Windows Vista Interpol Trojana

FP3110 · 05.02.2014, 14:16

Hallo,

ich brauche ganz dringend ihre Hilfe.
Ich war am surfen und plötzlich kam ein Sperrbildschirm mit Interpol und ich hätte pornographische Inhalte verbreitet. Ich soll 100 Euro zahlen usw. Mein Betriebssystem ist Windows Vista 32 bit.
Was soll ich machen ? Ich habe leider wenig Ahnung, wie ich was machen soll. Können Sie mir bitte helfen.
Vielen Vielen Dank im Voraus

cosinus · 05.02.2014, 15:27

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

okni · 05.02.2014, 15:32

Lade dir einmal folgende Programme herunter und lasse sie mal Nacheinander über deinen Rechner laufen, Malwarebytes-Free, Emisoft Emergency Kit und die Kaspersky Rescue-Disk, und Berichte über die Ergebnisse danach hier.

hxxp://www.chip.de/downloads/Malwarebytes-Anti-Malware_27322637.html

hxxp://www.emsisoft.de/de/software/eek/

hxxp://support.kaspersky.com/de/4162

FP3110 · 05.02.2014, 15:42

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-02-2014
Ran by Justin at 2014-02-05 15:33:18
Running from C:\Users\Justin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
3DS Compatible Action Replay Firmware Update version 1.0 (Version: 1.0 - )
4500_G510af_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510af (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
Activation Assistant for the 2007 Microsoft Office suites (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (Version: 9.5.5 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (Version: 7.2.302.105 - ALPS ELECTRIC CO., LTD.)
Apple Application Support (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (Version: 3.0.723.0 - ATI Technologies, Inc.)
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
BrowserCompanion (Version:  - ) <==== ATTENTION
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Bundled software uninstaller (Version:  - ) <==== ATTENTION
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2009.0421.2132.36832 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0421.2132.36832 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0421.2132.36832 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Czech (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Danish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Dutch (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help English (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Finnish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help French (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help German (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Greek (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Italian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Japanese (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Korean (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Polish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Russian (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Spanish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Swedish (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Thai (Version: 2009.0421.2131.36832 - ATI) Hidden
CCC Help Turkish (Version: 2009.0421.2131.36832 - ATI) Hidden
ccc-core-static (Version: 2009.0421.2132.36832 - Ihr Firmenname) Hidden
ccc-utility (Version: 2009.0421.2132.36832 - ATI) Hidden
CDBurnerXP (Version: 4.4.1.3243 - CDBurnerXP)
Cheat Engine 6.2 (Version:  - Dark Byte)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DealPly (remove only) (Version: 4.8.7.2 - DealPly Technologies Ltd.) <==== ATTENTION
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Facebook Video Calling 2.0.0.447 (Version: 2.0.447 - Skype Limited)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FilesFrog Update Checker (Version:  - ) <==== ATTENTION
Free YouTube to MP3 Converter version 3.10.15.1228 (Version:  - DVDVideoSoft Ltd.)
GeoGebra 4.2 (Version: 4.2.36.0 - International GeoGebra Institute)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Document Manager 2.0 (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP Officejet 4500 G510a-f (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (Version: 4.5 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Update (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel® Matrix Storage Manager (Version:  - Intel Corporation)
iTunes (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 25 (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Korean Fonts Support For Adobe Reader 9 (Version: 9.0.0 - Adobe Systems Incorporated)
Lyrics-Pal (Version:  - LyricsPal Soft. LTD) <==== ATTENTION
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office 97, Professional Edition (Version:  - )
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)
Movies Toolbar for Firefox (Dist. by Somoto Ltd.) (Version: 1.6.2.0 - APN LLC) <==== ATTENTION
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPC Backup  (Version:  - MyPC Backup) <==== ATTENTION
myphotobook 3.65 (Version: 3.65 - myphotobook)
OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP)
OpenOffice.org 3.4.1 (Version: 3.41.9593 - Apache Software Foundation)
Pando Media Booster (Version: 2.6.0.7 - Pando Networks Inc.)
Picasa 2 (Version: 2.0 - Google, Inc.)
PlayReady PC runtime (Version: 1 - Microsoft Corporation)
QuickTime (Version: 7.69.80.9 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0004 - Realtek)
Realtek High Definition Audio Driver (Version: 6.0.1.5821 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (Version: 6.0.6000.20132 - Realtek Semiconductor Corp.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
SeeSimilar (Version: 1.0.0.5 - SeeSimilar.com)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shop for HP Supplies (Version: 13.0 - HP)
Skins (Version: 2009.0421.2132.36832 - ATI) Hidden
Skype™ 6.9 (Version: 6.9.106 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TOSHIBA Assist (Version: 2.01.10 - TOSHIBA)
TOSHIBA Benutzerhandbücher (Version: 7.40 - TOSHIBA)
TOSHIBA ConfigFree (Version: 7.4.9 - TOSHIBA Corporation)
TOSHIBA Disc Creator (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (Version: 3.00.1.04-A - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.0.3.0 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.0.3.0 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba) Hidden
TOSHIBA Face Recognition (Version: 3.0.5.32 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.0.5.32 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.3C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.3C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (Version: 3.0.0.1 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.0.0.1 - TOSHIBA Corporation) Hidden
Toshiba Online Product Information (Version: 2.06.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (Version: 1.3.2.0 - TOSHIBA Corporation)
TOSHIBA Recovery Disc Creator (Version: 2.0.0.2 - TOSHIBA)
TOSHIBA Recovery Disk Creator Reminder (Version: 1.00.0017 - TOSHIBA)
TOSHIBA Recovery Disk Creator Reminder (Version: 1.00.0017 - TOSHIBA) Hidden
TOSHIBA SD Memory Utilities (Version: 1.8.1.6 - TOSHIBA)
TOSHIBA Service Station (Version: 2.0.26 - TOSHIBA)
TOSHIBA Supervisor Password (Version: 1.63.0.3C - TOSHIBA CORPORATION) Hidden
TOSHIBA Supervisorkennwort (Version: 1.63.0.3C - TOSHIBA CORPORATION)
Toshiba TEMPRO (Version: 2.0 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (Version: 1.2.8 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.8 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (Version: 1.0.1.8 - TOSHIBA Corporation)
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
TRORDCLauncher (Version: 1.0.0.6 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.6 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)
Utility Common Driver (Version: 1.0.50.22C - TOSHIBA) Hidden
Verbindungsassistent (Version: 2.1 - Verbindungsassistent)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent-Spiele (Version: 1.0.0.71 - WildTangent)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Datel Design & Development (dsiarhwprog) USBIOControlledDevices  (04/21/2009 2.40.0.0) (Version: 04/21/2009 2.40.0.0 - Datel Design & Development)
Windows-Treiberpaket - Datel Design & Development USBIOControlledDevices  (04/21/2009 2.40.0.0) (Version: 04/21/2009 2.40.0.0 - Datel Design & Development)
WinZip Malware Protector (Version: 2.1.1000.10798 - WinZip International LLC)
Yahoo! Messenger (Version:  - Yahoo! Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\Dealply.job => ?
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2517477228-2357616808-1679516756-1000Core.job => ?
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2517477228-2357616808-1679516756-1000UA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517477228-2357616808-1679516756-1000Core1cecfe7d2b874f0.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517477228-2357616808-1679516756-1000UA.job => ?
Task: C:\Windows\Tasks\Lyrics-Pal Update.job => ?

==================== Loaded Modules (whitelisted) =============

2014-01-06 19:35 - 2013-12-23 17:16 - 00485384 _____ () C:\Program Files\Movies Toolbar\SafetyNut\safetycrt.dll
2011-02-28 20:51 - 2009-04-21 22:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2009-01-30 21:11 - 2009-01-30 21:11 - 00073728 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2009-03-07 14:15 - 2009-03-07 14:15 - 07005496 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2008-07-14 11:37 - 2008-07-14 11:37 - 00095544 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2009-06-09 10:13 - 2006-10-10 11:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 11:57 - 2006-10-07 11:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 18:55 - 2006-12-01 18:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-02-28 20:52 - 2011-02-28 20:52 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-01-30 10:41 - 2009-01-30 10:41 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-02-28 20:52 - 2011-02-28 20:52 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-06 19:35 - 2013-12-23 17:16 - 00020488 _____ () C:\Program Files\Movies Toolbar\SafetyNut\safetyldr.dll
2014-01-07 07:19 - 2014-01-07 07:19 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2014 03:16:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2014 03:06:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2014 00:41:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19832532

Error: (02/05/2014 00:41:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19832532

Error: (02/05/2014 00:41:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2014 00:41:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19831502

Error: (02/05/2014 00:41:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19831502

Error: (02/05/2014 00:41:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/05/2014 00:41:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19830488

Error: (02/05/2014 00:41:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19830488


System errors:
=============
Error: (02/05/2014 03:16:40 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (02/05/2014 03:15:01 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 05.02.2014 um 15:09:10 unerwartet heruntergefahren.

Error: (02/05/2014 03:06:03 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (02/05/2014 07:01:15 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (02/04/2014 08:38:26 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (02/04/2014 08:32:50 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/03/2014 09:27:36 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (02/03/2014 06:20:40 PM) (Source: Service Control Manager) (User: )
Description: iPod-Dienst%%5

Error: (02/03/2014 06:20:35 PM) (Source: Service Control Manager) (User: )
Description: iPod-Dienst%%5

Error: (02/03/2014 06:20:30 PM) (Source: Service Control Manager) (User: )
Description: iPod-Dienst%%5


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2011-03-02 07:42:14.671
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-02 07:42:14.593
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-02 07:42:14.515
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-02 07:42:14.453
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2011-03-02 07:42:14.359
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 47%
Total physical RAM: 3035.93 MB
Available physical RAM: 1581.88 MB
Total Pagefile: 6276.13 MB
Available Pagefile: 4593.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.39 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:186.31 GB) (Free:86.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:184.84 GB) (Free:171.1 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ==========================

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-02-2014
Ran by Justin (ATTENTION: The logged in user is not administrator) on RUDI-PC on 05-02-2014 15:32:43
Running from C:\Users\Justin\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\iTunesHelper.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\mozilla firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Farbar) C:\Users\Justin\Downloads\FRST(2).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [421888 2007-04-16] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [SVPWUTIL] - C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2008-11-21] (TOSHIBA)
HKLM\...\Run: [KeNotify] - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1011712 2009-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7289376 2009-03-30] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-04-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [468320 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [729088 2009-03-23] (TOSHIBA Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [299008 2009-05-12] (TOSHIBA CORPORATION)
HKLM\...\Run: [cfFncEnabler.exe] - C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe [16384 2009-03-24] (Toshiba Corporation)
HKLM\...\Run: [TWebCamera] - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2513472 2009-04-16] (TOSHIBA)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] - C:\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKU\.DEFAULT\...\Run: [TOSHIBA Online Product Information] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
HKU\S-1-5-21-2517477228-2357616808-1679516756-1003\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2517477228-2357616808-1679516756-1003\...\Run: [TOSHIBA Online Product Information] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
AppInit_DLLs: C:\PROGRA~2\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-11-04] ()
AppInit_DLLs: C:\PROGRA~1\MOVIES~1\SAFETY~1\SAFETY~2.DLL => C:\Program Files\Movies Toolbar\SafetyNut\safetyldr.dll [20488 2013-12-23] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\SafetyNut\safetycrt.dll [485384 2013-12-23] ()
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\safetynut\x64\safetycrt.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
SearchScopes: HKLM - DefaultScope {F63AE76D-6E75-43C3-9DF9-E1A371C32852} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
SearchScopes: HKLM - {F63AE76D-6E75-43C3-9DF9-E1A371C32852} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEG;
BHO: Browser Companion Helper - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( )
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Browser Companion Helper Verifier - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: DealPly Shopping - {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SeeSimilar - {F225A2E3-8EE1-4204-B7A0-F4C551578A87} - C:\Program Files\SeeSimilar\ScriptHost.dll (SeeSimilar.com)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\k9n87apj.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa2,version=2.0.0 - C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Movies Toolbar (Dist. by Somoto Ltd.) - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\k9n87apj.default\Extensions\{3444c3c5-6c56-4a16-a453-832b05bf6ea4} [2014-01-06]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-01-22]
FF HKLM\...\Firefox\Extensions: [SeeSimilar@SeeSimilar.com] - C:\Users\Rudi\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com
FF Extension: SeeSimilar - C:\Users\Rudi\AppData\Roaming\Mozilla\Extensions\SeeSimilar@SeeSimilar.com [2013-07-27]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
R2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S2 dealplylive; C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-07-29] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-07-29] (DealPly Technologies Ltd)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [242424 2009-02-11] (WildTangent, Inc.)
R2 iphlpsvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 SafetyNutManager; C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe [3446792 2013-12-23] (SafetyNut Inc.)
R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-03-23] (Toshiba Europe GmbH)
R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-24] (TOSHIBA Corporation)
R2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation)
R2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-15] (TOSHIBA Corporation)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-04] (Avira Operations GmbH & Co. KG)
S3 dsiarhwprog; C:\Windows\System32\Drivers\dsiarhwprog.sys [35256 2012-09-26] (Thesycon GmbH, Germany)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-05-07] (COMPAL ELECTRONIC INC.)
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-24] (Avira GmbH)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-20] (TOSHIBA Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-05 14:45 - 2014-02-05 14:45 - 01137152 _____ (Farbar) C:\Users\Justin\Downloads\FRST(2).exe
2014-02-05 14:44 - 2014-02-05 14:44 - 01137152 _____ (Farbar) C:\Users\Justin\Downloads\FRST(1).exe
2014-02-05 14:40 - 2014-02-05 15:32 - 00020392 _____ () C:\Users\Justin\Downloads\FRST.txt
2014-02-05 14:40 - 2014-02-05 14:41 - 00026908 _____ () C:\Users\Justin\Downloads\Addition.txt
2014-02-05 14:39 - 2014-02-05 15:32 - 00000000 ____D () C:\FRST
2014-02-05 14:32 - 2014-02-05 14:32 - 01137152 _____ (Farbar) C:\Users\Justin\Downloads\FRST.exe
2014-02-05 13:21 - 2014-02-05 13:21 - 01431792 _____ (iMesh Inc) C:\Users\Justin\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-05 12:59 - 2014-02-05 12:59 - 00000991 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-02-05 12:59 - 2014-02-05 12:59 - 00000000 ____D () C:\Users\Rudi\AppData\Roaming\Nico Mak Computing
2014-02-05 12:59 - 2014-02-05 12:59 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-02-05 12:59 - 2014-02-05 12:59 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-02-05 12:59 - 2013-03-15 17:01 - 00016384 _____ () C:\Windows\system32\wsusnative32.exe
2014-02-05 12:58 - 2014-02-05 12:58 - 04892480 _____ (WinZip International LLC ) C:\Users\Justin\Downloads\wzmp_8.exe
2014-02-05 06:49 - 2014-02-05 06:49 - 00000000 ____D () C:\Users\Rudi\AppData\Local\{265E5DA4-B672-4A02-86BC-8527D8248E80}
2014-02-04 08:35 - 2014-02-04 08:35 - 00000000 ____D () C:\Users\Rudi\AppData\Local\{90AAAACE-8012-4881-BFF9-87DD4D3644A7}
2014-02-04 08:23 - 2014-02-05 15:08 - 00006344 _____ () C:\Users\Rudi\AppData\Roaming\iconcache.dat
2014-02-04 08:23 - 2014-02-04 08:23 - 00422009 _____ () C:\Users\Rudi\AppData\Roaming\fontcache.dat
2014-02-04 08:23 - 2014-02-04 08:23 - 00114192 _____ () C:\Users\Rudi\AppData\Roaming\explorer.exe
2014-02-03 21:39 - 2014-02-03 21:39 - 00001354 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-03 21:39 - 2014-02-03 21:39 - 00000000 ____D () C:\Mozilla Plugins
2014-02-03 21:39 - 2014-02-03 21:39 - 00000000 ____D () C:\iTunesMiniPlayer.Resources
2014-02-03 21:39 - 2014-02-03 21:39 - 00000000 ____D () C:\iTunesHelper.Resources
2014-02-03 21:38 - 2014-02-03 21:39 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-03 21:38 - 2014-02-03 21:39 - 00000000 ____D () C:\iTunes.Resources
2014-02-03 21:38 - 2014-02-03 21:38 - 00000000 ____D () C:\Program Files\iPod
2014-02-03 21:38 - 2014-02-03 21:38 - 00000000 ____D () C:\CD Configuration
2014-02-03 21:36 - 2014-02-03 21:36 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-02-03 21:34 - 2014-02-03 21:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-03 21:34 - 2014-02-03 21:34 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-03 21:30 - 2014-02-03 21:32 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(5).exe
2014-02-03 20:45 - 2014-02-03 20:47 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup (2).exe
2014-02-03 20:43 - 2014-02-03 20:43 - 00665632 _____ () C:\Users\Rudi\Downloads\itunes_setup.exe
2014-02-03 18:46 - 2014-02-03 18:48 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(4).exe
2014-02-03 18:33 - 2014-02-03 18:35 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(3).exe
2014-02-03 18:11 - 2014-02-03 18:12 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(2).exe
2014-02-03 17:50 - 2014-02-03 17:51 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(1).exe
2014-01-24 17:57 - 2014-01-24 18:55 - 00112974 _____ () C:\Users\Rudi\Desktop\Rechnungsvorlage.odt
2014-01-20 16:32 - 2014-01-20 16:32 - 25520968 _____ (Apple Inc.) C:\iTunes.dll
2014-01-20 16:32 - 2014-01-20 16:32 - 09789256 _____ (Apple Inc.) C:\iTunes.exe
2014-01-20 16:32 - 2014-01-20 16:32 - 03008536 _____ (Gracenote, Inc.) C:\gnsdk_dsp.dll
2014-01-20 16:32 - 2014-01-20 16:32 - 00776216 _____ (Gracenote, Inc.) C:\gnsdk_sdkmanager.dll
2014-01-20 16:32 - 2014-01-20 16:32 - 00649544 _____ (Apple Inc.) C:\iPodUpdaterExt.dll
2014-01-20 16:32 - 2014-01-20 16:32 - 00405320 _____ (Apple Inc.) C:\iTunesAdmin.dll
2014-01-20 16:32 - 2014-01-20 16:32 - 00293192 _____ (Apple Inc.) C:\iTunesOutlookAddIn.dll
2014-01-20 16:32 - 2014-01-20 16:32 - 00262680 _____ (Gracenote, Inc.) C:\gnsdk_submit.dll
2014-01-20 16:32 - 2014-01-20 16:32 - 00219672 _____ (Gracenote, Inc.) C:\gnsdk_musicid.dll
2014-01-20 16:32 - 2014-01-20 16:32 - 00152392 _____ (Apple Inc.) C:\iTunesHelper.exe
2014-01-20 16:32 - 2014-01-20 16:32 - 00148808 _____ (Apple Inc.) C:\iTunesHelper.dll
2014-01-20 16:32 - 2014-01-20 16:32 - 00117576 _____ (Apple Inc.) C:\iTunesMiniPlayer.dll
2014-01-20 16:02 - 2014-01-20 16:02 - 03023176 _____ (Apple, Inc) C:\iAdCore.dll
2014-01-17 18:59 - 2014-01-17 18:59 - 01368595 _____ () C:\Users\Rudi\Downloads\desktop.air
2014-01-10 14:32 - 2014-01-10 14:33 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\HpUpdate
2014-01-07 07:19 - 2014-01-07 07:19 - 00000000 ____D () C:\Program Files\mozilla firefox
2014-01-07 07:05 - 2014-01-07 07:05 - 00000000 ____D () C:\ProgramData\BrowserProtect
2014-01-07 07:05 - 2014-01-07 07:05 - 00000000 ____D () C:\ProgramData\Browser Manager
2014-01-07 07:05 - 2014-01-07 07:05 - 00000000 ____D () C:\ProgramData\BitGuard
2014-01-06 19:36 - 2014-01-06 19:36 - 00000000 ____D () C:\ProgramData\Wincert
2014-01-06 19:35 - 2014-02-05 15:17 - 00000000 ____D () C:\ProgramData\SafetyNut
2014-01-06 19:35 - 2014-01-06 19:35 - 00000000 ____D () C:\Program Files\Movies Toolbar

==================== One Month Modified Files and Folders =======

2014-02-05 15:32 - 2014-02-05 14:40 - 00020392 _____ () C:\Users\Justin\Downloads\FRST.txt
2014-02-05 15:32 - 2014-02-05 14:39 - 00000000 ____D () C:\FRST
2014-02-05 15:26 - 2013-07-29 20:21 - 00000890 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2014-02-05 15:21 - 2013-07-29 20:21 - 00000286 _____ () C:\Windows\Tasks\Dealply.job
2014-02-05 15:21 - 2011-02-28 20:47 - 01962408 _____ () C:\Windows\WindowsUpdate.log
2014-02-05 15:17 - 2014-01-06 19:35 - 00000000 ____D () C:\ProgramData\SafetyNut
2014-02-05 15:15 - 2013-11-25 20:07 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-05 15:15 - 2013-07-29 20:21 - 00000886 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2014-02-05 15:15 - 2013-07-29 20:20 - 00000348 _____ () C:\Windows\Tasks\Lyrics-Pal Update.job
2014-02-05 15:15 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-05 15:15 - 2006-11-02 13:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-05 15:15 - 2006-11-02 13:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-05 15:08 - 2014-02-04 08:23 - 00006344 _____ () C:\Users\Rudi\AppData\Roaming\iconcache.dat
2014-02-05 15:08 - 2011-03-03 09:11 - 00000000 ____D () C:\Users\Rudi\AppData\Roaming\Skype
2014-02-05 15:08 - 2011-03-02 13:35 - 00000000 ____D () C:\Users\Rudi\Tracing
2014-02-05 14:53 - 2006-11-02 14:01 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-05 14:45 - 2014-02-05 14:45 - 01137152 _____ (Farbar) C:\Users\Justin\Downloads\FRST(2).exe
2014-02-05 14:44 - 2014-02-05 14:44 - 01137152 _____ (Farbar) C:\Users\Justin\Downloads\FRST(1).exe
2014-02-05 14:44 - 2012-05-09 10:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-05 14:42 - 2008-01-21 08:16 - 01445546 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-05 14:41 - 2014-02-05 14:40 - 00026908 _____ () C:\Users\Justin\Downloads\Addition.txt
2014-02-05 14:39 - 2013-11-06 15:37 - 00002402 _____ () C:\Windows\setupact.log
2014-02-05 14:38 - 2012-02-25 20:57 - 00001134 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2517477228-2357616808-1679516756-1000UA.job
2014-02-05 14:32 - 2014-02-05 14:32 - 01137152 _____ (Farbar) C:\Users\Justin\Downloads\FRST.exe
2014-02-05 14:11 - 2013-11-25 20:07 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-05 14:03 - 2012-03-07 17:33 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517477228-2357616808-1679516756-1000UA.job
2014-02-05 13:21 - 2014-02-05 13:21 - 01431792 _____ (iMesh Inc) C:\Users\Justin\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-05 12:59 - 2014-02-05 12:59 - 00000991 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-02-05 12:59 - 2014-02-05 12:59 - 00000000 ____D () C:\Users\Rudi\AppData\Roaming\Nico Mak Computing
2014-02-05 12:59 - 2014-02-05 12:59 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-02-05 12:59 - 2014-02-05 12:59 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-02-05 12:58 - 2014-02-05 12:58 - 04892480 _____ (WinZip International LLC ) C:\Users\Justin\Downloads\wzmp_8.exe
2014-02-05 12:42 - 2012-05-09 10:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-05 12:42 - 2012-01-17 06:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 06:59 - 2013-07-30 06:10 - 00039138 _____ () C:\Windows\PFRO.log
2014-02-05 06:56 - 2013-10-23 13:03 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517477228-2357616808-1679516756-1000Core1cecfe7d2b874f0.job
2014-02-05 06:56 - 2012-02-25 20:57 - 00001112 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2517477228-2357616808-1679516756-1000Core.job
2014-02-05 06:49 - 2014-02-05 06:49 - 00000000 ____D () C:\Users\Rudi\AppData\Local\{265E5DA4-B672-4A02-86BC-8527D8248E80}
2014-02-04 08:35 - 2014-02-04 08:35 - 00000000 ____D () C:\Users\Rudi\AppData\Local\{90AAAACE-8012-4881-BFF9-87DD4D3644A7}
2014-02-04 08:27 - 2013-08-27 15:53 - 00000000 ____D () C:\Program Files\LyricsPal
2014-02-04 08:23 - 2014-02-04 08:23 - 00422009 _____ () C:\Users\Rudi\AppData\Roaming\fontcache.dat
2014-02-04 08:23 - 2014-02-04 08:23 - 00114192 _____ () C:\Users\Rudi\AppData\Roaming\explorer.exe
2014-02-03 21:39 - 2014-02-03 21:39 - 00001354 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-03 21:39 - 2014-02-03 21:39 - 00000000 ____D () C:\Mozilla Plugins
2014-02-03 21:39 - 2014-02-03 21:39 - 00000000 ____D () C:\iTunesMiniPlayer.Resources
2014-02-03 21:39 - 2014-02-03 21:39 - 00000000 ____D () C:\iTunesHelper.Resources
2014-02-03 21:39 - 2014-02-03 21:38 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-03 21:39 - 2014-02-03 21:38 - 00000000 ____D () C:\iTunes.Resources
2014-02-03 21:38 - 2014-02-03 21:38 - 00000000 ____D () C:\Program Files\iPod
2014-02-03 21:38 - 2014-02-03 21:38 - 00000000 ____D () C:\CD Configuration
2014-02-03 21:38 - 2014-02-03 21:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-03 21:36 - 2014-02-03 21:36 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-02-03 21:36 - 2011-02-28 22:25 - 00000000 ____D () C:\Users\Rudi
2014-02-03 21:34 - 2014-02-03 21:34 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-03 21:34 - 2011-04-16 15:29 - 00000000 ____D () C:\ProgramData\Apple
2014-02-03 21:32 - 2014-02-03 21:30 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(5).exe
2014-02-03 21:25 - 2013-12-04 22:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-03 20:47 - 2014-02-03 20:45 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup (2).exe
2014-02-03 20:43 - 2014-02-03 20:43 - 00665632 _____ () C:\Users\Rudi\Downloads\itunes_setup.exe
2014-02-03 18:48 - 2014-02-03 18:46 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(4).exe
2014-02-03 18:35 - 2014-02-03 18:33 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(3).exe
2014-02-03 18:12 - 2014-02-03 18:11 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(2).exe
2014-02-03 17:51 - 2014-02-03 17:50 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(1).exe
2014-02-01 10:33 - 2013-12-19 11:37 - 00000134 _____ () C:\Users\Rudi\AppData\Roaming\WB.CFG
2014-01-29 07:28 - 2012-03-07 17:35 - 00002034 _____ () C:\Users\Rudi\Desktop\Google Chrome.lnk
2014-01-24 18:55 - 2014-01-24 17:57 - 00112974 _____ () C:\Users\Rudi\Desktop\Rechnungsvorlage.odt
2014-01-20 16:32 - 2014-01-20 16:32 - 25520968 _____ (Apple Inc.) C:\iTunes.dll
2014-01-20 16:32 - 2014-01-20 16:32 - 09789256 _____ (Apple Inc.) C:\iTunes.exe
2014-01-20 16:32 - 2014-01-20 16:32 - 03008536 _____ (Gracenote, Inc.) C:\gnsdk_dsp.dll
2014-01-20 16:32 - 2014-01-20 16:32 - 00776216 _____ (Gracenote, Inc.) C:\gnsdk_sdkmanager.dll
2014-01-20 16:32 - 2014-01-20 16:32 - 00649544 _____ (Apple Inc.) C:\iPodUpdaterExt.dll
2014-01-20 16:32 - 2014-01-20 16:32 - 00405320 _____ (Apple Inc.) C:\iTunesAdmin.dll
2014-01-20 16:32 - 2014-01-20 16:32 - 00293192 _____ (Apple Inc.) C:\iTunesOutlookAddIn.dll
2014-01-20 16:32 - 2014-01-20 16:32 - 00262680 _____ (Gracenote, Inc.) C:\gnsdk_submit.dll
2014-01-20 16:32 - 2014-01-20 16:32 - 00219672 _____ (Gracenote, Inc.) C:\gnsdk_musicid.dll
2014-01-20 16:32 - 2014-01-20 16:32 - 00152392 _____ (Apple Inc.) C:\iTunesHelper.exe
2014-01-20 16:32 - 2014-01-20 16:32 - 00148808 _____ (Apple Inc.) C:\iTunesHelper.dll
2014-01-20 16:32 - 2014-01-20 16:32 - 00117576 _____ (Apple Inc.) C:\iTunesMiniPlayer.dll
2014-01-20 16:02 - 2014-01-20 16:02 - 03023176 _____ (Apple, Inc) C:\iAdCore.dll
2014-01-18 03:07 - 2009-06-09 10:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-18 03:06 - 2013-07-23 02:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-18 03:02 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-17 18:59 - 2014-01-17 18:59 - 01368595 _____ () C:\Users\Rudi\Downloads\desktop.air
2014-01-17 17:49 - 2013-08-11 19:48 - 00000000 ____D () C:\Users\Rudi\AppData\Roaming\Movdap
2014-01-16 03:00 - 2011-04-09 20:18 - 00000680 _____ () C:\Users\Rudi\AppData\Local\d3d9caps.dat
2014-01-10 14:33 - 2014-01-10 14:32 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\HpUpdate
2014-01-07 07:19 - 2014-01-07 07:19 - 00000000 ____D () C:\Program Files\mozilla firefox
2014-01-07 07:05 - 2014-01-07 07:05 - 00000000 ____D () C:\ProgramData\BrowserProtect
2014-01-07 07:05 - 2014-01-07 07:05 - 00000000 ____D () C:\ProgramData\Browser Manager
2014-01-07 07:05 - 2014-01-07 07:05 - 00000000 ____D () C:\ProgramData\BitGuard
2014-01-06 19:36 - 2014-01-06 19:36 - 00000000 ____D () C:\ProgramData\Wincert
2014-01-06 19:35 - 2014-01-06 19:35 - 00000000 ____D () C:\Program Files\Movies Toolbar
2014-01-06 19:35 - 2013-09-16 16:15 - 00001930 _____ () C:\Users\Rudi\Desktop\FLV Player.lnk
2014-01-06 19:35 - 2013-09-16 16:15 - 00000000 ____D () C:\Users\Rudi\AppData\Local\WebPlayer

Some content of TEMP:
====================
C:\Users\Justin\AppData\Local\Temp\avgnt.exe
C:\Users\Rudi\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Erstmal danke für die schnelle Antwort. Ich hoffe, ich habe es richtig gemacht. Ich habe echt wenig Ahnung und darum bitte ich um gedult :-). Was soll ich jetzt machen? verzweifelt bin :-(

cosinus · 05.02.2014, 15:51

Zitat:

Ran by Justin (ATTENTION: The logged in user is not administrator)

Warum hast du keine Adminrechte? Ohne diese können wir weder vernünftig analysieren noch bereinigen.

Und bitte den Post von okni ignorieren, er ist hier kein offiziereller Helfer und darf deswegen gar kein Malware-Support geben

FP3110 · 05.02.2014, 15:57

hallo cosinus,

ich bin über einen anderen Nutzer in meinem Laptop, da ich ja nichts machen kann, weil er Adminnutzer, also ich, gesperrt ist. Wie soll ich das denn sonst machen? Sorry, aber ich kenne mich nicht aus,

cosinus · 05.02.2014, 16:02

Achso, nun hab ich das Problem erkannt

Dann brauchen wir ein spezielles FRST Log

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)

Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:

Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):

Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Ja und klicke Untersuchen

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

FP3110 · 05.02.2014, 16:39

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-02-2014
Ran by SYSTEM on MINWINPC on 05-02-2014 16:34:09
Running from G:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [421888 2007-04-16] (TOSHIBA Electronics, Inc.)
HKLM\...\Run: [SVPWUTIL] - C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [438272 2008-11-21] (TOSHIBA)
HKLM\...\Run: [KeNotify] - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe [1011712 2009-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7289376 2009-03-30] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2009-04-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [468320 2009-03-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [55160 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [729088 2009-03-23] (TOSHIBA Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [184320 2009-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [299008 2009-05-12] (TOSHIBA CORPORATION)
HKLM\...\Run: [cfFncEnabler.exe] - C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe [16384 2009-03-24] (Toshiba Corporation)
HKLM\...\Run: [TWebCamera] - C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2513472 2009-04-16] (TOSHIBA)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-11] (Oracle Corporation)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [iTunesHelper] - C:\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
HKU\Chris\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Chris\...\Run: [TOSHIBA Online Product Information] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
HKU\Justin\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Justin\...\Run: [TOSHIBA Online Product Information] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
HKU\Rudi\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4283256 2011-05-13] (Microsoft Corporation)
HKU\Rudi\...\Run: [Facebook Update] - C:\Users\Rudi\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\Rudi\...\Run: [Google Update] - C:\Users\Rudi\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-03-07] (Google Inc.)
HKU\Rudi\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-24] (Yahoo! Inc.)
HKU\Rudi\...\Run: [SDP] - C:\Users\Rudi\AppData\Local\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto)
HKU\Rudi\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20473504 2013-10-02] (Skype Technologies S.A.)
HKU\Rudi\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Rudi\...\RunOnce: [Shell] - C:\Users\Rudi\AppData\Roaming\explorer.exe [114192 2014-02-03] ()
HKU\Willi\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Willi\...\Run: [TOSHIBA Online Product Information] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6158240 2009-03-16] (TOSHIBA)
AppInit_DLLs: C:\PROGRA~2\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-11-04] ()
AppInit_DLLs: C:\PROGRA~1\MOVIES~1\SAFETY~1\SAFETY~2.DLL => C:\Program Files\Movies Toolbar\SafetyNut\safetyldr.dll [20488 2013-12-23] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Willi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Movies Toolbar\SafetyNut\safetycrt.dll [485384 2013-12-23] ()
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\safetynut\x64\safetycrt.dll

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-04] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1011768 2013-12-17] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
S2 camsvc; C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S2 dealplylive; C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-07-29] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-07-29] (DealPly Technologies Ltd)
S3 GameConsoleService; C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe [242424 2009-02-11] (WildTangent, Inc.)
S2 SafetyNutManager; C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe [3446792 2013-12-23] (SafetyNut Inc.)
S2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-03-23] (Toshiba Europe GmbH)
S2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [62776 2009-04-01] (TOSHIBA Corporation)
S2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [176128 2009-04-24] (TOSHIBA Corporation)
S2 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [73728 2009-03-17] (TOSHIBA Corporation)
S2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [656752 2009-04-15] (TOSHIBA Corporation)
S2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-17] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-17] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-04] (Avira Operations GmbH & Co. KG)
S3 dsiarhwprog; C:\Windows\System32\Drivers\dsiarhwprog.sys [35256 2012-09-26] (Thesycon GmbH, Germany)
S0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [25896 2008-05-07] (COMPAL ELECTRONIC INC.)
S3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [22272 2009-03-18] (TOSHIBA Corporation)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [154272 2008-11-11] (Realtek Semiconductor Corp.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-24] (Avira GmbH)
S2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-03-20] (TOSHIBA Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-05 06:47 - 2014-02-05 06:47 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-02-05 05:45 - 2014-02-05 05:45 - 01137152 _____ (Farbar) C:\Users\Justin\Downloads\FRST(2).exe
2014-02-05 05:44 - 2014-02-05 05:44 - 01137152 _____ (Farbar) C:\Users\Justin\Downloads\FRST(1).exe
2014-02-05 05:40 - 2014-02-05 06:34 - 00036082 _____ () C:\Users\Justin\Downloads\FRST.txt
2014-02-05 05:40 - 2014-02-05 06:34 - 00026977 _____ () C:\Users\Justin\Downloads\Addition.txt
2014-02-05 05:39 - 2014-02-05 16:33 - 00000000 ____D () C:\FRST
2014-02-05 05:32 - 2014-02-05 05:32 - 01137152 _____ (Farbar) C:\Users\Justin\Downloads\FRST.exe
2014-02-05 04:21 - 2014-02-05 04:21 - 01431792 _____ (iMesh Inc) C:\Users\Justin\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-05 03:59 - 2014-02-05 03:59 - 00000991 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-02-05 03:59 - 2014-02-05 03:59 - 00000000 ____D () C:\Users\Rudi\AppData\Roaming\Nico Mak Computing
2014-02-05 03:59 - 2014-02-05 03:59 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-02-05 03:59 - 2014-02-05 03:59 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-02-05 03:59 - 2013-03-15 08:01 - 00016384 _____ () C:\Windows\System32\wsusnative32.exe
2014-02-05 03:58 - 2014-02-05 03:58 - 04892480 _____ (WinZip International LLC ) C:\Users\Justin\Downloads\wzmp_8.exe
2014-02-04 21:49 - 2014-02-04 21:49 - 00000000 ____D () C:\Users\Rudi\AppData\Local\{265E5DA4-B672-4A02-86BC-8527D8248E80}
2014-02-03 23:35 - 2014-02-03 23:35 - 00000000 ____D () C:\Users\Rudi\AppData\Local\{90AAAACE-8012-4881-BFF9-87DD4D3644A7}
2014-02-03 23:23 - 2014-02-05 06:08 - 00006344 _____ () C:\Users\Rudi\AppData\Roaming\iconcache.dat
2014-02-03 23:23 - 2014-02-03 23:23 - 00422009 _____ () C:\Users\Rudi\AppData\Roaming\fontcache.dat
2014-02-03 23:23 - 2014-02-03 23:23 - 00114192 _____ () C:\Users\Rudi\AppData\Roaming\explorer.exe
2014-02-03 12:39 - 2014-02-03 12:39 - 00001354 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-03 12:39 - 2014-02-03 12:39 - 00000000 ____D () C:\Mozilla Plugins
2014-02-03 12:39 - 2014-02-03 12:39 - 00000000 ____D () C:\iTunesMiniPlayer.Resources
2014-02-03 12:39 - 2014-02-03 12:39 - 00000000 ____D () C:\iTunesHelper.Resources
2014-02-03 12:38 - 2014-02-03 12:39 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-03 12:38 - 2014-02-03 12:39 - 00000000 ____D () C:\iTunes.Resources
2014-02-03 12:38 - 2014-02-03 12:38 - 00000000 ____D () C:\Program Files\iPod
2014-02-03 12:38 - 2014-02-03 12:38 - 00000000 ____D () C:\CD Configuration
2014-02-03 12:36 - 2014-02-03 12:36 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-02-03 12:34 - 2014-02-03 12:38 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-03 12:34 - 2014-02-03 12:34 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-03 12:30 - 2014-02-03 12:32 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(5).exe
2014-02-03 11:45 - 2014-02-03 11:47 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup (2).exe
2014-02-03 11:43 - 2014-02-03 11:43 - 00665632 _____ ( ) C:\Users\Rudi\Downloads\itunes_setup.exe
2014-02-03 09:46 - 2014-02-03 09:48 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(4).exe
2014-02-03 09:33 - 2014-02-03 09:35 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(3).exe
2014-02-03 09:11 - 2014-02-03 09:12 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(2).exe
2014-02-03 08:50 - 2014-02-03 08:51 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(1).exe
2014-01-24 08:57 - 2014-01-24 09:55 - 00112974 _____ () C:\Users\Rudi\Desktop\Rechnungsvorlage.odt
2014-01-20 07:32 - 2014-01-20 07:32 - 25520968 _____ (Apple Inc.) C:\iTunes.dll
2014-01-20 07:32 - 2014-01-20 07:32 - 09789256 _____ (Apple Inc.) C:\iTunes.exe
2014-01-20 07:32 - 2014-01-20 07:32 - 03008536 _____ (Gracenote, Inc.) C:\gnsdk_dsp.dll
2014-01-20 07:32 - 2014-01-20 07:32 - 00776216 _____ (Gracenote, Inc.) C:\gnsdk_sdkmanager.dll
2014-01-20 07:32 - 2014-01-20 07:32 - 00649544 _____ (Apple Inc.) C:\iPodUpdaterExt.dll
2014-01-20 07:32 - 2014-01-20 07:32 - 00405320 _____ (Apple Inc.) C:\iTunesAdmin.dll
2014-01-20 07:32 - 2014-01-20 07:32 - 00293192 _____ (Apple Inc.) C:\iTunesOutlookAddIn.dll
2014-01-20 07:32 - 2014-01-20 07:32 - 00262680 _____ (Gracenote, Inc.) C:\gnsdk_submit.dll
2014-01-20 07:32 - 2014-01-20 07:32 - 00219672 _____ (Gracenote, Inc.) C:\gnsdk_musicid.dll
2014-01-20 07:32 - 2014-01-20 07:32 - 00152392 _____ (Apple Inc.) C:\iTunesHelper.exe
2014-01-20 07:32 - 2014-01-20 07:32 - 00148808 _____ (Apple Inc.) C:\iTunesHelper.dll
2014-01-20 07:32 - 2014-01-20 07:32 - 00117576 _____ (Apple Inc.) C:\iTunesMiniPlayer.dll
2014-01-20 07:02 - 2014-01-20 07:02 - 03023176 _____ (Apple, Inc) C:\iAdCore.dll
2014-01-17 09:59 - 2014-01-17 09:59 - 01368595 _____ () C:\Users\Rudi\Downloads\desktop.air
2014-01-10 05:32 - 2014-01-10 05:33 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\HpUpdate
2014-01-06 22:19 - 2014-01-06 22:19 - 00000000 ____D () C:\Program Files\mozilla firefox
2014-01-06 22:05 - 2014-01-06 22:05 - 00000000 ____D () C:\ProgramData\BrowserProtect
2014-01-06 22:05 - 2014-01-06 22:05 - 00000000 ____D () C:\ProgramData\Browser Manager
2014-01-06 22:05 - 2014-01-06 22:05 - 00000000 ____D () C:\ProgramData\BitGuard
2014-01-06 10:36 - 2014-01-06 10:36 - 00000000 ____D () C:\ProgramData\Wincert
2014-01-06 10:35 - 2014-02-05 07:30 - 00000000 ____D () C:\ProgramData\SafetyNut
2014-01-06 10:35 - 2014-01-06 10:35 - 00000000 ____D () C:\Program Files\Movies Toolbar

==================== One Month Modified Files and Folders =======

2014-02-05 16:33 - 2014-02-05 05:39 - 00000000 ____D () C:\FRST
2014-02-05 07:30 - 2014-01-06 10:35 - 00000000 ____D () C:\ProgramData\SafetyNut
2014-02-05 07:30 - 2011-02-28 11:47 - 01968708 _____ () C:\Windows\WindowsUpdate.log
2014-02-05 07:30 - 2006-11-02 04:47 - 00003744 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-05 07:30 - 2006-11-02 04:47 - 00003744 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-05 06:47 - 2014-02-05 06:47 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-02-05 06:34 - 2014-02-05 05:40 - 00036082 _____ () C:\Users\Justin\Downloads\FRST.txt
2014-02-05 06:34 - 2014-02-05 05:40 - 00026977 _____ () C:\Users\Justin\Downloads\Addition.txt
2014-02-05 06:08 - 2014-02-03 23:23 - 00006344 _____ () C:\Users\Rudi\AppData\Roaming\iconcache.dat
2014-02-05 06:08 - 2011-03-03 00:11 - 00000000 ____D () C:\Users\Rudi\AppData\Roaming\Skype
2014-02-05 06:08 - 2011-03-02 04:35 - 00000000 ____D () C:\Users\Rudi\Tracing
2014-02-05 05:45 - 2014-02-05 05:45 - 01137152 _____ (Farbar) C:\Users\Justin\Downloads\FRST(2).exe
2014-02-05 05:44 - 2014-02-05 05:44 - 01137152 _____ (Farbar) C:\Users\Justin\Downloads\FRST(1).exe
2014-02-05 05:42 - 2008-01-20 23:16 - 01445546 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-02-05 05:39 - 2013-11-06 06:37 - 00002402 _____ () C:\Windows\setupact.log
2014-02-05 05:32 - 2014-02-05 05:32 - 01137152 _____ (Farbar) C:\Users\Justin\Downloads\FRST.exe
2014-02-05 04:21 - 2014-02-05 04:21 - 01431792 _____ (iMesh Inc) C:\Users\Justin\Downloads\iMeshSetup-r1487-w-bf.exe
2014-02-05 03:59 - 2014-02-05 03:59 - 00000991 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-02-05 03:59 - 2014-02-05 03:59 - 00000000 ____D () C:\Users\Rudi\AppData\Roaming\Nico Mak Computing
2014-02-05 03:59 - 2014-02-05 03:59 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-02-05 03:59 - 2014-02-05 03:59 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-02-05 03:58 - 2014-02-05 03:58 - 04892480 _____ (WinZip International LLC ) C:\Users\Justin\Downloads\wzmp_8.exe
2014-02-05 03:42 - 2012-05-09 01:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-02-05 03:42 - 2012-01-16 21:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-02-04 21:59 - 2013-07-29 21:10 - 00039138 _____ () C:\Windows\PFRO.log
2014-02-04 21:49 - 2014-02-04 21:49 - 00000000 ____D () C:\Users\Rudi\AppData\Local\{265E5DA4-B672-4A02-86BC-8527D8248E80}
2014-02-03 23:35 - 2014-02-03 23:35 - 00000000 ____D () C:\Users\Rudi\AppData\Local\{90AAAACE-8012-4881-BFF9-87DD4D3644A7}
2014-02-03 23:27 - 2013-08-27 06:53 - 00000000 ____D () C:\Program Files\LyricsPal
2014-02-03 23:23 - 2014-02-03 23:23 - 00422009 _____ () C:\Users\Rudi\AppData\Roaming\fontcache.dat
2014-02-03 23:23 - 2014-02-03 23:23 - 00114192 _____ () C:\Users\Rudi\AppData\Roaming\explorer.exe
2014-02-03 12:39 - 2014-02-03 12:39 - 00001354 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-03 12:39 - 2014-02-03 12:39 - 00000000 ____D () C:\Mozilla Plugins
2014-02-03 12:39 - 2014-02-03 12:39 - 00000000 ____D () C:\iTunesMiniPlayer.Resources
2014-02-03 12:39 - 2014-02-03 12:39 - 00000000 ____D () C:\iTunesHelper.Resources
2014-02-03 12:39 - 2014-02-03 12:38 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-03 12:39 - 2014-02-03 12:38 - 00000000 ____D () C:\iTunes.Resources
2014-02-03 12:38 - 2014-02-03 12:38 - 00000000 ____D () C:\Program Files\iPod
2014-02-03 12:38 - 2014-02-03 12:38 - 00000000 ____D () C:\CD Configuration
2014-02-03 12:38 - 2014-02-03 12:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-03 12:36 - 2014-02-03 12:36 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-02-03 12:36 - 2011-02-28 13:25 - 00000000 ____D () C:\users\Rudi
2014-02-03 12:34 - 2014-02-03 12:34 - 00000000 ____D () C:\Program Files\Bonjour
2014-02-03 12:34 - 2011-04-16 06:29 - 00000000 ____D () C:\ProgramData\Apple
2014-02-03 12:32 - 2014-02-03 12:30 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(5).exe
2014-02-03 12:25 - 2013-12-04 13:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-03 11:47 - 2014-02-03 11:45 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup (2).exe
2014-02-03 11:43 - 2014-02-03 11:43 - 00665632 _____ ( ) C:\Users\Rudi\Downloads\itunes_setup.exe
2014-02-03 09:48 - 2014-02-03 09:46 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(4).exe
2014-02-03 09:35 - 2014-02-03 09:33 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(3).exe
2014-02-03 09:12 - 2014-02-03 09:11 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(2).exe
2014-02-03 08:51 - 2014-02-03 08:50 - 137699664 _____ (Apple Inc.) C:\Users\Rudi\Downloads\iTunesSetup(1).exe
2014-02-01 01:33 - 2013-12-19 02:37 - 00000134 _____ () C:\Users\Rudi\AppData\Roaming\WB.CFG
2014-01-28 22:28 - 2012-03-07 08:35 - 00002034 _____ () C:\Users\Rudi\Desktop\Google Chrome.lnk
2014-01-24 09:55 - 2014-01-24 08:57 - 00112974 _____ () C:\Users\Rudi\Desktop\Rechnungsvorlage.odt
2014-01-20 07:32 - 2014-01-20 07:32 - 25520968 _____ (Apple Inc.) C:\iTunes.dll
2014-01-20 07:32 - 2014-01-20 07:32 - 09789256 _____ (Apple Inc.) C:\iTunes.exe
2014-01-20 07:32 - 2014-01-20 07:32 - 03008536 _____ (Gracenote, Inc.) C:\gnsdk_dsp.dll
2014-01-20 07:32 - 2014-01-20 07:32 - 00776216 _____ (Gracenote, Inc.) C:\gnsdk_sdkmanager.dll
2014-01-20 07:32 - 2014-01-20 07:32 - 00649544 _____ (Apple Inc.) C:\iPodUpdaterExt.dll
2014-01-20 07:32 - 2014-01-20 07:32 - 00405320 _____ (Apple Inc.) C:\iTunesAdmin.dll
2014-01-20 07:32 - 2014-01-20 07:32 - 00293192 _____ (Apple Inc.) C:\iTunesOutlookAddIn.dll
2014-01-20 07:32 - 2014-01-20 07:32 - 00262680 _____ (Gracenote, Inc.) C:\gnsdk_submit.dll
2014-01-20 07:32 - 2014-01-20 07:32 - 00219672 _____ (Gracenote, Inc.) C:\gnsdk_musicid.dll
2014-01-20 07:32 - 2014-01-20 07:32 - 00152392 _____ (Apple Inc.) C:\iTunesHelper.exe
2014-01-20 07:32 - 2014-01-20 07:32 - 00148808 _____ (Apple Inc.) C:\iTunesHelper.dll
2014-01-20 07:32 - 2014-01-20 07:32 - 00117576 _____ (Apple Inc.) C:\iTunesMiniPlayer.dll
2014-01-20 07:02 - 2014-01-20 07:02 - 03023176 _____ (Apple, Inc) C:\iAdCore.dll
2014-01-17 18:07 - 2009-06-09 01:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-17 18:06 - 2013-07-22 17:04 - 00000000 ____D () C:\Windows\System32\MRT
2014-01-17 18:02 - 2006-11-02 02:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-01-17 09:59 - 2014-01-17 09:59 - 01368595 _____ () C:\Users\Rudi\Downloads\desktop.air
2014-01-17 08:49 - 2013-08-11 10:48 - 00000000 ____D () C:\Users\Rudi\AppData\Roaming\Movdap
2014-01-15 18:00 - 2011-04-09 11:18 - 00000680 _____ () C:\Users\Rudi\AppData\Local\d3d9caps.dat
2014-01-10 05:33 - 2014-01-10 05:32 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\HpUpdate
2014-01-06 22:19 - 2014-01-06 22:19 - 00000000 ____D () C:\Program Files\mozilla firefox
2014-01-06 22:05 - 2014-01-06 22:05 - 00000000 ____D () C:\ProgramData\BrowserProtect
2014-01-06 22:05 - 2014-01-06 22:05 - 00000000 ____D () C:\ProgramData\Browser Manager
2014-01-06 22:05 - 2014-01-06 22:05 - 00000000 ____D () C:\ProgramData\BitGuard
2014-01-06 10:36 - 2014-01-06 10:36 - 00000000 ____D () C:\ProgramData\Wincert
2014-01-06 10:35 - 2014-01-06 10:35 - 00000000 ____D () C:\Program Files\Movies Toolbar
2014-01-06 10:35 - 2013-09-16 07:15 - 00001930 _____ () C:\Users\Rudi\Desktop\FLV Player.lnk
2014-01-06 10:35 - 2013-09-16 07:15 - 00000000 ____D () C:\Users\Rudi\AppData\Local\WebPlayer

Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\avgnt.exe
C:\Users\Justin\AppData\Local\Temp\avgnt.exe
C:\Users\Rudi\AppData\Local\Temp\avgnt.exe
C:\Users\Willi\AppData\Local\Temp\avgnt.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-12-10 11:19:18
Restore point made on: 2013-12-13 18:01:43
Restore point made on: 2013-12-15 10:41:49
Restore point made on: 2013-12-17 08:09:03
Restore point made on: 2014-01-06 08:31:30
Restore point made on: 2014-01-08 10:53:57
Restore point made on: 2014-01-17 18:01:37
Restore point made on: 2014-01-28 10:38:13
Restore point made on: 2014-02-03 08:57:38
Restore point made on: 2014-02-03 08:58:53
Restore point made on: 2014-02-03 09:36:17
Restore point made on: 2014-02-03 09:45:45
Restore point made on: 2014-02-03 09:50:01
Restore point made on: 2014-02-03 11:48:31
Restore point made on: 2014-02-03 12:15:09
Restore point made on: 2014-02-03 12:15:59
Restore point made on: 2014-02-03 12:18:20
Restore point made on: 2014-02-03 12:19:26
Restore point made on: 2014-02-03 12:20:38
Restore point made on: 2014-02-03 12:35:26
Restore point made on: 2014-02-03 12:36:14
Restore point made on: 2014-02-03 12:37:07

==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 4059.93 MB
Available physical RAM: 3479.13 MB
Total Pagefile: 3711.73 MB
Available Pagefile: 3546.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.98 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:186.31 GB) (Free:86.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:184.84 GB) (Free:171.1 GB) NTFS
Drive f: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.21 GB) NTFS
Drive g: (KATHARINA) (Removable) (Total:0.44 GB) (Free:0.43 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 373 GB) (Disk ID: 7878FC96)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=186 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=185 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 454 MB) (Disk ID: 0D0C0B0A)
Partition 1: (Active) - (Size=454 MB) - (Type=06)


LastRegBack: 2014-02-05 07:24

==================== End Of Log ============================

--- --- ---

So, ich hoffe, das es jetzt richtig ist :-/

cosinus · 06.02.2014, 01:51

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\Rudi\...\RunOnce: [Shell] - C:\Users\Rudi\AppData\Roaming\explorer.exe [114192 2014-02-03] ()
AppInit_DLLs: C:\PROGRA~2\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-11-04] ()
AppInit_DLLs: C:\PROGRA~1\MOVIES~1\SAFETY~1\SAFETY~2.DLL => C:\Program Files\Movies Toolbar\SafetyNut\safetyldr.dll [20488 2013-12-23] ()
C:\Users\Rudi\AppData\Roaming\explorer.exe
C:\PROGRA~2\Wincert

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

FP3110 · 06.02.2014, 07:05

Guten Morgen cosinus. Danke vorab für die tolle Hilfe :-)

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-02-2014
Ran by SYSTEM at 2014-02-06 06:59:40 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\Rudi\...\RunOnce: [Shell] - C:\Users\Rudi\AppData\Roaming\explorer.exe [114192 2014-02-03] ()
AppInit_DLLs: C:\PROGRA~2\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-11-04] ()
AppInit_DLLs: C:\PROGRA~1\MOVIES~1\SAFETY~1\SAFETY~2.DLL => C:\Program Files\Movies Toolbar\SafetyNut\safetyldr.dll [20488 2013-12-23] ()
C:\Users\Rudi\AppData\Roaming\explorer.exe
C:\PROGRA~2\Wincert
         
*****************

HKU\Rudi\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shell => Value deleted successfully.
"C:\\PROGRA~2\\Wincert\\WIN32C~1.DLL" => Value Data removed successfully.
"C:\\PROGRA~1\\MOVIES~1\\SAFETY~1\\SAFETY~2.DLL" => Value Data removed successfully.
C:\Users\Rudi\AppData\Roaming\explorer.exe => Moved successfully.
C:\PROGRA~2\Wincert => Moved successfully.

==== End of Fixlog ====

cosinus · 06.02.2014, 09:56

Startet Windows wieder normal?

FP3110 · 06.02.2014, 17:08

Vielen Lieben Dank. Mein PC läuft wieder einwandfrei. Gute Arbeit. Perfekt :-)

cosinus · 06.02.2014, 23:44

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

06.02.2014, 09:56	#11
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows Vista Interpol Trojana Startet Windows wieder normal? __________________ Logfiles bitte immer in CODE-Tags posten

Windows Vista Interpol Trojana

Log-Analyse und Auswertung: Windows Vista Interpol Trojana