Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Neues Laptop mit Windows 8 MYSTARTSEARCH als Startseite

Neues Laptop mit Windows 8 MYSTARTSEARCH als Startseite


Plagegeister aller Art und deren Bekämpfung: Neues Laptop mit Windows 8 MYSTARTSEARCH als Startseite

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.04.2015, 16:15   #1
Kronos60
 
Neues Laptop mit Windows 8 MYSTARTSEARCH als Startseite - Standard

Neues Laptop mit Windows 8 MYSTARTSEARCH als Startseite


Ein anderer Vorschlag:

Du liest dir hiermit:
http://www.pc-magazin.de/download/wi...r-2447518.html
Den Produktkey aus.

Ladest dir hier:
http://windows.microsoft.com/de-de/w...-refresh-media
Windows 8.1 runter.

So bist du den ganzen vorinstallierten Müll mit einem Schlag los ganz egal was darauf war, und du hast ein jungfräuliches Windows.

Alt 01.04.2015, 17:23   #2
crucru1995
 
Neues Laptop mit Windows 8 MYSTARTSEARCH als Startseite - Standard

Neues Laptop mit Windows 8 MYSTARTSEARCH als Startseite


Vielen Dank für Eure schnelle Reaktion.

Als erstes möchte ich gerne wissen was für Meldungen das alles bei mir sind und was sich noch so alles auf meinem Laptop befindet.

Danach kann ich mich gerne um ein Update von Windows kümmern.

Hier nun die gewünschten Logdateien:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by chrrudolph (administrator) on CRUCRU on 01-04-2015 18:02:31
Running from C:\Users\chrrudolph\Downloads
Loaded Profiles: chrrudolph (Available profiles: chrrudolph)
Platform: Windows 8.1 Connected (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Gambali OEM Software) C:\ProgramData\SecurityUtility\Gambali.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
() C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-09] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-22] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-14] (TOSHIBA Corporation)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-06] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1510630325-336167275-949646124-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.64\OptProLauncher.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50536;https=127.0.0.1:50536
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://safesearch.avira.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = https://safesearch.avira.com/
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/
HKU\S-1-5-21-1510630325-336167275-949646124-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1510630325-336167275-949646124-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1510630325-336167275-949646124-1001 -> {76C34B5D-A561-4D77-A6C5-6C36108CE082} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-05-13] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
Winsock: Catalog9-x64 02 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
Winsock: Catalog9-x64 03 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
Winsock: Catalog9-x64 04 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
Winsock: Catalog9-x64 16 C:\Windows\system32\Gambali64.dll [408424] (Gambali OEM Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\chrrudolph\AppData\Roaming\Mozilla\Firefox\Profiles\x1rHZAMt.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-31] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-06] ()
FF Extension: Avira Browser Safety - C:\Users\chrrudolph\AppData\Roaming\Mozilla\Firefox\Profiles\x1rHZAMt.default\Extensions\abs@avira.com [2015-03-31]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [456000 2015-02-10] (Amazon Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-03-19] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-03-03] ()
R2 Gambali; C:\ProgramData\SecurityUtility\Gambali.exe [1916456 2015-03-31] (Gambali OEM Software) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel(R) Corporation)
R2 SecurityUtility Service; C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe [318464 2015-03-31] () [File not signed]
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2014-08-06] (Toshiba Europe GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 3a37b93a; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro 3.64\OptProMon.dll",ENT

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-03] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-11] (Windows (R) Win 7 DDK provider)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 18:02 - 2015-04-01 18:03 - 00013659 _____ () C:\Users\chrrudolph\Downloads\FRST.txt
2015-04-01 18:02 - 2015-04-01 18:02 - 00000000 ____D () C:\FRST
2015-04-01 18:01 - 2015-04-01 18:01 - 02095616 _____ (Farbar) C:\Users\chrrudolph\Downloads\FRST64.exe
2015-03-31 20:25 - 2015-03-31 20:25 - 00000000 _____ () C:\autoexec.bat
2015-03-31 19:00 - 2015-03-31 19:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-31 18:59 - 2015-03-31 18:59 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-31 18:57 - 2015-03-31 18:57 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-03-31 18:55 - 2015-03-31 18:55 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-31 18:55 - 2015-03-31 18:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-03-31 18:54 - 2015-03-31 19:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-31 18:54 - 2015-03-31 18:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-31 18:54 - 2015-03-31 18:54 - 00000000 __RHD () C:\MSOCache
2015-03-31 18:54 - 2015-03-31 18:54 - 00000000 ____D () C:\Users\chrrudolph\AppData\Local\Microsoft Help
2015-03-31 18:38 - 2015-03-31 18:38 - 00000000 ____D () C:\Users\chrrudolph\AppData\Local\Evernote
2015-03-31 18:17 - 2015-03-31 18:17 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-03-31 18:17 - 2015-03-31 18:17 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2015-03-31 17:55 - 2015-04-01 15:45 - 00000000 ____D () C:\Users\chrrudolph\AppData\Roaming\Avira
2015-03-31 17:53 - 2015-03-31 17:53 - 00003270 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2015-03-31 17:51 - 2015-03-17 13:01 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-31 17:51 - 2015-03-17 13:01 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-31 17:51 - 2015-03-17 13:01 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-31 17:51 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-03-31 17:49 - 2015-04-01 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-31 17:49 - 2015-04-01 15:45 - 00000000 ____D () C:\ProgramData\Avira
2015-03-31 17:49 - 2015-03-31 17:51 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-31 17:49 - 2015-03-31 17:49 - 00000000 ____D () C:\Users\chrrudolph\AppData\Roaming\Mozilla
2015-03-31 17:48 - 2015-03-31 17:48 - 00000000 ____D () C:\Users\chrrudolph\AppData\Roaming\dlg
2015-03-31 17:47 - 2015-04-01 15:47 - 00009000 _____ () C:\Windows\SysWOW64\GambaliOff.ini
2015-03-31 17:47 - 2015-04-01 15:47 - 00009000 _____ () C:\Windows\system32\GambaliOff.ini
2015-03-31 17:47 - 2015-03-31 17:47 - 00000000 ____D () C:\Users\chrrudolph\SupTab
2015-03-31 17:47 - 2015-03-31 17:47 - 00000000 ____D () C:\ProgramData\SecurityUtility
2015-03-31 17:47 - 2015-03-31 17:47 - 00000000 ____D () C:\ProgramData\b1cbfabde50e4f078c5cd75758eec0b0
2015-03-31 17:47 - 2015-03-31 15:18 - 00408424 _____ (Gambali OEM Software) C:\Windows\system32\Gambali64.dll
2015-03-31 17:47 - 2015-03-31 15:18 - 00340944 _____ (Gambali OEM Software) C:\Windows\SysWOW64\Gambali.dll
2015-03-31 17:37 - 2015-03-31 17:37 - 00000000 __SHD () C:\Users\chrrudolph\AppData\Local\EmieUserList
2015-03-31 17:37 - 2015-03-31 17:37 - 00000000 __SHD () C:\Users\chrrudolph\AppData\Local\EmieSiteList
2015-03-31 17:30 - 2015-03-31 18:09 - 00000000 ____D () C:\Users\chrrudolph\AppData\Roaming\Skype
2015-03-31 17:30 - 2015-03-31 17:30 - 00000000 ____D () C:\Users\chrrudolph\AppData\Local\Skype
2015-03-31 17:26 - 2015-03-31 17:26 - 00000000 ____D () C:\Users\chrrudolph\AppData\Local\Google
2015-03-31 17:24 - 2015-04-01 17:51 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1510630325-336167275-949646124-1001
2015-03-31 17:24 - 2015-03-31 17:24 - 00000000 ____D () C:\ProgramData\ToshibaEurope
2015-03-31 17:23 - 2015-03-31 17:23 - 00000000 ____D () C:\Users\chrrudolph\AppData\Roaming\Macromedia
2015-03-31 17:20 - 2015-03-31 17:20 - 00000000 ____D () C:\Users\chrrudolph\AppData\Local\TOSHIBA
2015-03-31 17:18 - 2015-03-31 20:25 - 00000000 ____D () C:\Users\chrrudolph
2015-03-31 17:18 - 2015-03-31 18:38 - 00000000 ____D () C:\Users\chrrudolph\AppData\Local\Packages
2015-03-31 17:18 - 2015-03-31 17:45 - 00001689 _____ () C:\Users\chrrudolph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-31 17:18 - 2015-03-31 17:18 - 00000020 ___SH () C:\Users\chrrudolph\ntuser.ini
2015-03-31 17:18 - 2015-03-31 17:18 - 00000000 _SHDL () C:\Users\chrrudolph\Vorlagen
2015-03-31 17:18 - 2015-03-31 17:18 - 00000000 _SHDL () C:\Users\chrrudolph\Startmenü
2015-03-31 17:18 - 2015-03-31 17:18 - 00000000 _SHDL () C:\Users\chrrudolph\Netzwerkumgebung
2015-03-31 17:18 - 2015-03-31 17:18 - 00000000 _SHDL () C:\Users\chrrudolph\Lokale Einstellungen
2015-03-31 17:18 - 2015-03-31 17:18 - 00000000 _SHDL () C:\Users\chrrudolph\Eigene Dateien
2015-03-31 17:18 - 2015-03-31 17:18 - 00000000 _SHDL () C:\Users\chrrudolph\Druckumgebung
2015-03-31 17:18 - 2015-03-31 17:18 - 00000000 _SHDL () C:\Users\chrrudolph\Documents\Eigene Musik
2015-03-31 17:18 - 2015-03-31 17:18 - 00000000 _SHDL () C:\Users\chrrudolph\Documents\Eigene Bilder
2015-03-31 17:18 - 2015-03-31 17:18 - 00000000 _SHDL () C:\Users\chrrudolph\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-03-31 17:18 - 2015-03-31 17:18 - 00000000 _SHDL () C:\Users\chrrudolph\AppData\Local\Verlauf
2015-03-31 17:18 - 2015-03-31 17:18 - 00000000 _SHDL () C:\Users\chrrudolph\AppData\Local\Anwendungsdaten
2015-03-31 17:18 - 2015-03-31 17:18 - 00000000 _SHDL () C:\Users\chrrudolph\Anwendungsdaten
2015-03-31 17:18 - 2015-03-31 17:18 - 00000000 ____D () C:\Users\chrrudolph\AppData\Roaming\Adobe
2015-03-31 17:18 - 2015-03-31 17:18 - 00000000 ____D () C:\Users\chrrudolph\AppData\Local\VirtualStore
2015-03-31 17:18 - 2014-09-09 21:07 - 00000000 ___RD () C:\Users\chrrudolph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-31 17:18 - 2014-09-09 20:47 - 00000000 ___RD () C:\Users\chrrudolph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-31 17:18 - 2014-03-18 11:49 - 00000369 _____ () C:\Users\chrrudolph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-31 17:18 - 2014-03-18 11:49 - 00000369 _____ () C:\Users\chrrudolph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-31 17:18 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\chrrudolph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-31 17:18 - 2013-08-22 17:36 - 00000000 ____D () C:\Users\chrrudolph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 18:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-01 17:46 - 2014-09-09 21:24 - 00001146 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-01 17:28 - 2015-01-16 23:05 - 00157456 _____ () C:\Windows\WindowsUpdate.log
2015-04-01 17:22 - 2014-09-09 21:24 - 00002232 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
2015-04-01 17:16 - 2014-09-09 21:24 - 00001150 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 15:54 - 2014-05-06 07:46 - 00797412 _____ () C:\Windows\system32\perfh013.dat
2015-04-01 15:54 - 2014-05-06 07:46 - 00161992 _____ () C:\Windows\system32\perfc013.dat
2015-04-01 15:54 - 2014-05-06 07:24 - 00793160 _____ () C:\Windows\system32\perfh010.dat
2015-04-01 15:54 - 2014-05-06 07:24 - 00156082 _____ () C:\Windows\system32\perfc010.dat
2015-04-01 15:54 - 2014-05-06 07:02 - 00801394 _____ () C:\Windows\system32\perfh00C.dat
2015-04-01 15:54 - 2014-05-06 07:02 - 00158846 _____ () C:\Windows\system32\perfc00C.dat
2015-04-01 15:54 - 2014-05-06 06:41 - 00765582 _____ () C:\Windows\system32\perfh007.dat
2015-04-01 15:54 - 2014-05-06 06:41 - 00159366 _____ () C:\Windows\system32\perfc007.dat
2015-04-01 15:54 - 2014-03-18 11:47 - 04646338 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 15:46 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-31 21:39 - 2014-03-18 11:39 - 00149308 _____ () C:\Windows\PFRO.log
2015-03-31 19:33 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\spool
2015-03-31 19:02 - 2013-08-22 16:44 - 00410120 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-31 19:02 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-31 18:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-31 18:55 - 2014-03-18 11:33 - 00000000 ____D () C:\Windows\ShellNew
2015-03-31 18:43 - 2015-01-16 23:12 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-31 18:38 - 2014-09-09 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-03-31 18:38 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-31 18:18 - 2014-09-09 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-31 18:09 - 2014-09-09 21:27 - 00000000 ____D () C:\ProgramData\Skype
2015-03-31 18:07 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\restore
2015-03-31 18:05 - 2013-08-22 17:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-03-31 17:49 - 2015-01-16 23:05 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-31 17:23 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-31 17:22 - 2014-09-09 21:22 - 00000000 ____D () C:\ProgramData\TOSHIBA
2015-03-31 17:18 - 2014-03-18 11:31 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2015-03-31 17:11 - 2014-09-09 21:24 - 00004122 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-31 17:11 - 2014-09-09 21:24 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-31 17:11 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache

==================== Files in the root of some directories =======

2015-01-16 22:46 - 2015-01-16 22:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\chrrudolph\AppData\Local\Temp\avgnt.exe
C:\Users\chrrudolph\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-10 04:38

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by chrrudolph at 2015-04-01 18:04:02
Running from C:\Users\chrrudolph\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Amazon 1Button App (HKLM-x32\...\{6044DB2C-08DE-4B8B-90AE-64D6FF604AC6}) (Version: 2.1.3 - Amazon)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4328.05 - CyberLink Corp.)
DTS Sound (HKLM-x32\...\{9B17BBEC-CF31-4C23-949E-E65A14365CE1}) (Version: 1.01.6100 - DTS, Inc.)
Enchanted Cavern 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Evernote v. 5.4 (HKLM-x32\...\{59071464-DAEE-11E3-9080-00163E98E7D0}) (Version: 5.4.0.3698 - Evernote Corp.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
My Kingdom for the Princess 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
SecurityUtility Service (HKLM-x32\...\SecurityUtility Service) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
TOSHIBA Desktop Assist (HKLM\...\{C4CDCEF0-0A7A-4425-887C-33E39533D758}) (Version: 1.03.06.6403 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.5.3.6401 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.19 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.20C - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 3.01.02.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start Screen Option (HKLM\...\{06B71035-F19F-4F76-9875-FFCCD4FC3F83}) (Version: 1.00.01.6402 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.6.0 - Toshiba Europe GmbH)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Utility Common Driver (x32 Version: 1.0.53.4 - Compal) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.9 - WildTangent) Hidden
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

31-03-2015 18:07:16 Removed Microsoft Office

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {036A28FC-8218-4B85-ACFD-3CED3C19C4A8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-09] (Google Inc.)
Task: {25DD09B6-799C-4EEF-92C8-943A26F583EC} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-02-24] (Realtek Semiconductor)
Task: {437564ED-A837-43BF-89BF-15386C0D7BEE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)
Task: {90317545-4572-475F-87F6-9B0E4B6629AF} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2014-08-06] (Toshiba Europe GmbH)
Task: {981C0FBF-A4DB-4F25-9D4E-13EA1F6DE065} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.64\OptProLauncher.exe <==== ATTENTION
Task: {AE106684-22F6-4A37-9F7A-86501A982247} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B091D027-A992-4811-9AC6-A40955115DF1} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {DDDCE1C3-BED6-47DA-8E06-E504E5D2F355} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-09] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-03 23:30 - 2014-03-03 23:30 - 00021840 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2015-03-31 17:47 - 2015-03-31 17:39 - 00318464 _____ () C:\ProgramData\SecurityUtility\SecurityUtilitySrv.exe
2012-07-19 04:38 - 2012-07-19 04:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1510630325-336167275-949646124-1001\Control Panel\Desktop\\Wallpaper -> \\CRUCRU-PC\Users\Public\Pictures\20131014_095819.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1510630325-336167275-949646124-500 - Administrator - Disabled)
chrrudolph (S-1-5-21-1510630325-336167275-949646124-1001 - Administrator - Enabled) => C:\Users\chrrudolph
Gast (S-1-5-21-1510630325-336167275-949646124-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/01/2015 05:22:34 PM) (Source: MsiInstaller) (EventID: 11316) (User: crucru)
Description: Product: Amazon 1Button App -- Error 1316. A network error occurred while attempting to read from the file: C:\Windows\Installer\Amazon1ButtonApp-GB.msi

Error: (03/31/2015 06:39:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: crucru)
Description: Bei der Aktivierung der App „CyberLinkCorp.to.PowerMediaPlayerforToshiba_0nrkv0a31nfem!App“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (03/31/2015 06:07:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary McAfee Inc. mfencbdc.

System Error:
Das System kann die angegebene Datei nicht finden.
.


System errors:
=============
Error: (04/01/2015 03:46:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (03/31/2015 09:40:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (03/31/2015 08:14:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (03/31/2015 08:07:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (03/31/2015 07:03:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (03/31/2015 06:44:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Optimizer Pro Crash Monitor erreicht.

Error: (03/31/2015 06:18:30 PM) (Source: DCOM) (EventID: 10016) (User: crucru)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}crucruchrrudolphS-1-5-21-1510630325-336167275-949646124-1001LocalHost (unter Verwendung von LRPC)Microsoft.BingWeather_3.0.2.258_x64__8wekyb3d8bbweS-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330

Error: (03/31/2015 06:06:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee Validation Trust Protection Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/31/2015 06:04:34 PM) (Source: DCOM) (EventID: 10010) (User: crucru)
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (03/31/2015 06:04:04 PM) (Source: DCOM) (EventID: 10010) (User: crucru)
Description: {209500FC-6B45-4693-8871-6296C4843751}


Microsoft Office Sessions:
=========================
Error: (04/01/2015 05:22:34 PM) (Source: MsiInstaller) (EventID: 11316) (User: crucru)
Description: Product: Amazon 1Button App -- Error 1316. A network error occurred while attempting to read from the file: C:\Windows\Installer\Amazon1ButtonApp-GB.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/31/2015 06:39:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: crucru)
Description: CyberLinkCorp.to.PowerMediaPlayerforToshiba_0nrkv0a31nfem!App-2144927142

Error: (03/31/2015 06:07:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary McAfee Inc. mfencbdc.

System Error:
Das System kann die angegebene Datei nicht finden.


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz
Percentage of memory in use: 34%
Total physical RAM: 3982.88 MB
Available physical RAM: 2614.29 MB
Total Pagefile: 5390.88 MB
Available Pagefile: 3695.2 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (TI31383900A) (Fixed) (Total:453.55 GB) (Free:426.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
Zitat:
Zitat von Kronos60 Beitrag anzeigen
Ein anderer Vorschlag:

Du liest dir hiermit:
Windows 8 Product Key Viewer Download - PC Magazin
Den Produktkey aus.

Ladest dir hier:
Erstellen eines Installationsmediums für Windows*8.1 - Windows-Hilfe
Windows 8.1 runter.

So bist du den ganzen vorinstallierten Müll mit einem Schlag los ganz egal was darauf war, und du hast ein jungfräuliches Windows.
Hallo Kronos,

habe eben gesehen, das ich bereits Windows 8.1 (Bing) drauf habe.

Gruß
Christine
__________________
Alt 01.04.2015, 18:11   #3
Kronos60
 
Neues Laptop mit Windows 8 MYSTARTSEARCH als Startseite - Standard

Neues Laptop mit Windows 8 MYSTARTSEARCH als Startseite


Hi,

aber du hast keine/n DVD/Stick, das heißt du hast kein Medium zum formatieren, willst du das haben so musst du dir eine DVD brennen bzw. einen Stick erstellen, wenn du wissen willst was auf deinem System drauf ist so warte die Antwort von cosinus ab er wird sich sicherlich bald melden und formatiere erst nach seiner Analyse.
__________________
Antwort

Themen zu Neues Laptop mit Windows 8 MYSTARTSEARCH als Startseite
als startseite, angemeldet, auf einmal, aufruf, avira, bericht, bietet, deinstallation, durchgeführt, eingefangen, englisch, erhalte, festgestellt, gemeldet, gen, gültig, hinweis, klicke, klicken, konnte, korrekt, laden, laptop, mystartsearch, neues, problem, programm, scan, scanner, search, security, securitytoken, seite, seitenaufruf, startseite, thread, unterstützung, virenscan, virenscanner, vollversion, warnungen, windows, windows 8, worte


« Trojaner Fund durch Avira | AKM Virus eingefagen windows xp »


Ähnliche Themen: Neues Laptop mit Windows 8 MYSTARTSEARCH als Startseite


  1. Windows 7: Trojaner eingefangen, werde ihn nicht los (Crossbrowser, Mystartsearch, Malware-gen, Adware-gen usw.)
    Log-Analyse und Auswertung - 18.09.2015 (14)
  2. Neues Laptop
    Diskussionsforum - 10.09.2015 (9)
  3. Mystartsearch nicht zu entfernen; keine Windows Updates möglich
    Log-Analyse und Auswertung - 14.07.2015 (20)
  4. Windows 8.1 64-bit WindowsProtectManger.A / XTab.A / MyStartSearch.A Befall
    Log-Analyse und Auswertung - 17.04.2015 (10)
  5. Windows 8.1 Mystartsearch heruntergeladen
    Log-Analyse und Auswertung - 25.02.2015 (10)
  6. Neues Laptop bricht Updates ständig ab
    Alles rund um Windows - 03.01.2015 (19)
  7. Windows 7: Mystartsearch in allen Browsern, Search Protect im Hintergrund
    Log-Analyse und Auswertung - 20.12.2014 (5)
  8. Win7: Firefox: Startseite "mystartsearch.com" unentfernbar, Windows-manger-protect setup, Browservirus?
    Plagegeister aller Art und deren Bekämpfung - 01.12.2014 (20)
  9. Windows 7 - mystartsearch.com und Spyhunter 4 eingefangen
    Log-Analyse und Auswertung - 28.10.2014 (9)
  10. Mystartsearch windows explorer entfernen
    Plagegeister aller Art und deren Bekämpfung - 27.10.2014 (10)
  11. Windows 8 - Google Chrome / Internet Explorer starten nur über "mystartsearch"
    Log-Analyse und Auswertung - 15.10.2014 (19)
  12. Hp laptop startseite ändert sivh automatisch um
    Plagegeister aller Art und deren Bekämpfung - 09.04.2014 (7)
  13. Windows 8: Laptop nach "Conduit Search & Trovigo.com Startseite" sauber?
    Plagegeister aller Art und deren Bekämpfung - 17.02.2014 (7)
  14. Neues Laptop - notwendige Programme?
    Alles rund um Windows - 21.03.2012 (8)
  15. Neues Laptop, welche Programme brauche ich unbedingt?
    Mülltonne - 20.03.2012 (2)
  16. !!! Ein neues Laptop muss her !!!
    Netzwerk und Hardware - 12.02.2009 (1)
  17. Neues Programm für alten Laptop
    Alles rund um Windows - 01.12.2006 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Neues Laptop mit Windows 8 MYSTARTSEARCH als Startseite - Ein anderer Vorschlag: Du liest dir hiermit: http://www.pc-magazin.de/download/wi...r-2447518.html Den Produktkey aus. Ladest dir hier: http://windows.microsoft.com/de-de/w...-refresh-media Windows 8.1 runter. So bist du den ganzen vorinstallierten Müll mit einem Schlag los ganz - Neues Laptop mit Windows 8 MYSTARTSEARCH als Startseite...
Archiv
Du betrachtest: Neues Laptop mit Windows 8 MYSTARTSEARCH als Startseite auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131