQNE.zip = ZIP = - Archiv beschädigt
C:\Program Files (x86)\Steam\config\overlayhtmlcache\f_00002e = GZIP = f_00002e - Archiv beschädigt
C:\ProgramData\Microsoft\Crypto\Keys\9f4183ccc34b2b40f58434babf2ca23f_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\05cb0e332207dd3a76609266fd61cc09_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2f054f0a1cf211b067dd36e3ca6fafd8_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\341660daf80250451e4cf3e66e645a86_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5441110d2c7cf8ba50a226803ec37fff_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\795f731fe4c11806f624f560747632c7_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9241596154d32769111b6abe6dfce722_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bc418300bf467c1bb6e9c60d182618a1_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c1ea39579117946596a13778a017cba4_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c92a2f35d801060e33f623fcab7bc29f_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d85c128a316d92040e1baf82eec75441_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ddf00368d3de68e46c8e3e1b01dc1dc9_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f2da4c5c60b3fdeac7d4e931d3ed13d4_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\Users\All Users\Microsoft\Crypto\Keys\9f4183ccc34b2b40f58434babf2ca23f_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\05cb0e332207dd3a76609266fd61cc09_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\2f054f0a1cf211b067dd36e3ca6fafd8_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\341660daf80250451e4cf3e66e645a86_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\5441110d2c7cf8ba50a226803ec37fff_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\795f731fe4c11806f624f560747632c7_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\9241596154d32769111b6abe6dfce722_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\bc418300bf467c1bb6e9c60d182618a1_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c1ea39579117946596a13778a017cba4_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\c92a2f35d801060e33f623fcab7bc29f_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\d85c128a316d92040e1baf82eec75441_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\ddf00368d3de68e46c8e3e1b01dc1dc9_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f2da4c5c60b3fdeac7d4e931d3ed13d4_2a12c895-0ccb-49f6-95bc-0d726fcd98ef - Fehler beim Öffnen [4]
C:\Users\Arne\NTUSER.DAT - Fehler beim Öffnen [4]
C:\Users\Arne\ntuser.dat.LOG1 - Fehler beim Öffnen [4]
C:\Users\Arne\ntuser.dat.LOG2 - Fehler beim Öffnen [4]
C:\Users\Arne\AppData\Local\Microsoft\Windows\UsrClass.dat - Fehler beim Öffnen [4]
C:\Users\Arne\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - Fehler beim Öffnen [4]
C:\Users\Arne\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - Fehler beim Öffnen [4]
C:\Users\Arne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3P07SUU0\LyricsWoofer_1060-2021_v116[1] = NSIS = 116.dll - - OK
C:\Users\Arne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3P07SUU0\LyricsWoofer_1060-2021_v116[1] = NSIS = LyricsWooferUPD.exe - Variante von Win32/Adware.AddLyrics.I Anwendung
C:\Users\Arne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSP4OHB8\LyricsWoofer_1060-2021_v122[1] = NSIS = 122.dll - - OK
C:\Users\Arne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSP4OHB8\LyricsWoofer_1060-2021_v122[1] = NSIS = LyricsWooferUPD.exe - Variante von Win32/Adware.AddLyrics.I Anwendung
C:\Users\Arne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSP4OHB8\LyricsWoofer_1060-2021_v122[2] = NSIS = LyricsWooferUPD.exe - - OK
C:\Users\Arne\AppData\Local\Microsoft\Windows\WebCache\V01.log - Fehler beim Öffnen [4]
C:\Users\Arne\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat - Fehler beim Öffnen [4]
C:\Users\Arne\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp - Fehler beim Öffnen [4]
C:\Users\Arne\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe = CAB = aucheck - Archiv beschädigt - Datei kann nicht extrahiert werden
C:\Users\Arne\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe = CAB = jaureg - Archiv beschädigt - Datei kann nicht extrahiert werden
C:\Users\Arne\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe = CAB = jucheck - Archiv beschädigt - Datei kann nicht extrahiert werden
C:\Users\Arne\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe = CAB = jusched - Archiv beschädigt - Datei kann nicht extrahiert werden
C:\Users\Arne\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe = CAB = task.xml - Archiv beschädigt - Datei kann nicht extrahiert werden
C:\Users\Arne\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe = CAB = task64.xml - Archiv beschädigt - Datei kann nicht extrahiert werden
C:\Users\Arne\AppData\Local\Temp\lfw.exe = NSIS = LyricsWooferUPD.exe - - OK
C:\Users\Arne\AppData\Local\Temp\LrcFUpdate.exe = NSIS = 116.dll - - OK
C:\Users\Arne\AppData\Local\Temp\LrcFUpdate.exe = NSIS = LyricsWooferUPD.exe - Variante von Win32/Adware.AddLyrics.I Anwendung
C:\Users\Arne\AppData\Local\Temp\is1070216317\LyricsFan_1060-2021.exe = NSIS = LyricsFanUpdater.exe - Variante von Win32/Adware.AddLyrics.I Anwendung
C:\Users\Arne\AppData\Local\Temp\is1070216317\yontoo-C4.exe = TIZ3ARCH = Archive\_Setup.dll - Variante von Win32/Adware.Yontoo.B Anwendung
C:\Users\Arne\AppData\Local\Temp\is1070216317\yontoo-C4.exe = TIZ3ARCH = Target System\Temp\053F31B8\YontooSetup.exe = TIZ3ARCH = Archive\_Setup.dll - Variante von Win32/Adware.Yontoo.B Anwendung
C:\Users\Arne\AppData\Local\Temp\is1070216317\yontoo-C4.exe = TIZ3ARCH = Target System\Temp\053F31B8\YontooSetup.exe = TIZ3ARCH = Target System\Temp\05E13681\YontooLayers.crx = ZIP = yl.js - JS/Adware.Yontoo.A Anwendung
C:\Users\Arne\AppData\Local\Temp\is1070216317\yontoo-C4.exe = TIZ3ARCH = Target System\Temp\053F31B8\YontooSetup.exe = TIZ3ARCH = Target System\Temp\05E13681\YontooLayers_1_0_2.crx = ZIP = background.html - JS/Adware.Yontoo.A Anwendung
C:\Users\Arne\AppData\Local\Temp\is1070216317\yontoo-C4.exe = TIZ3ARCH = Target System\Temp\053F31B8\YontooSetup.exe = TIZ3ARCH = Target System\Temp\05E13681\YontooLayers_1_0_2.crx = ZIP = yl.js - JS/Adware.Yontoo.A Anwendung
C:\Users\Arne\AppData\Local\Temp\is1070216317\yontoo-C4.exe = TIZ3ARCH = Target System\Temp\053F31B8\YontooSetup.exe = TIZ3ARCH = Target System\Temp\05E13681\YontooFFClient.xpi = ZIP = content/overlay.js - Win32/Adware.Yontoo Anwendung
C:\Users\Arne\AppData\Local\Temp\is1070216317\yontoo-C4.exe = TIZ3ARCH = Target System\Temp\053F31B8\YontooSetup.exe = TIZ3ARCH = Target System\Temp\05E13681\YontooIEClient.dll - Variante von Win32/Adware.Yontoo.A Anwendung
C:\Users\Arne\AppData\Roaming\Apple Computer\MobileSync\Backup\3687de2b46d3aae0258cca1fd32305223270b913\2109430f9a8127a64470b2cdb0ee6d6268884ca9 = MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Users\Arne\AppData\Roaming\Apple Computer\MobileSync\Backup\3687de2b46d3aae0258cca1fd32305223270b913\72c7b8196eb9fe4f3f566bcae11e688fdd56093b = MIME - - OK (eingebettete Archive NICHT geprüft)
C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\b4rb86t6.default\parent.lock - Fehler beim Öffnen [4]
C:\Users\Arne\AppData\Roaming\Skype\arnomator\bistats.lock - Fehler beim Öffnen [4]
C:\Users\Arne\AppData\Roaming\Skype\arnomator\keyval.lock - Fehler beim Öffnen [4]
C:\Users\Arne\AppData\Roaming\Skype\arnomator\main.lock - Fehler beim Öffnen [4]
C:\Users\Arne\AppData\Roaming\Skype\arnomator\msn.lock - Fehler beim Öffnen [4]
C:\Users\Arne\AppData\Roaming\Skype\shared_dynco\dc.lock - Fehler beim Öffnen [4]
C:\Users\Arne\AppData\Roaming\Skype\shared_httpfe\queue.lock - Fehler beim Öffnen [4]
C:\Users\Arne\AppData\Roaming\Thunderbird\Profiles\9fqo80s6.default\parent.lock - Fehler beim Öffnen [4]
C:\Users\Arne\AppData\Roaming\Thunderbird\Profiles\9fqo80s6.default\ImapMail\imap.gmx.net\INBOX = MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Users\Arne\AppData\Roaming\Thunderbird\Profiles\9fqo80s6.default\ImapMail\imap.gmx.net\Sent-1 = MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Users\Arne\AppData\Roaming\Thunderbird\Profiles\9fqo80s6.default\ImapMail\imap.gmx.net\Trash = MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Users\Arne\AppData\Roaming\Thunderbird\Profiles\9fqo80s6.default\ImapMail\posteo.de\Drafts-1 = MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Users\Arne\AppData\Roaming\Thunderbird\Profiles\9fqo80s6.default\ImapMail\posteo.de\INBOX = MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Users\Arne\AppData\Roaming\Thunderbird\Profiles\9fqo80s6.default\ImapMail\posteo.de\reisen = MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Users\Arne\AppData\Roaming\Thunderbird\Profiles\9fqo80s6.default\ImapMail\posteo.de\Sent-1 = MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Users\Arne\AppData\Roaming\Thunderbird\Profiles\9fqo80s6.default\ImapMail\posteo.de\to do = MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Users\Arne\AppData\Roaming\Thunderbird\Profiles\9fqo80s6.default\ImapMail\posteo.de\Trash = MBOX - - OK (eingebettete Archive NICHT geprüft)
C:\Windows\Logs\CBS\CBS.log - Fehler beim Öffnen [4]
C:\Windows\Logs\DPX\setupact.log - Fehler beim Öffnen [4]
C:\Windows\Logs\DPX\setuperr.log - Fehler beim Öffnen [4]
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config - Fehler beim Öffnen [4]
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config - Fehler beim Öffnen [4]
C:\Windows\Panther\UnattendGC\diagerr.xml - Fehler beim Öffnen [4]
C:\Windows\Panther\UnattendGC\diagwrn.xml - Fehler beim Öffnen [4]
C:\Windows\Panther\UnattendGC\setupact.log - Fehler beim Öffnen [4]
C:\Windows\Panther\UnattendGC\setuperr.log - Fehler beim Öffnen [4]
C:\Windows\PLA\System\System Diagnostics.xml - Fehler beim Öffnen [4]
C:\Windows\PLA\System\System Performance.xml - Fehler beim Öffnen [4]
C:\Windows\security\database\secedit.sdb - Fehler beim Öffnen [4]
C:\Windows\System32\catroot2\edb.log - Fehler beim Öffnen [4]
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - Fehler beim Öffnen [4]
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - Fehler beim Öffnen [4]
C:\Windows\Tasks\Adobe Flash Player Updater.job - Fehler beim Öffnen [4]
C:\Windows\Tasks\LyricsWoofer Update.job - Fehler beim Öffnen [4]
C:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.1.7601.17514_none_2f54961b4c9f4194\dnary.xsd - Fehler beim Öffnen [4]
Geprüfte Objekte: 428059
Erkannte Bedrohungen: 11
Anzahl gesäuberter Objekte: 11
Abgeschlossen: 12:07:37 Benötigte Zeit: 4122 Sek. (01:08:42)
Hinweise:
[1] Objekt wurde gelöscht. Es enthielt ausschließlich Viruscode.
[4] Objekt kann nicht geöffnet werden. Möglicherweise in Benutzung durch eine andere Anwendung oder das Betriebssystem.
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2013
Ran by Arne (administrator) on 25-07-2013 10:11:42
Running from C:\Users\Arne\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
() C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-21] (ESET)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1672616 2013-07-10] (Valve Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {5242ff13-a5fc-11e2-b5d6-001377fea26b} - IomegaEncryptionSetup v1.3.exe
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll [2521040 2013-05-23] ()
Startup: C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss_sps&mntrId=C8B90025568848ED&affID=119357&tt=040713_ifrmful&tsp=4935
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?babsrc=HP_ss_sps&mntrId=C8B90025568848ED&affID=119357&tt=040713_ifrmful&tsp=4935
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.yhs.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=C8B90025568848ED&affID=119357&tt=040713_ifrmful&tsp=4935
BHO-x32: LyricsWoofer - {544F52A2-4D6D-428B-A2DF-FB1EE3F0A263} - C:\Program Files (x86)\LyricsWoofer\125.dll (Lyrics Woofer LTD)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.10.156.1 134.76.63.248 134.76.62.252 8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\b4rb86t6.default
FF user.js: detected! => C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\b4rb86t6.default\user.js
FF NewTab: user_pref("browser.newtab.url", "");
FF Homepage: hxxp://taz.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\b4rb86t6.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\b4rb86t6.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\b4rb86t6.default\searchplugins\ecosia.xml
FF Extension: No Name - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\b4rb86t6.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\b4rb86t6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\b4rb86t6.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [lwoofer@lyricswoofer.co] C:\Program Files (x86)\LyricsWoofer\125.xpi
FF Extension: No Name - C:\Program Files (x86)\LyricsWoofer\125.xpi
==================== Services (Whitelisted) =================
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2827728 2013-05-23] ()
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET)
==================== Drivers (Whitelisted) ====================
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-25 10:11 - 2013-07-25 10:11 - 00000000 ____D C:\FRST
2013-07-25 10:06 - 2013-07-25 10:06 - 01779761 _____ (Farbar) C:\Users\Arne\Desktop\FRST64.exe
2013-07-24 13:43 - 2013-07-24 13:43 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-24 13:43 - 2013-07-24 13:43 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-24 11:18 - 2013-07-24 11:18 - 00000000 ____D C:\Users\Arne\AppData\Local\ESET
2013-07-24 10:57 - 2013-07-24 10:57 - 00000000 ____D C:\Program Files (x86)\LyricsWoofer
2013-07-24 01:26 - 2013-07-24 01:26 - 00000000 ____D C:\ProgramData\ESET
2013-07-24 01:26 - 2013-07-24 01:26 - 00000000 ____D C:\Program Files\ESET
2013-07-24 01:20 - 2013-07-24 01:20 - 01415824 _____ (ESET) C:\Users\Arne\Desktop\eset_nod32_antivirus_live_installer.exe
2013-07-22 18:15 - 2013-07-22 18:15 - 00000000 ____D C:\Users\Arne\Desktop\sookee
2013-07-22 18:14 - 2013-07-22 18:14 - 32047700 _____ C:\Users\Arne\Desktop\sookee & majusBeats - PAROLE BRÜCKENBAU EP.zip
2013-07-16 12:15 - 2013-07-23 10:41 - 00048128 _____ C:\Users\Arne\Desktop\Kalkulation [Tanzpäda] [13.07].xls
2013-07-16 11:35 - 2013-07-18 12:20 - 00099356 _____ C:\Users\Arne\Desktop\Honorarvertrag.odt
2013-07-15 15:46 - 2013-07-15 15:46 - 00010708 _____ C:\Users\Arne\Desktop\formloser Mustervertrag.odt
2013-07-15 00:44 - 2013-07-15 00:44 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 12:49 - 2013-07-13 12:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2013-07-11 07:26 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 07:26 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 07:26 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 07:26 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 07:26 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 07:26 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 07:26 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 07:26 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 07:26 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 07:26 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 07:26 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 07:26 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 07:26 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 07:26 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 07:26 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 07:26 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 07:26 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 07:26 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 07:26 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 07:26 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 07:25 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 07:25 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 07:25 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 07:25 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 07:25 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 07:25 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 07:25 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 07:25 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 07:25 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 07:25 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 07:25 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 23:10 - 2013-07-10 23:10 - 00161457 _____ C:\Users\Arne\Desktop\mediavistik 3.jpeg
2013-07-10 23:10 - 2013-07-10 23:10 - 00160951 _____ C:\Users\Arne\Desktop\mediavistik 1.jpeg
2013-07-10 23:10 - 2013-07-10 23:10 - 00150712 _____ C:\Users\Arne\Desktop\mediavistik 2.jpeg
2013-07-10 14:20 - 2013-07-10 14:21 - 33578320 _____ (Dropbox, Inc.) C:\Users\Arne\Desktop\Dropbox 2.2.8.exe
2013-07-10 11:37 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 11:37 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 11:37 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 11:37 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 11:37 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 11:37 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 11:37 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 10:27 - 2013-07-09 10:27 - 05045566 _____ C:\Users\Arne\Desktop\Prezident - Menschenpyramiden (prod. v. Epic Infantry).M4A
2013-07-09 09:47 - 2013-07-11 20:19 - 00000000 ____D C:\Users\Arne\Desktop\tanzpäda
2013-07-08 17:17 - 2013-07-08 17:17 - 00000000 ____D C:\Users\Arne\Desktop\verschlüsseln
2013-07-07 21:56 - 2012-07-01 15:13 - 00000000 ____D C:\Users\Arne\Desktop\Jintanino - Vom Mittelmass Der Dinge - 2005
2013-07-07 21:09 - 2013-07-07 21:38 - 68852307 _____ C:\Users\Arne\Desktop\J-VMDD-05.rar
2013-07-07 00:07 - 2009-03-28 19:05 - 00022475 _____ C:\Users\Arne\Downloads\00-huss_und_hodn-der_stoff_aus_dem_die_regenschirme_sind-de-2009-noir.nfo
2013-07-07 00:07 - 2009-03-28 19:05 - 00001129 _____ C:\Users\Arne\Downloads\00-huss_und_hodn-der_stoff_aus_dem_die_regenschirme_sind-de-2009-noir.sfv
2013-07-07 00:07 - 2009-03-28 19:05 - 00000919 _____ C:\Users\Arne\Downloads\00-huss_und_hodn-der_stoff_aus_dem_die_regenschirme_sind-de-2009-noir.m3u
2013-07-07 00:03 - 2013-07-07 00:07 - 54958302 _____ C:\Users\Arne\Downloads\Huss_und_Hodn-Der_Stoff_Aus_Dem_Die_Regenschirme_Sind-DE-2009-NOiR.rar
2013-07-06 23:12 - 2013-07-06 23:16 - 58850577 _____ C:\Users\Arne\Downloads\Huss und Hodn - Unprofessionelle Musik DE 2005 NOiR.rar
2013-07-06 23:08 - 2013-07-06 23:08 - 00003390 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-06 23:08 - 2013-07-06 23:08 - 00000000 ____D C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-07-06 23:08 - 2013-07-06 23:08 - 00000000 ____D C:\Users\Arne\AppData\Roaming\BabSolution
2013-07-06 23:08 - 2013-07-06 23:08 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-06 23:08 - 2013-07-06 23:08 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-06 23:07 - 2013-07-25 09:38 - 00000402 _____ C:\Windows\Tasks\LyricsWoofer Update.job
2013-07-06 23:07 - 2013-07-06 23:07 - 00003048 _____ C:\Windows\System32\Tasks\LyricsWoofer Update
2013-07-06 23:07 - 2013-07-06 23:07 - 00000000 ____D C:\Program Files (x86)\LyricsFan
2013-07-06 23:06 - 2013-07-06 23:06 - 00077236 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\Arne\Desktop\jDownloaderWebInstaller09581.exe
2013-07-03 10:58 - 2013-07-06 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 16:48 - 2013-07-05 11:58 - 00000000 ____D C:\Users\Arne\AppData\Roaming\Apple Computer
2013-07-02 16:48 - 2013-07-02 16:48 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-07-02 16:48 - 2013-07-02 16:48 - 00000000 ____D C:\Users\Arne\AppData\Local\Apple Computer
2013-07-02 16:48 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-07-02 16:47 - 2013-07-02 16:48 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-02 16:47 - 2013-07-02 16:48 - 00000000 ____D C:\Program Files\iTunes
2013-07-02 16:47 - 2013-07-02 16:48 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-02 16:47 - 2013-07-02 16:47 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-02 16:47 - 2013-07-02 16:47 - 00000000 ____D C:\Program Files\iPod
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Users\Arne\AppData\Local\Apple
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\ProgramData\Apple
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Program Files\Bonjour
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-02 15:43 - 2013-07-04 09:13 - 00000000 ____D C:\Users\Arne\Desktop\Johny Tänzer
2013-07-02 15:33 - 2013-07-02 15:34 - 00000000 ____D C:\Users\Arne\Desktop\Audio88
2013-07-02 10:46 - 2013-07-11 21:39 - 00000000 ____D C:\Users\Arne\Desktop\Lea Won
2013-07-02 10:46 - 2013-07-02 10:46 - 00000000 ____D C:\Users\Arne\Desktop\Raumheld
2013-07-02 10:44 - 2013-07-02 10:45 - 90917712 _____ (Apple Inc.) C:\Users\Arne\Desktop\iTunes64Setup.exe
2013-06-29 18:31 - 2013-07-06 23:29 - 00000000 ____D C:\Users\Arne\Desktop\Huss & Hodn
2013-06-26 10:46 - 2013-06-26 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
2013-07-25 10:11 - 2013-07-25 10:11 - 00000000 ____D C:\FRST
2013-07-25 10:06 - 2013-07-25 10:06 - 01779761 _____ (Farbar) C:\Users\Arne\Desktop\FRST64.exe
2013-07-25 09:58 - 2013-04-15 23:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-25 09:46 - 2009-07-14 06:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-25 09:46 - 2009-07-14 06:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-25 09:42 - 2013-04-15 20:41 - 01999143 _____ C:\Windows\WindowsUpdate.log
2013-07-25 09:40 - 2013-04-30 01:39 - 00000000 ___RD C:\Users\Arne\Dropbox
2013-07-25 09:40 - 2013-04-29 22:03 - 00000000 ____D C:\Users\Arne\AppData\Roaming\Dropbox
2013-07-25 09:39 - 2013-04-15 23:13 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-25 09:38 - 2013-07-06 23:07 - 00000402 _____ C:\Windows\Tasks\LyricsWoofer Update.job
2013-07-25 09:38 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-25 09:38 - 2009-07-14 06:51 - 00035268 _____ C:\Windows\setupact.log
2013-07-24 18:54 - 2013-04-15 23:46 - 00000000 ____D C:\Users\Arne\AppData\Roaming\Skype
2013-07-24 13:43 - 2013-07-24 13:43 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-24 13:43 - 2013-07-24 13:43 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-24 13:04 - 2010-11-21 05:47 - 00007834 _____ C:\Windows\PFRO.log
2013-07-24 11:52 - 2013-04-21 14:24 - 00000000 ____D C:\Users\Arne\AppData\Roaming\vlc
2013-07-24 11:18 - 2013-07-24 11:18 - 00000000 ____D C:\Users\Arne\AppData\Local\ESET
2013-07-24 10:57 - 2013-07-24 10:57 - 00000000 ____D C:\Program Files (x86)\LyricsWoofer
2013-07-24 01:26 - 2013-07-24 01:26 - 00000000 ____D C:\ProgramData\ESET
2013-07-24 01:26 - 2013-07-24 01:26 - 00000000 ____D C:\Program Files\ESET
2013-07-24 01:20 - 2013-07-24 01:20 - 01415824 _____ (ESET) C:\Users\Arne\Desktop\eset_nod32_antivirus_live_installer.exe
2013-07-23 10:41 - 2013-07-16 12:15 - 00048128 _____ C:\Users\Arne\Desktop\Kalkulation [Tanzpäda] [13.07].xls
2013-07-22 18:15 - 2013-07-22 18:15 - 00000000 ____D C:\Users\Arne\Desktop\sookee
2013-07-22 18:14 - 2013-07-22 18:14 - 32047700 _____ C:\Users\Arne\Desktop\sookee & majusBeats - PAROLE BRÜCKENBAU EP.zip
2013-07-22 01:43 - 2013-05-31 12:58 - 00000000 ____D C:\Users\Arne\AppData\Roaming\TS3Client
2013-07-19 09:53 - 2013-05-01 17:11 - 00000000 ____D C:\Users\Arne\Desktop\Caught in the Crack
2013-07-18 12:30 - 2011-04-12 09:43 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-07-18 12:30 - 2011-04-12 09:43 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-07-18 12:30 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-18 12:20 - 2013-07-16 11:35 - 00099356 _____ C:\Users\Arne\Desktop\Honorarvertrag.odt
2013-07-16 12:14 - 2013-06-24 19:43 - 00000000 ____D C:\Users\Arne\Desktop\HipHopKonzert
2013-07-15 15:46 - 2013-07-15 15:46 - 00010708 _____ C:\Users\Arne\Desktop\formloser Mustervertrag.odt
2013-07-15 00:46 - 2013-07-15 00:44 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 15:04 - 2013-04-15 23:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-13 15:04 - 2013-04-15 23:45 - 00000000 ____D C:\ProgramData\Skype
2013-07-13 12:49 - 2013-07-13 12:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2013-07-11 21:39 - 2013-07-02 10:46 - 00000000 ____D C:\Users\Arne\Desktop\Lea Won
2013-07-11 20:19 - 2013-07-09 09:47 - 00000000 ____D C:\Users\Arne\Desktop\tanzpäda
2013-07-11 15:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 15:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 07:53 - 2009-07-14 06:45 - 00294184 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 07:51 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 23:10 - 2013-07-10 23:10 - 00161457 _____ C:\Users\Arne\Desktop\mediavistik 3.jpeg
2013-07-10 23:10 - 2013-07-10 23:10 - 00160951 _____ C:\Users\Arne\Desktop\mediavistik 1.jpeg
2013-07-10 23:10 - 2013-07-10 23:10 - 00150712 _____ C:\Users\Arne\Desktop\mediavistik 2.jpeg
2013-07-10 14:21 - 2013-07-10 14:20 - 33578320 _____ (Dropbox, Inc.) C:\Users\Arne\Desktop\Dropbox 2.2.8.exe
2013-07-09 10:27 - 2013-07-09 10:27 - 05045566 _____ C:\Users\Arne\Desktop\Prezident - Menschenpyramiden (prod. v. Epic Infantry).M4A
2013-07-08 17:17 - 2013-07-08 17:17 - 00000000 ____D C:\Users\Arne\Desktop\verschlüsseln
2013-07-07 23:07 - 2013-04-15 20:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-07 21:38 - 2013-07-07 21:09 - 68852307 _____ C:\Users\Arne\Desktop\J-VMDD-05.rar
2013-07-07 00:07 - 2013-07-07 00:03 - 54958302 _____ C:\Users\Arne\Downloads\Huss_und_Hodn-Der_Stoff_Aus_Dem_Die_Regenschirme_Sind-DE-2009-NOiR.rar
2013-07-06 23:29 - 2013-06-29 18:31 - 00000000 ____D C:\Users\Arne\Desktop\Huss & Hodn
2013-07-06 23:16 - 2013-07-06 23:12 - 58850577 _____ C:\Users\Arne\Downloads\Huss und Hodn - Unprofessionelle Musik DE 2005 NOiR.rar
2013-07-06 23:12 - 2013-05-01 15:42 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-07-06 23:08 - 2013-07-06 23:08 - 00003390 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-06 23:08 - 2013-07-06 23:08 - 00000000 ____D C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-07-06 23:08 - 2013-07-06 23:08 - 00000000 ____D C:\Users\Arne\AppData\Roaming\BabSolution
2013-07-06 23:08 - 2013-07-06 23:08 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-07-06 23:08 - 2013-07-06 23:08 - 00000000 ____D C:\Program Files (x86)\Delta
2013-07-06 23:08 - 2013-07-03 10:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-06 23:07 - 2013-07-06 23:07 - 00003048 _____ C:\Windows\System32\Tasks\LyricsWoofer Update
2013-07-06 23:07 - 2013-07-06 23:07 - 00000000 ____D C:\Program Files (x86)\LyricsFan
2013-07-06 23:06 - 2013-07-06 23:06 - 00077236 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\Arne\Desktop\jDownloaderWebInstaller09581.exe
2013-07-05 11:58 - 2013-07-02 16:48 - 00000000 ____D C:\Users\Arne\AppData\Roaming\Apple Computer
2013-07-04 09:13 - 2013-07-02 15:43 - 00000000 ____D C:\Users\Arne\Desktop\Johny Tänzer
2013-07-02 16:48 - 2013-07-02 16:48 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-07-02 16:48 - 2013-07-02 16:48 - 00000000 ____D C:\Users\Arne\AppData\Local\Apple Computer
2013-07-02 16:48 - 2013-07-02 16:47 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-02 16:48 - 2013-07-02 16:47 - 00000000 ____D C:\Program Files\iTunes
2013-07-02 16:48 - 2013-07-02 16:47 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-02 16:47 - 2013-07-02 16:47 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-02 16:47 - 2013-07-02 16:47 - 00000000 ____D C:\Program Files\iPod
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Users\Arne\AppData\Local\Apple
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\ProgramData\Apple
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Program Files\Bonjour
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-02 15:34 - 2013-07-02 15:33 - 00000000 ____D C:\Users\Arne\Desktop\Audio88
2013-07-02 10:46 - 2013-07-02 10:46 - 00000000 ____D C:\Users\Arne\Desktop\Raumheld
2013-07-02 10:45 - 2013-07-02 10:44 - 90917712 _____ (Apple Inc.) C:\Users\Arne\Desktop\iTunes64Setup.exe
2013-07-01 10:51 - 2013-04-22 18:32 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-06-30 02:14 - 2013-06-21 15:07 - 00000000 ____D C:\Users\Arne\Desktop\Esmaticx
2013-06-29 18:40 - 2013-06-24 09:49 - 00000000 ____D C:\Users\Arne\Desktop\Katharsis Funkverteidiger
2013-06-26 20:28 - 2013-06-26 10:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-26 10:36 - 2013-06-07 13:07 - 00000000 ____D C:\Users\Arne\Desktop\Prezident
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 14:32
==================== End Of Log ============================
sowie Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2013
Ran by Arne at 2013-07-25 10:12:24
Running from C:\Users\Arne\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
BrowserDefender (x32)
Canon MG5200 series MP Drivers
Delta Chrome Toolbar (x32)
Delta toolbar (x32 Version: 1.8.21.5)
Dota 2 (x32)
Dropbox (HKCU Version: 2.0.22)
ESET NOD32 Antivirus (Version: 6.0.316.1)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JDownloader 0.9 (x32 Version: 0.9)
KeyTweak - Keyboard Remapper (remove only) (x32)
LyricsWoofer (x32)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
rosoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Skype™ 6.6 (x32 Version: 6.6.106)
StarCraft II (x32 Version: 2.0.8.25604)
Steam (x32 Version: 1.0.0.0)
TeamSpeak 3 Client (x32 Version: 3.0.10)
Ubuntu (x32 Version: 12.04-rev272)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
VLC media player 2.0.6 (Version: 2.0.6)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
==================== Restore Points =========================
19-07-2013 07:20:14 Windows Update
19-07-2013 11:17:09 Windows Defender Checkpoint
23-07-2013 23:12:49 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {3BD1A034-FD6E-4092-A7A7-340D7C619B3B} - System32\Tasks\LyricsWoofer Update => C:\Program Files (x86)\LyricsWoofer\LyricsWooferUPD.exe [2013-07-23] (Lyrics Woofer LTD)
Task: {65732AC8-26EF-48E4-8D9B-04FBC3394670} - System32\Tasks\EPUpdater => C:\Users\Arne\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-06-06] ()
Task: {816DAD3E-BC72-4916-8810-81223D969B69} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {9E45EE18-8B6C-40C6-A504-D4917CEFED9B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation)
Task: {E428471B-1CE0-4C86-BBB5-14BEE0C1A2E1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\LyricsWoofer Update.job => C:\Program Files (x86)\LyricsWoofer\LyricsWooferUPD.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/25/2013 09:40:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2013 03:55:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2013 01:06:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2013 10:57:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/23/2013 06:05:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4462
Error: (07/23/2013 06:05:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4462
Error: (07/23/2013 06:05:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/23/2013 06:05:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3198
Error: (07/23/2013 06:05:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3198
Error: (07/23/2013 06:05:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (07/25/2013 09:38:19 AM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (07/25/2013 09:38:19 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (07/24/2013 03:53:42 PM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (07/24/2013 03:53:42 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (07/24/2013 01:04:31 PM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (07/24/2013 01:04:31 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (07/24/2013 10:55:59 AM) (Source: atikmdag) (User: )
Description: Display is not active
Error: (07/24/2013 10:55:59 AM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (07/24/2013 01:26:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "ESET Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (07/24/2013 01:01:29 AM) (Source: atikmdag) (User: )
Description: Display is not active
Microsoft Office Sessions:
=========================
Error: (07/25/2013 09:40:08 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2013 03:55:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2013 01:06:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/24/2013 10:57:47 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (07/23/2013 06:05:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4462
Error: (07/23/2013 06:05:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4462
Error: (07/23/2013 06:05:53 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/23/2013 06:05:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3198
Error: (07/23/2013 06:05:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3198
Error: (07/23/2013 06:05:52 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Percentage of memory in use: 47%
Total physical RAM: 4060.61 MB
Available physical RAM: 2116.11 MB
Total Pagefile: 8119.41 MB
Available Pagefile: 6017.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:87.79 GB) (Free:29.58 GB) NTFS (Disk=0 Partition=2)
Drive d: () (Fixed) (Total:206.23 GB) (Free:112.46 GB) NTFS (Disk=0 Partition=3)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0000F90A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=88 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=206 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=05)
==================== End Of Log ============================
|
|
25.07.2013, 17:05
| #4 |
| /// TB-Ausbilder | Pop Up in Firefox, http://rou.resyncload.net, Trojaner? Hi, dann mal los: Schritt 1
Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
25.07.2013, 19:07
| #5 |
| | Pop Up in Firefox, http://rou.resyncload.net, Trojaner? Hej, danke schonmal für deine Hilfe! Toll, dass es sowas gibt. ADW Cleaner: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 25/07/2013 um 20:01:54 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Arne - ARNE-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Arne\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\b4rb86t6.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\b4rb86t6.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\b4rb86t6.default\searchplugins\delta.xml
Gelöscht mit Neustart : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\Program Files (x86)\LyricsFan
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Arne\AppData\Roaming\Babylon
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsWoofer
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\8e8cd0bd38ee43
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?babsrc=HP_ss_sps&mntrId=C8B90025568848ED&affID=119357&tt=040713_ifrmful&tsp=4935 --> hxxp://www.google.com
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\b4rb86t6.default\prefs.js
C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\b4rb86t6.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "de");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "c8b994220000000000000025568848ed");
Gelöscht : user_pref("extensions.delta.instlDay", "15892");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.523:08:01");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Gelöscht : user_pref("extensions.delta_i.babExt", "");
Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=040713_ifrmful&tsp=4935");
Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
*************************
AdwCleaner[S1].txt - [3688 octets] - [25/07/2013 20:01:54]
########## EOF - C:\AdwCleaner[S1].txt - [3748 octets] ##########
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2013
Ran by Arne (administrator) on 25-07-2013 20:06:27
Running from C:\Users\Arne\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-21] (ESET)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1672616 2013-07-10] (Valve Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
MountPoints2: {5242ff13-a5fc-11e2-b5d6-001377fea26b} - IomegaEncryptionSetup v1.3.exe
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
Startup: C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Arne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.10.156.1 134.76.63.248 134.76.62.252 8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\b4rb86t6.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\b4rb86t6.default\searchplugins\ecosia.xml
FF Extension: No Name - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\b4rb86t6.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\b4rb86t6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Arne\AppData\Roaming\Mozilla\Firefox\Profiles\b4rb86t6.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
==================== Services (Whitelisted) =================
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET)
==================== Drivers (Whitelisted) ====================
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-25 20:02 - 2013-07-25 20:02 - 00000098 _____ C:\Windows\DeleteOnReboot.bat
2013-07-25 20:01 - 2013-07-25 20:02 - 00003815 _____ C:\AdwCleaner[S1].txt
2013-07-25 20:00 - 2013-07-25 20:01 - 00666633 _____ C:\Users\Arne\Desktop\adwcleaner.exe
2013-07-25 10:12 - 2013-07-25 10:12 - 00009864 _____ C:\Users\Arne\Desktop\Addition.txt
2013-07-25 10:11 - 2013-07-25 10:11 - 00000000 ____D C:\FRST
2013-07-25 10:06 - 2013-07-25 10:06 - 01779761 _____ (Farbar) C:\Users\Arne\Desktop\FRST64.exe
2013-07-24 13:43 - 2013-07-24 13:43 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-24 13:43 - 2013-07-24 13:43 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-24 11:18 - 2013-07-24 11:18 - 00000000 ____D C:\Users\Arne\AppData\Local\ESET
2013-07-24 01:26 - 2013-07-24 01:26 - 00000000 ____D C:\ProgramData\ESET
2013-07-24 01:26 - 2013-07-24 01:26 - 00000000 ____D C:\Program Files\ESET
2013-07-24 01:20 - 2013-07-24 01:20 - 01415824 _____ (ESET) C:\Users\Arne\Desktop\eset_nod32_antivirus_live_installer.exe
2013-07-22 18:15 - 2013-07-22 18:15 - 00000000 ____D C:\Users\Arne\Desktop\sookee
2013-07-22 18:14 - 2013-07-22 18:14 - 32047700 _____ C:\Users\Arne\Desktop\sookee & majusBeats - PAROLE BRÜCKENBAU EP.zip
2013-07-16 12:15 - 2013-07-23 10:41 - 00048128 _____ C:\Users\Arne\Desktop\Kalkulation [Tanzpäda] [13.07].xls
2013-07-16 11:35 - 2013-07-18 12:20 - 00099356 _____ C:\Users\Arne\Desktop\Honorarvertrag.odt
2013-07-15 15:46 - 2013-07-15 15:46 - 00010708 _____ C:\Users\Arne\Desktop\formloser Mustervertrag.odt
2013-07-15 00:44 - 2013-07-15 00:46 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 12:49 - 2013-07-13 12:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2013-07-11 07:26 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-11 07:26 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 07:26 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-11 07:26 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-11 07:26 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 07:26 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-11 07:26 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-11 07:26 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 07:26 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 07:26 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 07:26 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 07:26 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 07:26 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 07:26 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 07:26 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 07:26 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 07:26 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 07:26 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 07:26 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 07:26 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 07:25 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-11 07:25 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-11 07:25 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-11 07:25 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-11 07:25 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 07:25 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-11 07:25 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 07:25 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 07:25 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 07:25 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 07:25 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 23:10 - 2013-07-10 23:10 - 00161457 _____ C:\Users\Arne\Desktop\mediavistik 3.jpeg
2013-07-10 23:10 - 2013-07-10 23:10 - 00160951 _____ C:\Users\Arne\Desktop\mediavistik 1.jpeg
2013-07-10 23:10 - 2013-07-10 23:10 - 00150712 _____ C:\Users\Arne\Desktop\mediavistik 2.jpeg
2013-07-10 14:20 - 2013-07-10 14:21 - 33578320 _____ (Dropbox, Inc.) C:\Users\Arne\Desktop\Dropbox 2.2.8.exe
2013-07-10 11:37 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 11:37 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 11:37 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 11:37 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 11:37 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 11:37 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-10 11:37 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 10:27 - 2013-07-09 10:27 - 05045566 _____ C:\Users\Arne\Desktop\Prezident - Menschenpyramiden (prod. v. Epic Infantry).M4A
2013-07-09 09:47 - 2013-07-11 20:19 - 00000000 ____D C:\Users\Arne\Desktop\tanzpäda
2013-07-08 17:17 - 2013-07-08 17:17 - 00000000 ____D C:\Users\Arne\Desktop\verschlüsseln
2013-07-07 21:56 - 2012-07-01 15:13 - 00000000 ____D C:\Users\Arne\Desktop\Jintanino - Vom Mittelmass Der Dinge - 2005
2013-07-07 21:09 - 2013-07-07 21:38 - 68852307 _____ C:\Users\Arne\Desktop\J-VMDD-05.rar
2013-07-07 00:07 - 2009-03-28 19:05 - 00022475 _____ C:\Users\Arne\Downloads\00-huss_und_hodn-der_stoff_aus_dem_die_regenschirme_sind-de-2009-noir.nfo
2013-07-07 00:07 - 2009-03-28 19:05 - 00001129 _____ C:\Users\Arne\Downloads\00-huss_und_hodn-der_stoff_aus_dem_die_regenschirme_sind-de-2009-noir.sfv
2013-07-07 00:07 - 2009-03-28 19:05 - 00000919 _____ C:\Users\Arne\Downloads\00-huss_und_hodn-der_stoff_aus_dem_die_regenschirme_sind-de-2009-noir.m3u
2013-07-07 00:03 - 2013-07-07 00:07 - 54958302 _____ C:\Users\Arne\Downloads\Huss_und_Hodn-Der_Stoff_Aus_Dem_Die_Regenschirme_Sind-DE-2009-NOiR.rar
2013-07-06 23:12 - 2013-07-06 23:16 - 58850577 _____ C:\Users\Arne\Downloads\Huss und Hodn - Unprofessionelle Musik DE 2005 NOiR.rar
2013-07-06 23:06 - 2013-07-06 23:06 - 00077236 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\Arne\Desktop\jDownloaderWebInstaller09581.exe
2013-07-03 10:58 - 2013-07-06 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 16:48 - 2013-07-05 11:58 - 00000000 ____D C:\Users\Arne\AppData\Roaming\Apple Computer
2013-07-02 16:48 - 2013-07-02 16:48 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-07-02 16:48 - 2013-07-02 16:48 - 00000000 ____D C:\Users\Arne\AppData\Local\Apple Computer
2013-07-02 16:48 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2013-07-02 16:47 - 2013-07-02 16:48 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-02 16:47 - 2013-07-02 16:48 - 00000000 ____D C:\Program Files\iTunes
2013-07-02 16:47 - 2013-07-02 16:48 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-02 16:47 - 2013-07-02 16:47 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-02 16:47 - 2013-07-02 16:47 - 00000000 ____D C:\Program Files\iPod
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Users\Arne\AppData\Local\Apple
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\ProgramData\Apple
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Program Files\Bonjour
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-02 15:43 - 2013-07-04 09:13 - 00000000 ____D C:\Users\Arne\Desktop\Johny Tänzer
2013-07-02 15:33 - 2013-07-02 15:34 - 00000000 ____D C:\Users\Arne\Desktop\Audio88
2013-07-02 10:46 - 2013-07-11 21:39 - 00000000 ____D C:\Users\Arne\Desktop\Lea Won
2013-07-02 10:46 - 2013-07-02 10:46 - 00000000 ____D C:\Users\Arne\Desktop\Raumheld
2013-07-02 10:44 - 2013-07-02 10:45 - 90917712 _____ (Apple Inc.) C:\Users\Arne\Desktop\iTunes64Setup.exe
2013-06-29 18:31 - 2013-07-06 23:29 - 00000000 ____D C:\Users\Arne\Desktop\Huss & Hodn
2013-06-26 10:46 - 2013-06-26 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
==================== One Month Modified Files and Folders =======
2013-07-25 20:04 - 2013-04-30 01:39 - 00000000 ___RD C:\Users\Arne\Dropbox
2013-07-25 20:04 - 2013-04-29 22:03 - 00000000 ____D C:\Users\Arne\AppData\Roaming\Dropbox
2013-07-25 20:04 - 2013-04-15 23:13 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-25 20:03 - 2013-04-15 20:41 - 02022169 _____ C:\Windows\WindowsUpdate.log
2013-07-25 20:03 - 2010-11-21 05:47 - 00011012 _____ C:\Windows\PFRO.log
2013-07-25 20:03 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-25 20:03 - 2009-07-14 06:51 - 00035380 _____ C:\Windows\setupact.log
2013-07-25 20:02 - 2013-07-25 20:02 - 00000098 _____ C:\Windows\DeleteOnReboot.bat
2013-07-25 20:02 - 2013-07-25 20:01 - 00003815 _____ C:\AdwCleaner[S1].txt
2013-07-25 20:01 - 2013-07-25 20:00 - 00666633 _____ C:\Users\Arne\Desktop\adwcleaner.exe
2013-07-25 19:58 - 2013-04-15 23:08 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-25 19:20 - 2009-07-14 06:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-25 19:20 - 2009-07-14 06:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-25 16:06 - 2013-04-15 23:46 - 00000000 ____D C:\Users\Arne\AppData\Roaming\Skype
2013-07-25 10:12 - 2013-07-25 10:12 - 00009864 _____ C:\Users\Arne\Desktop\Addition.txt
2013-07-25 10:11 - 2013-07-25 10:11 - 00000000 ____D C:\FRST
2013-07-25 10:06 - 2013-07-25 10:06 - 01779761 _____ (Farbar) C:\Users\Arne\Desktop\FRST64.exe
2013-07-24 13:43 - 2013-07-24 13:43 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-07-24 13:43 - 2013-07-24 13:43 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-07-24 11:52 - 2013-04-21 14:24 - 00000000 ____D C:\Users\Arne\AppData\Roaming\vlc
2013-07-24 11:18 - 2013-07-24 11:18 - 00000000 ____D C:\Users\Arne\AppData\Local\ESET
2013-07-24 01:26 - 2013-07-24 01:26 - 00000000 ____D C:\ProgramData\ESET
2013-07-24 01:26 - 2013-07-24 01:26 - 00000000 ____D C:\Program Files\ESET
2013-07-24 01:20 - 2013-07-24 01:20 - 01415824 _____ (ESET) C:\Users\Arne\Desktop\eset_nod32_antivirus_live_installer.exe
2013-07-23 10:41 - 2013-07-16 12:15 - 00048128 _____ C:\Users\Arne\Desktop\Kalkulation [Tanzpäda] [13.07].xls
2013-07-22 18:15 - 2013-07-22 18:15 - 00000000 ____D C:\Users\Arne\Desktop\sookee
2013-07-22 18:14 - 2013-07-22 18:14 - 32047700 _____ C:\Users\Arne\Desktop\sookee & majusBeats - PAROLE BRÜCKENBAU EP.zip
2013-07-22 01:43 - 2013-05-31 12:58 - 00000000 ____D C:\Users\Arne\AppData\Roaming\TS3Client
2013-07-19 09:53 - 2013-05-01 17:11 - 00000000 ____D C:\Users\Arne\Desktop\Caught in the Crack
2013-07-18 12:30 - 2011-04-12 09:43 - 00654166 _____ C:\Windows\system32\perfh007.dat
2013-07-18 12:30 - 2011-04-12 09:43 - 00130006 _____ C:\Windows\system32\perfc007.dat
2013-07-18 12:30 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-18 12:20 - 2013-07-16 11:35 - 00099356 _____ C:\Users\Arne\Desktop\Honorarvertrag.odt
2013-07-16 12:14 - 2013-06-24 19:43 - 00000000 ____D C:\Users\Arne\Desktop\HipHopKonzert
2013-07-15 15:46 - 2013-07-15 15:46 - 00010708 _____ C:\Users\Arne\Desktop\formloser Mustervertrag.odt
2013-07-15 00:46 - 2013-07-15 00:44 - 00000000 ____D C:\Windows\system32\MRT
2013-07-13 15:04 - 2013-04-15 23:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-13 15:04 - 2013-04-15 23:45 - 00000000 ____D C:\ProgramData\Skype
2013-07-13 12:49 - 2013-07-13 12:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2013-07-11 21:39 - 2013-07-02 10:46 - 00000000 ____D C:\Users\Arne\Desktop\Lea Won
2013-07-11 20:19 - 2013-07-09 09:47 - 00000000 ____D C:\Users\Arne\Desktop\tanzpäda
2013-07-11 15:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 15:04 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 07:53 - 2009-07-14 06:45 - 00294184 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 07:51 - 2011-04-12 09:55 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 23:10 - 2013-07-10 23:10 - 00161457 _____ C:\Users\Arne\Desktop\mediavistik 3.jpeg
2013-07-10 23:10 - 2013-07-10 23:10 - 00160951 _____ C:\Users\Arne\Desktop\mediavistik 1.jpeg
2013-07-10 23:10 - 2013-07-10 23:10 - 00150712 _____ C:\Users\Arne\Desktop\mediavistik 2.jpeg
2013-07-10 14:21 - 2013-07-10 14:20 - 33578320 _____ (Dropbox, Inc.) C:\Users\Arne\Desktop\Dropbox 2.2.8.exe
2013-07-09 10:27 - 2013-07-09 10:27 - 05045566 _____ C:\Users\Arne\Desktop\Prezident - Menschenpyramiden (prod. v. Epic Infantry).M4A
2013-07-08 17:17 - 2013-07-08 17:17 - 00000000 ____D C:\Users\Arne\Desktop\verschlüsseln
2013-07-07 23:07 - 2013-04-15 20:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-07 21:38 - 2013-07-07 21:09 - 68852307 _____ C:\Users\Arne\Desktop\J-VMDD-05.rar
2013-07-07 00:07 - 2013-07-07 00:03 - 54958302 _____ C:\Users\Arne\Downloads\Huss_und_Hodn-Der_Stoff_Aus_Dem_Die_Regenschirme_Sind-DE-2009-NOiR.rar
2013-07-06 23:29 - 2013-06-29 18:31 - 00000000 ____D C:\Users\Arne\Desktop\Huss & Hodn
2013-07-06 23:16 - 2013-07-06 23:12 - 58850577 _____ C:\Users\Arne\Downloads\Huss und Hodn - Unprofessionelle Musik DE 2005 NOiR.rar
2013-07-06 23:12 - 2013-05-01 15:42 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-07-06 23:08 - 2013-07-03 10:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-06 23:06 - 2013-07-06 23:06 - 00077236 _____ (AppWork UG (haftungsbeschränkt)) C:\Users\Arne\Desktop\jDownloaderWebInstaller09581.exe
2013-07-05 11:58 - 2013-07-02 16:48 - 00000000 ____D C:\Users\Arne\AppData\Roaming\Apple Computer
2013-07-04 09:13 - 2013-07-02 15:43 - 00000000 ____D C:\Users\Arne\Desktop\Johny Tänzer
2013-07-02 16:48 - 2013-07-02 16:48 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-07-02 16:48 - 2013-07-02 16:48 - 00000000 ____D C:\Users\Arne\AppData\Local\Apple Computer
2013-07-02 16:48 - 2013-07-02 16:47 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-02 16:48 - 2013-07-02 16:47 - 00000000 ____D C:\Program Files\iTunes
2013-07-02 16:48 - 2013-07-02 16:47 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-07-02 16:47 - 2013-07-02 16:47 - 00000000 ____D C:\ProgramData\Apple Computer
2013-07-02 16:47 - 2013-07-02 16:47 - 00000000 ____D C:\Program Files\iPod
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Users\Arne\AppData\Local\Apple
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\ProgramData\Apple
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Program Files\Bonjour
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-02 16:46 - 2013-07-02 16:46 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-07-02 15:34 - 2013-07-02 15:33 - 00000000 ____D C:\Users\Arne\Desktop\Audio88
2013-07-02 10:46 - 2013-07-02 10:46 - 00000000 ____D C:\Users\Arne\Desktop\Raumheld
2013-07-02 10:45 - 2013-07-02 10:44 - 90917712 _____ (Apple Inc.) C:\Users\Arne\Desktop\iTunes64Setup.exe
2013-07-01 10:51 - 2013-04-22 18:32 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-06-30 02:14 - 2013-06-21 15:07 - 00000000 ____D C:\Users\Arne\Desktop\Esmaticx
2013-06-29 18:40 - 2013-06-24 09:49 - 00000000 ____D C:\Users\Arne\Desktop\Katharsis Funkverteidiger
2013-06-26 20:28 - 2013-06-26 10:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-26 10:36 - 2013-06-07 13:07 - 00000000 ____D C:\Users\Arne\Desktop\Prezident
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-25 19:34
==================== End Of Log ============================
|
|
25.07.2013, 19:10
| #6 |
| /// TB-Ausbilder | Pop Up in Firefox, http://rou.resyncload.net, Trojaner? Tritt das ursprüngliche Problem immer noch auf? Downloade Dir bitte  Malwarebytes Anti-Malware
__________________ --> Pop Up in Firefox, http://rou.resyncload.net, Trojaner? |
|
26.07.2013, 16:23
| #7 |
| | Pop Up in Firefox, http://rou.resyncload.net, Trojaner? Nein, alles wieder normal. Danke sehr! |
|
29.07.2013, 00:20
| #8 |
| /// TB-Ausbilder | Pop Up in Firefox, http://rou.resyncload.net, Trojaner? Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu Pop Up in Firefox, http://rou.resyncload.net, Trojaner? |
| .html, firefox, gefunde, http://rou.resyncload.net, häufiger, js/adware.yontoo.a, laufen, pop up, problem, rechner, scanner, surfe, troja, trojaner, viren, viren scanner, weiterhelfen, win32/adware.addlyrics.i, win32/adware.yontoo, win32/adware.yontoo.a, win32/adware.yontoo.b |
Linear-Darstellung
