Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.02.2015, 09:44   #1
Lichtkreacke
 
Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP - Standard

Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP



Hallo und Guten Morgen Trojaner-Board

Ich habe ein Problem, meine Frau hat durch den Download eines Audio Converters ein mir unbekanntes Programm mit installiert (Roll Around ads) das unermüdlich Werbung im Chrome Browser öffnet und kaum ein normales Surfen im Netz ermöglicht. Trotz deinstallation dieses Programms (Roll Around) bleibt das Problem bestehen und ich bin mit meinen Pc Kentnissen an meiner Grenze angelangt.

Ich habe unten schon einmal die FRST dateien angehängt.

MfG Lichtkreacke und ein schönes Danke schonmal im voraus.


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Ella (administrator) on ELLASPC on 20-02-2015 09:34:42
Running from C:\Users\Ella\Desktop
Loaded Profiles: Ella (Available profiles: Ella)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-02-12] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\...\Run: [BrowserChoice] => C:\Windows\BrowserChoice\browserchoice.exe [86816 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177624 2015-02-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164752 2015-02-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\Ella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-21-2637540996-3970094791-2190435111-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314932&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP2533B9D7-5D33-45F9-AB96-BEB2E5744CC2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637540996-3970094791-2190435111-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314932&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP2533B9D7-5D33-45F9-AB96-BEB2E5744CC2&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: No Name -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} ->  No File
BHO-x32: No Name -> {83c0e288-8fa0-43d3-acc7-c1e839d85abc} ->  No File
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKU\S-1-5-21-2637540996-3970094791-2190435111-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.de/search?q=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP75390A34-607F-43D4-9EFD-7E1EA003AB99&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2014-03-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-02]
CHR Extension: (YouTube) - C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-01]
CHR Extension: (Adblock Plus) - C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-10]
CHR Extension: (bloomind ct deepdark) - C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\djolekdiiojehgfggcjckachfgkkdmjd [2014-09-22]
CHR Extension: (Avira Browser Safety) - C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-07]
CHR Extension: (Google Wallet) - C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-18]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [pgifblbjgdjhcelbanblbhkhmbnnmhfg] - C:\Users\Ella\AppData\LocalLow\StumbleUpon\CHROME\StumbleUpon.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-02-12] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992048 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-11-28] (BitRaider, LLC)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-01-15] (Microsoft Corporation)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-01-15] (Overwolf LTD)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2014-11-28] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2013-07-03] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2014-11-28] (BitRaider)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2013-05-14] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 ttnfd; system32\drivers\ttnfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-20 09:34 - 2015-02-20 09:35 - 00018919 _____ () C:\Users\Ella\Desktop\FRST.txt
2015-02-20 09:34 - 2015-02-20 09:34 - 00000000 ____D () C:\FRST
2015-02-20 09:32 - 2015-02-20 09:32 - 02086912 _____ (Farbar) C:\Users\Ella\Desktop\FRST64.exe
2015-02-20 09:32 - 2015-02-20 09:32 - 00002390 _____ () C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Ella
2015-02-20 09:32 - 2015-02-20 09:32 - 00000292 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Ella.job
2015-02-20 09:26 - 2015-02-20 09:27 - 00000199 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-02-19 16:02 - 2015-02-19 16:02 - 00000000 ____D () C:\Users\Ella\AppData\Roaming\RHEng
2015-02-19 16:02 - 2015-02-19 16:02 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-02-19 16:00 - 2015-02-19 16:00 - 03533008 _____ (DVDVideoSoft Ltd. ) C:\Users\Ella\Downloads\FreeYouTubeToMP3Converter.exe
2015-02-13 12:44 - 2015-02-13 12:44 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-02-13 12:44 - 2015-02-13 12:44 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-02-13 12:43 - 2015-02-13 12:43 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-02-13 12:42 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 18575880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 16017040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 14119744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-02-13 12:42 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 03299512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434752.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434752.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00031376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-02-13 12:42 - 2015-02-05 22:01 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-02-12 12:05 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 12:05 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 11:57 - 2015-02-20 08:53 - 00000256 _____ () C:\WINDOWS\Tasks\ASC8_SkipUac_Ella.job
2015-02-12 11:57 - 2015-02-12 11:57 - 00003180 _____ () C:\WINDOWS\System32\Tasks\ASC8_PerformanceMonitor
2015-02-12 11:57 - 2015-02-12 11:57 - 00002354 _____ () C:\WINDOWS\System32\Tasks\ASC8_SkipUac_Ella
2015-02-12 11:57 - 2015-02-12 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-02-12 11:57 - 2015-02-12 11:57 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-02-12 11:51 - 2015-02-12 11:52 - 44439248 _____ (IObit ) C:\Users\Ella\Downloads\advanced-systemcare-setup.exe
2015-02-11 12:16 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 12:16 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 12:16 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 12:16 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 12:16 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 12:16 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 12:16 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 12:16 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 12:16 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 12:16 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 12:16 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 12:16 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 12:16 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 12:15 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 12:15 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 12:15 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 12:15 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 12:15 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 12:15 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 12:15 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 12:15 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 12:15 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 12:15 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 12:15 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 12:15 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 12:15 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 12:15 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 12:15 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 12:15 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 12:15 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 12:15 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 12:15 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 12:15 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 12:15 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 12:15 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 12:15 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 12:15 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 12:15 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 12:15 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 12:15 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 12:15 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 12:15 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 12:15 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 12:15 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 12:15 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 12:15 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 12:15 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 12:15 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 12:15 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 12:15 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 12:15 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 12:15 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 12:15 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 12:15 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 12:15 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 12:15 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 12:15 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 12:15 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-10 08:53 - 2015-02-10 08:53 - 00007630 _____ () C:\Users\Ella\Downloads\Super Silo Trigger.zip
2015-02-06 07:45 - 2015-02-03 20:31 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-06 07:45 - 2015-02-03 20:31 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 12:37 - 2015-02-20 08:42 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 12:37 - 2015-02-20 08:23 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 00:23 - 2015-01-27 00:23 - 00014464 _____ (Western Digital Technologies) C:\WINDOWS\system32\Drivers\wdcsam64.sys
2015-01-24 15:01 - 2015-01-24 15:01 - 05317104 _____ (Piriform Ltd) C:\Users\Ella\Downloads\ccsetup501.exe
2015-01-23 07:06 - 2015-01-23 07:06 - 00087598 _____ () C:\Users\Ella\Desktop\faceless schablone.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-20 09:33 - 2013-11-19 16:13 - 01448448 ___SH () C:\Users\Ella\Downloads\Thumbs.db
2015-02-20 09:32 - 2013-11-28 09:56 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-20 09:03 - 2014-11-28 13:58 - 01099021 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-20 09:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-20 08:54 - 2013-10-21 13:33 - 00136192 ___SH () C:\Users\Ella\Desktop\Thumbs.db
2015-02-20 08:53 - 2014-09-25 18:49 - 00000000 ____D () C:\Users\Ella\AppData\Roaming\TS3Client
2015-02-20 08:42 - 2013-10-21 09:40 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-20 08:25 - 2013-10-21 13:32 - 00000000 ___DO () C:\Users\Ella\SkyDrive
2015-02-20 08:22 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-20 08:21 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-20 08:05 - 2013-10-21 13:38 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2B7603EC-F7C0-459B-98A5-972B194561F0}
2015-02-20 00:04 - 2013-03-21 21:26 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2637540996-3970094791-2190435111-1002
2015-02-19 16:23 - 2013-09-06 16:58 - 00000000 ____D () C:\Users\Ella\Desktop\Youtube Musik
2015-02-19 16:03 - 2013-07-01 09:16 - 00000000 ____D () C:\Users\Ella\AppData\Roaming\DVDVideoSoft
2015-02-19 16:02 - 2013-07-01 10:10 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-02-19 16:02 - 2013-07-01 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-17 21:04 - 2013-11-08 09:46 - 00000000 ____D () C:\Users\Ella\AppData\Roaming\vlc
2015-02-17 19:37 - 2013-11-08 09:47 - 00000000 ____D () C:\Users\Ella\AppData\Roaming\dvdcss
2015-02-15 17:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-13 16:10 - 2013-11-28 10:18 - 00000000 ____D () C:\Users\Ella\Desktop\AdvancedSystemCare
2015-02-13 12:44 - 2013-10-21 12:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-12 13:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 13:18 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 11:57 - 2013-11-28 09:56 - 00000000 ____D () C:\Users\Ella\AppData\Roaming\IObit
2015-02-12 11:57 - 2013-11-28 09:56 - 00000000 ____D () C:\ProgramData\IObit
2015-02-12 11:57 - 2013-11-28 09:56 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-02-12 11:54 - 2013-11-28 09:56 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2015-02-12 11:51 - 2013-09-30 05:14 - 01804092 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-12 11:51 - 2013-09-30 04:56 - 00775588 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-12 11:51 - 2013-09-30 04:56 - 00163774 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-12 11:50 - 2013-10-24 10:53 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-02-12 11:50 - 2013-10-24 10:53 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-02-12 11:50 - 2013-10-24 10:53 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-02-11 23:00 - 2014-12-10 21:41 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 23:00 - 2014-07-09 11:04 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-05 20:07 - 2014-03-14 22:08 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-02-05 20:07 - 2013-10-21 12:59 - 06861128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-02-05 20:07 - 2013-10-21 12:59 - 03517584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-02-05 20:07 - 2013-10-21 12:59 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-02-05 20:07 - 2013-10-21 12:59 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-02-05 20:06 - 2013-10-21 12:59 - 01098384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-02-05 20:06 - 2013-10-21 12:59 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-02-05 20:06 - 2013-10-21 12:59 - 00074896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-02-05 13:50 - 2013-10-21 12:59 - 04236870 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-02-04 19:42 - 2013-10-21 09:40 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 12:37 - 2013-04-22 08:31 - 00004106 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 12:37 - 2013-04-22 08:31 - 00003870 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-02 23:04 - 2014-12-22 08:46 - 00000000 ____D () C:\Procurement
2015-01-25 18:48 - 2014-09-25 18:47 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-01-24 21:14 - 2014-12-07 18:06 - 00000000 ____D () C:\Users\Ella\Desktop\POESkillTree1.5
2015-01-24 15:01 - 2013-05-24 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-24 15:01 - 2013-03-21 21:36 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-24 15:01 - 2013-03-21 21:36 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-24 12:50 - 2014-12-23 13:07 - 00000000 ____D () C:\Users\Ella\Desktop\A Thousand Years Of Plagues
2015-01-23 22:22 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-01-23 22:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-01-23 22:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-01-23 22:21 - 2013-09-30 04:59 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-23 22:21 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-01-23 22:21 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-01-23 22:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2015-01-23 22:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-01-23 22:20 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-01-23 22:18 - 2013-08-22 16:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2015-01-23 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-01-23 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-01-23 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2015-01-23 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-01-23 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2015-01-23 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME
2015-01-23 22:18 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-01-23 22:18 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-01-23 22:18 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-01-23 22:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-01-23 22:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-01-23 22:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-01-23 22:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-01-23 22:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-01-23 22:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-01-23 10:27 - 2013-12-03 19:50 - 00000000 ____D () C:\Users\Ella\Desktop\POKEMON
2015-01-23 08:50 - 2013-03-21 21:17 - 00000000 ____D () C:\Users\Ella\AppData\Local\Packages

==================== Files in the root of some directories =======

2014-05-08 10:12 - 2003-09-03 06:46 - 0010960 _____ () C:\Program Files (x86)\EULA.txt
2013-03-29 00:53 - 2014-05-08 10:12 - 0000757 _____ () C:\Program Files (x86)\INSTALL.LOG
2014-05-08 10:12 - 2003-12-18 10:33 - 0020102 _____ () C:\Program Files (x86)\Readme.txt
2014-01-10 14:48 - 2014-01-10 14:48 - 0000132 _____ () C:\Users\Ella\AppData\Roaming\Adobe Targa-Format CC - Voreinstellungen
2014-09-21 07:54 - 2014-09-21 21:36 - 0000322 _____ () C:\Users\Ella\AppData\Roaming\aps.uninstall.scan.results
2013-03-21 21:21 - 2013-09-10 10:16 - 0000408 _____ () C:\Users\Ella\AppData\Roaming\sp_data.sys
2014-06-18 06:11 - 2014-06-18 06:11 - 0000024 _____ () C:\Users\Ella\AppData\Roaming\temp.ini
2014-09-21 21:33 - 2014-09-21 21:33 - 0612072 _____ (ClickMeIn Limited) C:\Users\Ella\AppData\Local\nsh52DD.tmp
2014-09-21 07:52 - 2014-09-21 07:52 - 0627504 _____ () C:\Users\Ella\AppData\Local\nsxE02F.tmp
2014-01-10 10:54 - 2014-01-10 10:54 - 0019326 _____ () C:\Users\Ella\AppData\Local\recently-used.xbel
2013-07-26 10:56 - 2014-04-13 02:08 - 0007602 _____ () C:\Users\Ella\AppData\Local\Resmon.ResmonCfg
2014-12-04 23:29 - 2014-12-04 23:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-20 09:26 - 2015-02-20 09:27 - 0000199 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-08-17 01:52 - 2012-07-30 07:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-17 01:52 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\Ella\AppData\Local\Temp\avgnt.exe
C:\Users\Ella\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-15 04:12

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by Ella at 2015-02-20 09:35:49
Running from C:\Users\Ella\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements 1.0 (HKLM-x32\...\4 Elements_is1) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.1.0 - IObit)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.624 - Avira)
BDE Information Utility (HKLM-x32\...\BDE Information Utility) (Version:  - InterBase Installation Info (and BDE Information Utility))
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Blitzkrieg Mod (HKLM-x32\...\Blitzkrieg) (Version: 4.7.0.0 - Blitzkrieg Mod Team)
Cave Quest (HKLM-x32\...\Cave Quest) (Version: 1.0.0.0 - INTENIUM GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Christmasville (HKLM-x32\...\{D178746E-0919-424E-88A7-81A0E46FF03E}) (Version: 1.00.0000 - Purplehills)
Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0 - THQ Inc.) Hidden
Der Stein der Weisen (HKLM-x32\...\Der Stein der Weisen) (Version:  - )
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH)
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version:  - )
Eastern Front (HKLM-x32\...\Eastern Front) (Version: 2.2.0.0 - )
Farm Craft 2 (HKLM-x32\...\Farm Craft 2) (Version: 1.0.0.0 - INTENIUM GmbH)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube Download version 3.2.12.827 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.12.827 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
FX MOD 2.1 (HKLM-x32\...\HW2 FX-MOD_is1) (Version:  - 9CCNMOD×é)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Homeworld2 (HKLM-x32\...\Homeworld2) (Version:  - Sierra)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
Java 7 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417072FF}) (Version: 7.0.720 - Oracle)
Keepsake (HKLM-x32\...\Keepsake) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software 8.46 (HKLM\...\Logitech Gaming Software) (Version: 8.46.27 - Logitech Inc.)
Mahjongg Artifacts (HKLM-x32\...\Mahjongg Artifacts) (Version:  - )
Mahjongg Artifacts 2 (HKLM-x32\...\Mahjongg Artifacts 2) (Version:  - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Modern Combat (x32 Version: 1.016 - BSS Modern Combat Dev Team) Hidden
MyFreeCodec (HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\...\MyFreeCodec) (Version:  - )
Mysteryville 2 (HKLM-x32\...\{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}) (Version: 1.00.0000 - Mysteryville 2)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.82.106.0 - Overwolf Ltd.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.2.4.37376 - Grinding Gear Games)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerTeacher Version 10.3.P518 (HKLM-x32\...\PowerTeacher_is1) (Version: 10.3.P518 - admigro media GmbH)
Procurement version 1.9.0 (HKLM-x32\...\{E91043A6-7DC5-4C8A-A6E4-9D618A0B80D4}_is1) (Version: 1.9.0 - Stickymaddness)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.59 - Bioware/EA)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows-Treiberpaket - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-01-2015 12:35:19 Geplanter Prüfpunkt
05-02-2015 08:04:40 Geplanter Prüfpunkt
11-02-2015 14:56:36 Windows Update
15-02-2015 12:11:36 Windows Update
19-02-2015 09:51:00 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B1F9E67-D150-45CC-B590-B61A07AA038F} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2013-11-28] ()
Task: {14299428-91E6-44CB-8703-9CABB6BFC766} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {1A06EE5C-3AEC-4E9B-88CC-AB8105A39C84} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {1A0C4F64-B745-4F90-B38B-64B07266BF24} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {343AC9E7-941B-4A5C-B181-4826CDDC487A} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {34A2DC81-7809-4F82-84F2-1601B181E8A0} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-01-23] (IObit)
Task: {36084E68-FF74-4C12-AA2D-F9A3FB560692} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {3D83207D-50D0-47FA-8D93-0399FDF3FD54} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {4B7FD04D-09F5-4888-B484-172A3772F3F5} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-01-15] (Overwolf LTD)
Task: {5653BA3B-88A1-421C-9426-DA4854FC293D} - System32\Tasks\Uninstaller_SkipUac_Ella => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {65D5AD10-5136-4F15-A8DF-BB71D6727C8C} - System32\Tasks\Driver Booster SkipUAC (Ella) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {6942EDB3-E733-4509-9F11-4E3504CE820D} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION
Task: {750D0A08-7FC7-4721-B41C-4E1F8F49286C} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {93416692-9BCA-404E-9915-8F9E120E8EA9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {93ED25B8-0DAC-4E61-8113-16665853762E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {A316FD26-ABBC-4A69-BC71-AD5DBBAAFBA6} - System32\Tasks\ASC8_SkipUac_Ella => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-01-27] (IObit)
Task: {BFCD09CE-55F9-4E0D-A833-DA04BB9E64D2} - System32\Tasks\{8442BAEF-2BD4-461B-9730-22719A3B98E2} => pcalua.exe -a E:\AutoStarter.exe -d E:\
Task: {C3BED641-58D1-42AA-B84D-817943218EF3} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {CDA7B0CB-33F3-47AF-AF7C-1C62B1FDAB90} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {CFE0BA70-78B6-4454-A986-CEB0C1D298E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {D4693AAD-2391-4685-905E-CC38A2674601} - System32\Tasks\{798307B0-C760-46A1-A6F3-9ACDF90EE166} => pcalua.exe -a C:\Users\Ella\Pictures\ella\setup.exe -d C:\Users\Ella\Pictures\ella
Task: {D6A576F4-4FB7-4229-8613-B63B507D6E51} - System32\Tasks\ASP => C:\Program Files (x86)\RCP\systweakasp.exe
Task: {F826BB1B-8FD9-4CD8-A838-4D643F425AB0} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Ella.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Ella.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-13 12:42 - 2015-02-05 22:01 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-21 12:59 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-01-10 13:49 - 2011-01-10 13:49 - 00014848 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2013-08-08 17:03 - 2014-11-28 14:12 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-10-01 13:02 - 2013-10-01 13:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-02-12 11:57 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2013-11-28 09:56 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-02-12 11:57 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-02-12 11:57 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-02-12 11:57 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2012-11-01 17:39 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Ella\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Ella\Downloads\maxresdefault.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run32: => "ASUSWebStorage"
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\...\StartupApproved\Run: => "BrowserChoice"
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\...\StartupApproved\Run: => "Advanced SystemCare 7"

==================== Accounts: =============================

Administrator (S-1-5-21-2637540996-3970094791-2190435111-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2637540996-3970094791-2190435111-1026 - Limited - Enabled)
Ella (S-1-5-21-2637540996-3970094791-2190435111-1002 - Administrator - Enabled) => C:\Users\Ella
Gast (S-1-5-21-2637540996-3970094791-2190435111-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2637540996-3970094791-2190435111-1084 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2015 08:53:44 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-2637540996-3970094791-2190435111-1002}/">.

Error: (02/20/2015 08:25:03 AM) (Source: ESENT) (EventID: 455) (User: )
Description: SettingSyncHost (1252) {BF4947F5-01F4-4620-9118-ECAB2FF845A9}: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\Users\Ella\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\edb00006.log.

Error: (02/20/2015 08:23:54 AM) (Source: ESENT) (EventID: 455) (User: )
Description: SettingSyncHost (1252) {29369395-0E20-4727-9F69-57153E668E51}: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\Users\Ella\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb0000A.log.

Error: (02/20/2015 08:20:37 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (02/20/2015 08:20:37 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (02/20/2015 08:04:27 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (02/20/2015 08:04:27 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 

Error: (02/20/2015 08:04:27 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4

Error: (02/20/2015 08:04:27 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (02/20/2015 08:04:27 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4


System errors:
=============
Error: (02/20/2015 08:23:24 AM) (Source: DCOM) (EventID: 10016) (User: ELLASPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}EllasPcEllaS-1-5-21-2637540996-3970094791-2190435111-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (02/20/2015 08:23:23 AM) (Source: DCOM) (EventID: 10016) (User: ELLASPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}EllasPcEllaS-1-5-21-2637540996-3970094791-2190435111-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (02/20/2015 08:23:22 AM) (Source: DCOM) (EventID: 10016) (User: ELLASPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}EllasPcEllaS-1-5-21-2637540996-3970094791-2190435111-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (02/20/2015 08:23:22 AM) (Source: DCOM) (EventID: 10016) (User: ELLASPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}EllasPcEllaS-1-5-21-2637540996-3970094791-2190435111-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (02/20/2015 08:23:22 AM) (Source: DCOM) (EventID: 10016) (User: ELLASPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}EllasPcEllaS-1-5-21-2637540996-3970094791-2190435111-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (02/20/2015 08:23:22 AM) (Source: DCOM) (EventID: 10016) (User: ELLASPC)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}EllasPcEllaS-1-5-21-2637540996-3970094791-2190435111-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (02/20/2015 08:22:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Service Mgr RollAround" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (02/19/2015 09:53:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software für Windows 8, 8.1 und Windows Server 2012, 2012 R2 x64 Edition - Februar 2015 (KB890830)

Error: (02/15/2015 00:12:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Windows-Tool zum Entfernen bösartiger Software für Windows 8, 8.1 und Windows Server 2012, 2012 R2 x64 Edition - Februar 2015 (KB890830)

Error: (02/12/2015 11:57:27 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Advanced SystemCare Service 8" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.


Microsoft Office Sessions:
=========================
Error: (02/20/2015 08:53:44 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-2637540996-3970094791-2190435111-1002}/

Error: (02/20/2015 08:25:03 AM) (Source: ESENT) (EventID: 455) (User: )
Description: SettingSyncHost1252{BF4947F5-01F4-4620-9118-ECAB2FF845A9}: C:\Users\Ella\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\edb00006.log-1811 (0xfffff8ed)

Error: (02/20/2015 08:23:54 AM) (Source: ESENT) (EventID: 455) (User: )
Description: SettingSyncHost1252{29369395-0E20-4727-9F69-57153E668E51}: C:\Users\Ella\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb0000A.log-1811 (0xfffff8ed)

Error: (02/20/2015 08:20:37 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (02/20/2015 08:20:37 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: Das Handle ist ungültig

Error: (02/20/2015 08:04:27 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4

Error: (02/20/2015 08:04:27 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 

Error: (02/20/2015 08:04:27 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL4

Error: (02/20/2015 08:04:27 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4

Error: (02/20/2015 08:04:27 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 30%
Total physical RAM: 3981.48 MB
Available physical RAM: 2783.05 MB
Total Pagefile: 4941.48 MB
Available Pagefile: 3504.3 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:109.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.44 GB) (Free:255.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B19F8D36)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Bitte dies zu endschuldigen hier nun wie gewünscht.

Und GMER datei noch zusätzlich allerding ist hier ein Problem aufgetreten was mich leicht schockte ich konnte meinen Viren scanner nicht deaktivieren da ich keine Rechte hiefür hätte dadurch konnte er wahrscheinlich nicht auf diese Datei zugreifen (C:\WINDOWS\system32\csrss.exe).

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-20 10:06:46
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000031 TOSHIBA_MQ01ABD050 rev.AX002J 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Ella\AppData\Local\Temp\fxldapow.sys


---- User code sections - GMER 2.1 ----

.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation    00007ff9af5a3e10 7 bytes JMP 00007ffaad9a0260
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW           00007ff9af5a3e20 7 bytes JMP 00007ffaad9a0298
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW             00007ff9af6539b0 7 bytes JMP 00007ffaad9a0340
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW            00007ff9af653ef0 7 bytes JMP 00007ffaad9a02d0
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA             00007ff9af653fe0 7 bytes JMP 00007ffaad9a0308
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx    00007ff9af6806c0 7 bytes JMP 00007ffaad9a01f0
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW      00007ff9af680730 7 bytes JMP 00007ffaad9a0228
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary              00007ff9ada021d0 5 bytes JMP 00007ffaad9a0180
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW         00007ff9ada029d0 7 bytes JMP 00007ffaad9a00d8
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW       00007ff9ada04310 5 bytes JMP 00007ffaad9a0110
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW           00007ff9ada08d80 5 bytes JMP 00007ffaad9a0148
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW     00007ff9ada7f0b0 5 bytes JMP 00007ffaad9a01b8
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\USER32.dll!CreateWindowExW              00007ff9b0106d90 1 byte JMP 00007ffaad9a0420
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2          00007ff9b0106d92 8 bytes {JMP 0xfffffffffd899690}
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW          00007ff9b01174a0 5 bytes JMP 00007ffaad9a03e8
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo   00007ff9b0117560 9 bytes JMP 00007ffaad9a0378
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW     00007ff9b0117730 5 bytes JMP 00007ffaad9a0458
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA          00007ff9b0126b10 5 bytes JMP 00007ffaad9a03b0
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList      00007ff9b0281500 1 byte JMP 00007ffaad9a0490
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2  00007ff9b0281502 6 bytes {JMP 0xfffffffffd71ef90}
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo        00007ff9b0281750 8 bytes JMP 00007ffaad9a04c8
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory              00007ff9aae87750 5 bytes JMP 00007ffaaad300d8
.text   C:\WINDOWS\system32\dwm.exe[908] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1             00007ff9aae88ee0 5 bytes JMP 00007ffaaad30110

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [600:624]                                                      fffff9600094b2d0

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                        unknown MBR code

---- EOF - GMER 2.1 ----
         
Angehängte Dateien
Dateityp: txt FRST.txt (43,3 KB, 119x aufgerufen)
Dateityp: txt Addition.txt (27,9 KB, 126x aufgerufen)

Geändert von Lichtkreacke (20.02.2015 um 10:09 Uhr)

Alt 20.02.2015, 09:52   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP - Standard

Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP



Hi und

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 20.02.2015, 12:16   #3
Lichtkreacke
 
Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP - Standard

Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP



Hab das ganze im 1 Post Rein editiert hoffe es ist in ordnung so !
__________________

Alt 20.02.2015, 12:18   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP - Standard

Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP



So isses schick, Ella!


Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!





Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.02.2015, 12:33   #5
Lichtkreacke
 
Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP - Standard

Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP



Ella is meine Frau aber ich darf mich um Pc probleme kümmern .

Da das Problem erst seit heute aufgetreten ist und der letzte scan mehr als 14 Tage her ist habe ich keine weitere Log .

Ausser als ich vorhin GMER scan durchgefürt habe hat mein Avira angeschlagen hab hier mal die Qurantäne log von meinem Avira vieleicht hilft es ja doch .
Code:
ATTFilter

Typ:	Datei
Quelle:	C:\Users\Ella\AppData\Local\Microsoft\Windows\INetCache\IE\H157MSNM\BlockAndSurf_2222-5510[1].exe
Status:	Infiziert
Quarantäne-Objekt:	511438d0.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.24.30
Virendefinitionsdatei:	8.11.175.222
Gefunden:	ADWARE/Graftor.155899.102
Datum/Uhrzeit:	01.10.2014, 09:23


Typ:	Datei
Quelle:	C:\Users\Ella\AppData\Local\Microsoft\Windows\INetCache\IE\FVNA314L\setup_fst_de[1].exe
Status:	Infiziert
Quarantäne-Objekt:	5104950d.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.24.26
Virendefinitionsdatei:	8.11.173.140
Gefunden:	ADWARE/EoRezo.eid.190
Datum/Uhrzeit:	21.09.2014, 22:43


Typ:	Datei
Quelle:	C:\Users\Ella\Downloads\dying fetus reign supreme zip__3516_i635015354_il15269756.exe
Status:	Infiziert
Quarantäne-Objekt:	5793de88.qua
Wiederhergestellt:	NEIN
Zu Avira hochgeladen:	NEIN
Betriebssystem:	Windows XP/VISTA Workstation/Windows 7
Suchengine:	8.03.18.12
Virendefinitionsdatei:	7.11.147.86
Gefunden:	ADWARE/Adware.Gen2
Datum/Uhrzeit:	05.05.2014, 10:31
         


Alt 20.02.2015, 13:23   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP - Standard

Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
--> Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP

Alt 20.02.2015, 14:02   #7
Lichtkreacke
 
Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP - Standard

Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP



So wie gewünscht

adwCleaner

Code:
ATTFilter
# AdwCleaner v4.111 - Bericht erstellt 20/02/2015 um 13:50:48
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-02-18.3 [Server]
# Betriebssystem : Windows 8.1  (x64)
# Benutzername : Ella - ELLASPC
# Gestarted von : C:\Users\Ella\Desktop\AdwCleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : TTNFD

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Infigo
Ordner Gelöscht : C:\Users\Ella\AppData\Local\BeamriseUninstall
Ordner Gelöscht : C:\Users\Ella\AppData\Local\lollipop
Ordner Gelöscht : C:\Users\Ella\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Ella\AppData\Local\CrashRpt
Ordner Gelöscht : C:\Users\Ella\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Ella\AppData\LocalLow\holasearch
Ordner Gelöscht : C:\Users\Ella\AppData\Roaming\ap_logs
Ordner Gelöscht : C:\Users\Ella\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Ella\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Ella\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Ella\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Ella\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\Ella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gelöscht : C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
Datei Gelöscht : C:\END
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\Users\Ella\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Geplante Tasks ] *****

Task Gelöscht : APSnotifierPP1
Task Gelöscht : APSnotifierPP2
Task Gelöscht : APSnotifierPP3
Task Gelöscht : ASP
Task Gelöscht : BitGuard

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Ella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\StumbleUpon.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKCU\Software\5f4dad8e739bf15
Schlüssel Gelöscht : HKLM\SOFTWARE\5f4dad8e739bf15
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6CB99040-7828-4C37-AC01-F15758F43E4D}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StumbleUpon
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Webplayer
Schlüssel Gelöscht : HKCU\Software\DriverTuner_Init
Schlüssel Gelöscht : HKCU\Software\DriverTuner
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BlockAndSurf
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Plus-HD-1.6
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\StumbleUpon
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\TermTutor
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7

***** [ Internetbrowser ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Google Chrome v40.0.2214.115

[C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=42411E85DE72F434&affID=121565&tt=160913_m1&tsp=5014
[C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP75390A34-607F-43D4-9EFD-7E1EA003AB99&q={searchTerms}&SSPV=

-\\ Chromium v

[C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=42411E85DE72F434&affID=121565&tt=160913_m1&tsp=5014
[C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP75390A34-607F-43D4-9EFD-7E1EA003AB99&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [9036 Bytes] - [20/02/2015 13:49:21]
AdwCleaner[S0].txt - [8596 Bytes] - [20/02/2015 13:50:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8655  Bytes] ##########
         
JRT Log

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Ella on 20.02.2015 at 13:57:52,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update glindorus
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util glindorus
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440344204402}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440344204402}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440344204402}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311201102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440344204402}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83c0e288-8fa0-43d3-acc7-c1e839d85abc}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{83c0e288-8fa0-43d3-acc7-c1e839d85abc}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83c0e288-8fa0-43d3-acc7-c1e839d85abc}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{83c0e288-8fa0-43d3-acc7-c1e839d85abc}



~~~ Files

Successfully deleted: [File] "C:\Users\Ella\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Ella\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.02.2015 at 13:59:53,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
und frischer FRST Scan


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01
Ran by Ella (administrator) on ELLASPC on 20-02-2015 14:01:04
Running from C:\Users\Ella\Desktop
Loaded Profiles: Ella (Available profiles: Ella)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-24] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-02-12] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\...\Run: [BrowserChoice] => C:\Windows\BrowserChoice\browserchoice.exe [86816 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2428704 2015-01-20] (IObit)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177624 2015-02-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164752 2015-02-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\Ella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2637540996-3970094791-2190435111-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314932&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP2533B9D7-5D33-45F9-AB96-BEB2E5744CC2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637540996-3970094791-2190435111-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314932&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP2533B9D7-5D33-45F9-AB96-BEB2E5744CC2&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2637540996-3970094791-2190435111-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.de/search?q=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP75390A34-607F-43D4-9EFD-7E1EA003AB99&SSPV="
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-02]
CHR Extension: (YouTube) - C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-01]
CHR Extension: (Adblock Plus) - C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-10]
CHR Extension: (bloomind ct deepdark) - C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\djolekdiiojehgfggcjckachfgkkdmjd [2014-09-22]
CHR Extension: (Avira Browser Safety) - C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-07]
CHR Extension: (Google Wallet) - C:\Users\Ella\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-18]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-02-12] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [992048 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-11-28] (BitRaider, LLC)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-01-15] (Microsoft Corporation)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-13] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998640 2015-01-15] (Overwolf LTD)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2014-11-28] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2013-07-03] ()
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2014-11-28] (BitRaider)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2013-05-14] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-20 14:01 - 2015-02-20 14:01 - 00017985 _____ () C:\Users\Ella\Desktop\FRST.txt
2015-02-20 13:59 - 2015-02-20 13:59 - 00002800 _____ () C:\Users\Ella\Desktop\JRT.txt
2015-02-20 13:56 - 2015-02-20 13:56 - 01388274 _____ (Thisisu) C:\Users\Ella\Desktop\JRT.exe
2015-02-20 13:54 - 2015-02-20 13:54 - 00008783 _____ () C:\Users\Ella\Desktop\AdwCleaner[S0].txt
2015-02-20 13:53 - 2015-02-20 13:53 - 00000231 _____ () C:\WINDOWS\setupact.log
2015-02-20 13:53 - 2015-02-20 13:53 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-20 13:52 - 2015-02-20 13:52 - 05028784 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-20 13:52 - 2015-02-20 13:52 - 00000806 _____ () C:\WINDOWS\PFRO.log
2015-02-20 13:50 - 2015-02-20 13:55 - 00001380 _____ () C:\Users\Ella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-02-20 13:47 - 2015-02-20 13:50 - 00000000 ____D () C:\AdwCleaner
2015-02-20 13:46 - 2015-02-20 13:46 - 02126848 _____ () C:\Users\Ella\Desktop\AdwCleaner_4.111.exe
2015-02-20 10:06 - 2015-02-20 10:06 - 00004052 _____ () C:\Users\Ella\Desktop\Gmer.log
2015-02-20 09:56 - 2015-02-20 09:56 - 00380416 _____ () C:\Users\Ella\Desktop\Gmer-19357.exe
2015-02-20 09:34 - 2015-02-20 14:01 - 00000000 ____D () C:\FRST
2015-02-20 09:32 - 2015-02-20 09:32 - 02086912 _____ (Farbar) C:\Users\Ella\Desktop\FRST64.exe
2015-02-20 09:32 - 2015-02-20 09:32 - 00002390 _____ () C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Ella
2015-02-20 09:32 - 2015-02-20 09:32 - 00000292 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Ella.job
2015-02-20 09:26 - 2015-02-20 09:27 - 00000199 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2015-02-19 16:02 - 2015-02-19 16:02 - 00000000 ____D () C:\Program Files (x86)\Free Codec Pack
2015-02-19 16:00 - 2015-02-19 16:00 - 03533008 _____ (DVDVideoSoft Ltd. ) C:\Users\Ella\Downloads\FreeYouTubeToMP3Converter.exe
2015-02-13 12:44 - 2015-02-13 12:44 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-02-13 12:44 - 2015-02-13 12:44 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-02-13 12:43 - 2015-02-13 12:43 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2015-02-13 12:42 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 18575880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 16017040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 14119744 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-02-13 12:42 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 03299512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434752.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434752.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00995248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00877816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00353224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00305136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-02-13 12:42 - 2015-02-05 22:01 - 00031376 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-02-13 12:42 - 2015-02-05 22:01 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-02-12 12:05 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-12 12:05 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 11:57 - 2015-02-20 08:53 - 00000256 _____ () C:\WINDOWS\Tasks\ASC8_SkipUac_Ella.job
2015-02-12 11:57 - 2015-02-12 11:57 - 00003180 _____ () C:\WINDOWS\System32\Tasks\ASC8_PerformanceMonitor
2015-02-12 11:57 - 2015-02-12 11:57 - 00002354 _____ () C:\WINDOWS\System32\Tasks\ASC8_SkipUac_Ella
2015-02-12 11:57 - 2015-02-12 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-02-12 11:57 - 2015-02-12 11:57 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-02-12 11:51 - 2015-02-12 11:52 - 44439248 _____ (IObit ) C:\Users\Ella\Downloads\advanced-systemcare-setup.exe
2015-02-11 12:16 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 12:16 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 12:16 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 12:16 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 12:16 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 12:16 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 12:16 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 12:16 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 12:16 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 12:16 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 12:16 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 12:16 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 12:16 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 12:15 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 12:15 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 12:15 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 12:15 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 12:15 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 12:15 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 12:15 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 12:15 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 12:15 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 12:15 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 12:15 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 12:15 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 12:15 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 12:15 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 12:15 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 12:15 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 12:15 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 12:15 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 12:15 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 12:15 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 12:15 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 12:15 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 12:15 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 12:15 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 12:15 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 12:15 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 12:15 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 12:15 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 12:15 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 12:15 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 12:15 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 12:15 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 12:15 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 12:15 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 12:15 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 12:15 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 12:15 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 12:15 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 12:15 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 12:15 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 12:15 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 12:15 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 12:15 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 12:15 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 12:15 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-10 08:53 - 2015-02-10 08:53 - 00007630 _____ () C:\Users\Ella\Downloads\Super Silo Trigger.zip
2015-02-06 07:45 - 2015-02-03 20:31 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-06 07:45 - 2015-02-03 20:31 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 12:37 - 2015-02-20 13:53 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 12:37 - 2015-02-20 13:42 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-27 00:23 - 2015-01-27 00:23 - 00014464 _____ (Western Digital Technologies) C:\WINDOWS\system32\Drivers\wdcsam64.sys
2015-01-24 15:01 - 2015-01-24 15:01 - 05317104 _____ (Piriform Ltd) C:\Users\Ella\Downloads\ccsetup501.exe
2015-01-23 07:06 - 2015-01-23 07:06 - 00087598 _____ () C:\Users\Ella\Desktop\faceless schablone.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-20 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-20 13:54 - 2013-10-21 13:32 - 00000000 ___DO () C:\Users\Ella\SkyDrive
2015-02-20 13:53 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-20 13:51 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-20 13:45 - 2014-09-25 18:49 - 00000000 ____D () C:\Users\Ella\AppData\Roaming\TS3Client
2015-02-20 13:42 - 2013-10-21 09:40 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-20 13:40 - 2014-11-28 13:58 - 01127608 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-20 13:30 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-20 11:43 - 2013-03-21 21:26 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2637540996-3970094791-2190435111-1002
2015-02-20 09:47 - 2013-10-21 13:33 - 00156672 ___SH () C:\Users\Ella\Desktop\Thumbs.db
2015-02-20 09:33 - 2013-11-19 16:13 - 01448448 ___SH () C:\Users\Ella\Downloads\Thumbs.db
2015-02-20 09:32 - 2013-11-28 09:56 - 00000000 ____D () C:\ProgramData\ProductData
2015-02-20 08:05 - 2013-10-21 13:38 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2B7603EC-F7C0-459B-98A5-972B194561F0}
2015-02-19 16:23 - 2013-09-06 16:58 - 00000000 ____D () C:\Users\Ella\Desktop\Youtube Musik
2015-02-19 16:03 - 2013-07-01 09:16 - 00000000 ____D () C:\Users\Ella\AppData\Roaming\DVDVideoSoft
2015-02-19 16:02 - 2013-07-01 10:10 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-02-19 16:02 - 2013-07-01 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-17 21:04 - 2013-11-08 09:46 - 00000000 ____D () C:\Users\Ella\AppData\Roaming\vlc
2015-02-17 19:37 - 2013-11-08 09:47 - 00000000 ____D () C:\Users\Ella\AppData\Roaming\dvdcss
2015-02-13 16:10 - 2013-11-28 10:18 - 00000000 ____D () C:\Users\Ella\Desktop\AdvancedSystemCare
2015-02-13 12:44 - 2013-10-21 12:59 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-12 13:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-12 13:18 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 11:57 - 2013-11-28 09:56 - 00000000 ____D () C:\Users\Ella\AppData\Roaming\IObit
2015-02-12 11:57 - 2013-11-28 09:56 - 00000000 ____D () C:\ProgramData\IObit
2015-02-12 11:57 - 2013-11-28 09:56 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-02-12 11:54 - 2013-11-28 09:56 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2015-02-12 11:51 - 2013-09-30 05:14 - 01804092 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-12 11:51 - 2013-09-30 04:56 - 00775588 _____ () C:\WINDOWS\system32\perfh007.dat
2015-02-12 11:51 - 2013-09-30 04:56 - 00163774 _____ () C:\WINDOWS\system32\perfc007.dat
2015-02-12 11:50 - 2013-10-24 10:53 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-02-12 11:50 - 2013-10-24 10:53 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-02-12 11:50 - 2013-10-24 10:53 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2015-02-11 23:00 - 2014-12-10 21:41 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 23:00 - 2014-07-09 11:04 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-05 20:07 - 2014-03-14 22:08 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-02-05 20:07 - 2013-10-21 12:59 - 06861128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-02-05 20:07 - 2013-10-21 12:59 - 03517584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-02-05 20:07 - 2013-10-21 12:59 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-02-05 20:07 - 2013-10-21 12:59 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-02-05 20:06 - 2013-10-21 12:59 - 01098384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-02-05 20:06 - 2013-10-21 12:59 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-02-05 20:06 - 2013-10-21 12:59 - 00074896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-02-05 13:50 - 2013-10-21 12:59 - 04236870 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-02-04 19:42 - 2013-10-21 09:40 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 12:37 - 2013-04-22 08:31 - 00004106 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 12:37 - 2013-04-22 08:31 - 00003870 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-02 23:04 - 2014-12-22 08:46 - 00000000 ____D () C:\Procurement
2015-01-25 18:48 - 2014-09-25 18:47 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2015-01-24 21:14 - 2014-12-07 18:06 - 00000000 ____D () C:\Users\Ella\Desktop\POESkillTree1.5
2015-01-24 15:01 - 2013-05-24 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-24 15:01 - 2013-03-21 21:36 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-24 15:01 - 2013-03-21 21:36 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-24 12:50 - 2014-12-23 13:07 - 00000000 ____D () C:\Users\Ella\Desktop\A Thousand Years Of Plagues
2015-01-23 22:22 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-01-23 22:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-01-23 22:22 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-01-23 22:21 - 2013-09-30 04:59 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-01-23 22:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-23 22:21 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-01-23 22:21 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-01-23 22:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2015-01-23 22:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-01-23 22:20 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-01-23 22:18 - 2013-08-22 16:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2015-01-23 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-01-23 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-01-23 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2015-01-23 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-01-23 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2015-01-23 22:18 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\IME
2015-01-23 22:18 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-01-23 22:18 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-01-23 22:18 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-01-23 22:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-01-23 22:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-01-23 22:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-01-23 22:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-01-23 22:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-01-23 22:15 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-01-23 10:27 - 2013-12-03 19:50 - 00000000 ____D () C:\Users\Ella\Desktop\POKEMON
2015-01-23 08:50 - 2013-03-21 21:17 - 00000000 ____D () C:\Users\Ella\AppData\Local\Packages

==================== Files in the root of some directories =======

2014-05-08 10:12 - 2003-09-03 06:46 - 0010960 _____ () C:\Program Files (x86)\EULA.txt
2013-03-29 00:53 - 2014-05-08 10:12 - 0000757 _____ () C:\Program Files (x86)\INSTALL.LOG
2014-05-08 10:12 - 2003-12-18 10:33 - 0020102 _____ () C:\Program Files (x86)\Readme.txt
2014-01-10 14:48 - 2014-01-10 14:48 - 0000132 _____ () C:\Users\Ella\AppData\Roaming\Adobe Targa-Format CC - Voreinstellungen
2013-03-21 21:21 - 2013-09-10 10:16 - 0000408 _____ () C:\Users\Ella\AppData\Roaming\sp_data.sys
2014-06-18 06:11 - 2014-06-18 06:11 - 0000024 _____ () C:\Users\Ella\AppData\Roaming\temp.ini
2014-09-21 21:33 - 2014-09-21 21:33 - 0612072 _____ (ClickMeIn Limited) C:\Users\Ella\AppData\Local\nsh52DD.tmp
2014-09-21 07:52 - 2014-09-21 07:52 - 0627504 _____ () C:\Users\Ella\AppData\Local\nsxE02F.tmp
2014-01-10 10:54 - 2014-01-10 10:54 - 0019326 _____ () C:\Users\Ella\AppData\Local\recently-used.xbel
2013-07-26 10:56 - 2014-04-13 02:08 - 0007602 _____ () C:\Users\Ella\AppData\Local\Resmon.ResmonCfg
2014-12-04 23:29 - 2014-12-04 23:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-20 09:26 - 2015-02-20 09:27 - 0000199 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-08-17 01:52 - 2012-07-30 07:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-17 01:52 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\Ella\AppData\Local\Temp\avgnt.exe
C:\Users\Ella\AppData\Local\Temp\FreeYouTubeToMP3Converter.exe
C:\Users\Ella\AppData\Local\Temp\Quarantine.exe
C:\Users\Ella\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-15 04:12

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2015 01
Ran by Ella at 2015-02-20 14:01:50
Running from C:\Users\Ella\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements 1.0 (HKLM-x32\...\4 Elements_is1) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.1.0 - IObit)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.624 - Avira)
BDE Information Utility (HKLM-x32\...\BDE Information Utility) (Version:  - InterBase Installation Info (and BDE Information Utility))
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Blitzkrieg Mod (HKLM-x32\...\Blitzkrieg) (Version: 4.7.0.0 - Blitzkrieg Mod Team)
Cave Quest (HKLM-x32\...\Cave Quest) (Version: 1.0.0.0 - INTENIUM GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Christmasville (HKLM-x32\...\{D178746E-0919-424E-88A7-81A0E46FF03E}) (Version: 1.00.0000 - Purplehills)
Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0 - THQ Inc.) Hidden
Der Stein der Weisen (HKLM-x32\...\Der Stein der Weisen) (Version:  - )
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: 1.0.0.46 - INTENIUM GmbH)
Dokan Library 0.6.0 (HKLM-x32\...\DokanLibrary) (Version:  - )
Eastern Front (HKLM-x32\...\Eastern Front) (Version: 2.2.0.0 - )
Farm Craft 2 (HKLM-x32\...\Farm Craft 2) (Version: 1.0.0.0 - INTENIUM GmbH)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube Download version 3.2.12.827 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.12.827 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
FX MOD 2.1 (HKLM-x32\...\HW2 FX-MOD_is1) (Version:  - 9CCNMOD×é)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Homeworld2 (HKLM-x32\...\Homeworld2) (Version:  - Sierra)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
Java 7 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417072FF}) (Version: 7.0.720 - Oracle)
Keepsake (HKLM-x32\...\Keepsake) (Version:  - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software 8.46 (HKLM\...\Logitech Gaming Software) (Version: 8.46.27 - Logitech Inc.)
Mahjongg Artifacts (HKLM-x32\...\Mahjongg Artifacts) (Version:  - )
Mahjongg Artifacts 2 (HKLM-x32\...\Mahjongg Artifacts 2) (Version:  - )
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Modern Combat (x32 Version: 1.016 - BSS Modern Combat Dev Team) Hidden
MyFreeCodec (HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\...\MyFreeCodec) (Version:  - )
Mysteryville 2 (HKLM-x32\...\{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}) (Version: 1.00.0000 - Mysteryville 2)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.82.106.0 - Overwolf Ltd.)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.2.4.37376 - Grinding Gear Games)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerTeacher Version 10.3.P518 (HKLM-x32\...\PowerTeacher_is1) (Version: 10.3.P518 - admigro media GmbH)
Procurement version 1.9.0 (HKLM-x32\...\{E91043A6-7DC5-4C8A-A6E4-9D618A0B80D4}_is1) (Version: 1.9.0 - Stickymaddness)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.59 - Bioware/EA)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows-Treiberpaket - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

27-01-2015 12:35:19 Geplanter Prüfpunkt
05-02-2015 08:04:40 Geplanter Prüfpunkt
11-02-2015 14:56:36 Windows Update
15-02-2015 12:11:36 Windows Update
19-02-2015 09:51:00 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B1F9E67-D150-45CC-B590-B61A07AA038F} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2013-11-28] ()
Task: {14299428-91E6-44CB-8703-9CABB6BFC766} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {1A06EE5C-3AEC-4E9B-88CC-AB8105A39C84} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {1A0C4F64-B745-4F90-B38B-64B07266BF24} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {343AC9E7-941B-4A5C-B181-4826CDDC487A} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {34A2DC81-7809-4F82-84F2-1601B181E8A0} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-01-23] (IObit)
Task: {36084E68-FF74-4C12-AA2D-F9A3FB560692} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {4B7FD04D-09F5-4888-B484-172A3772F3F5} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2015-01-15] (Overwolf LTD)
Task: {5653BA3B-88A1-421C-9426-DA4854FC293D} - System32\Tasks\Uninstaller_SkipUac_Ella => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-20] (IObit)
Task: {65D5AD10-5136-4F15-A8DF-BB71D6727C8C} - System32\Tasks\Driver Booster SkipUAC (Ella) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {93416692-9BCA-404E-9915-8F9E120E8EA9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {93ED25B8-0DAC-4E61-8113-16665853762E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {A316FD26-ABBC-4A69-BC71-AD5DBBAAFBA6} - System32\Tasks\ASC8_SkipUac_Ella => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-01-27] (IObit)
Task: {BFCD09CE-55F9-4E0D-A833-DA04BB9E64D2} - System32\Tasks\{8442BAEF-2BD4-461B-9730-22719A3B98E2} => pcalua.exe -a E:\AutoStarter.exe -d E:\
Task: {C3BED641-58D1-42AA-B84D-817943218EF3} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {CDA7B0CB-33F3-47AF-AF7C-1C62B1FDAB90} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {CFE0BA70-78B6-4454-A986-CEB0C1D298E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-22] (Google Inc.)
Task: {D4693AAD-2391-4685-905E-CC38A2674601} - System32\Tasks\{798307B0-C760-46A1-A6F3-9ACDF90EE166} => pcalua.exe -a C:\Users\Ella\Pictures\ella\setup.exe -d C:\Users\Ella\Pictures\ella
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Ella.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Ella.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-13 12:42 - 2015-02-05 22:01 - 00012104 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-21 12:59 - 2015-02-05 20:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-01-10 13:49 - 2011-01-10 13:49 - 00014848 _____ () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
2013-08-08 17:03 - 2014-11-28 14:12 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-10-01 13:02 - 2013-10-01 13:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-02-12 11:57 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2013-11-28 09:56 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-02-12 11:57 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-02-12 11:57 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-02-12 11:57 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2012-11-01 17:39 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Ella\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Ella\Downloads\maxresdefault.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run32: => "ASUSWebStorage"
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\...\StartupApproved\Run: => "BrowserChoice"
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\...\StartupApproved\Run: => "Advanced SystemCare 7"

==================== Accounts: =============================

Administrator (S-1-5-21-2637540996-3970094791-2190435111-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2637540996-3970094791-2190435111-1026 - Limited - Enabled)
Ella (S-1-5-21-2637540996-3970094791-2190435111-1002 - Administrator - Enabled) => C:\Users\Ella
Gast (S-1-5-21-2637540996-3970094791-2190435111-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2637540996-3970094791-2190435111-1084 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 27%
Total physical RAM: 3981.48 MB
Available physical RAM: 2875.04 MB
Total Pagefile: 4941.48 MB
Available Pagefile: 3661.31 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.96 GB) (Free:110.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:258.44 GB) (Free:255.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B19F8D36)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 20.02.2015, 14:09   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP - Standard

Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2637540996-3970094791-2190435111-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3314932&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP2533B9D7-5D33-45F9-AB96-BEB2E5744CC2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637540996-3970094791-2190435111-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3314932&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP2533B9D7-5D33-45F9-AB96-BEB2E5744CC2&q={searchTerms}
Toolbar: HKU\S-1-5-21-2637540996-3970094791-2190435111-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR StartupUrls: Default -> "http://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP75390A34-607F-43D4-9EFD-7E1EA003AB99&SSPV="
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.cmd
C:\Program Files\Enigma Software Group
EmptyTemp:
Hosts:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.02.2015, 14:17   #9
Lichtkreacke
 
Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP - Standard

Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP



Ok nun eine ganz dumme frage wie deaktiviere ich den Viren scanner komplett im Task Manager wird er immernoch als aktiv angegeben ?

Alt 20.02.2015, 14:33   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP - Standard

Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP



Avira beenden reicht. Task abschießen geht nicht und das war auch nicht gefodert.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.02.2015, 14:41   #11
Lichtkreacke
 
Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP - Standard

Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP



Ok hab das gemacht.
Hier die datei hoffe das Aviera nun geschlossen war.

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by Ella at 2015-02-20 14:38:06 Run:1
Running from C:\Users\Ella\Desktop
Loaded Profiles: Ella (Available profiles: Ella)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2637540996-3970094791-2190435111-1002 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314932&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP2533B9D7-5D33-45F9-AB96-BEB2E5744CC2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2637540996-3970094791-2190435111-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3314932&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP2533B9D7-5D33-45F9-AB96-BEB2E5744CC2&q={searchTerms}
Toolbar: HKU\S-1-5-21-2637540996-3970094791-2190435111-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP75390A34-607F-43D4-9EFD-7E1EA003AB99&SSPV="
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.cmd
C:\Program Files\Enigma Software Group
EmptyTemp:
Hosts:
*****************

C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found. 
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. 
HKU\S-1-5-21-2637540996-3970094791-2190435111-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found. 
Chrome StartupUrls deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
esgiguard => Service deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8 => Moved successfully.
C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} => Moved successfully.
C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} => Moved successfully.
C:\ProgramData\SetStretch.exe => Moved successfully.
C:\ProgramData\SetStretch.cmd => Moved successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 386.6 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 14:38:11 ====
         

Alt 20.02.2015, 14:44   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP - Standard

Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP



Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.02.2015, 21:00   #13
Lichtkreacke
 
Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP - Standard

Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP



So geschaft hier die Logs

Malwarebytes

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 20.02.2015
Suchlauf-Zeit: 14:55:51
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.20.05
Rootkit Datenbank: v2015.02.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Ella

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 337146
Verstrichene Zeit: 25 Min, 31 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 4
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2637540996-3970094791-2190435111-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Löschen bei Neustart, [2194ec340e7ce74ff6defe0de51e55ab], 
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\RollAround, In Quarantäne, [d6df22fe474380b6eb20f69c54af629e], 
PUP.Optional.Squeaky.A, HKU\S-1-5-21-2637540996-3970094791-2190435111-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Squeaky, Löschen bei Neustart, [c6ef2bf55a309c9a223fb2e0c241e917], 
PUP.Optional.Linkury.A, HKU\S-1-5-21-2637540996-3970094791-2190435111-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\SMARTBAR, Löschen bei Neustart, [15a055cbb7d365d14e90723f768d12ee], 

Registrierungswerte: 1
PUP.Optional.Linkury.A, HKU\S-1-5-21-2637540996-3970094791-2190435111-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\SMARTBAR|publisher, YahooGO, Löschen bei Neustart, [15a055cbb7d365d14e90723f768d12ee]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 1
PUP.Optional.WebInstr.A, C:\Windows\System32\drivers\MSFT_KERNEL_WEBINSTR_01009.WDF, In Quarantäne, [75409f81385249edf8b97920857e42be], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
und ESET

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c4c7a39bf9818b4d80460231e047c86b
# engine=22569
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-20 07:59:13
# local_time=2015-02-20 08:59:13 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 8641761 42727614 0 0
# scanned=277296
# found=5
# cleaned=0
# scan_time=19398
sh=843DF0FD9F9C356D5336452FCC2B3374A2BD06DC ft=1 fh=137ef7008edb618f vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ella\AppData\Roaming\OpenCandy\0BFC38DF06354E3A9BF04F70155C8755\SSStub_SearchProtect_p1v0.exe.vir"
sh=E2E7555ACD0F7F6827A0958817774C8E4253DC21 ft=1 fh=117f72a1057668b7 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=3F751C1B5A6AFE7B0A768605BC6B5313DAE3AB1D ft=1 fh=383e45d892e24620 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe"
sh=3F751C1B5A6AFE7B0A768605BC6B5313DAE3AB1D ft=1 fh=383e45d892e24620 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe"
sh=30BD8D12255AE8582127DF1ED6477E4332042DB4 ft=1 fh=439475d7fe72fc73 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ella\AppData\Local\nsh52DD.tmp"
         

Alt 20.02.2015, 21:18   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP - Standard

Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\ProgramData\IObit\ASCDownloader
C:\Users\All Users\IObit\ASCDownloader
C:\Users\Ella\AppData\Local\nsh52DD.tmp
EmptyTemp:
Hosts:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.02.2015, 21:32   #15
Lichtkreacke
 
Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP - Standard

Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP



So hier die Fixlog

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2015 01
Ran by Ella at 2015-02-20 21:29:23 Run:2
Running from C:\Users\Ella\Desktop
Loaded Profiles: Ella (Available profiles: Ella)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\IObit\ASCDownloader
C:\Users\All Users\IObit\ASCDownloader
C:\Users\Ella\AppData\Local\nsh52DD.tmp
EmptyTemp:
Hosts:
*****************

C:\ProgramData\IObit\ASCDownloader => Moved successfully.
"C:\Users\All Users\IObit\ASCDownloader" => File/Directory not found.
C:\Users\Ella\AppData\Local\nsh52DD.tmp => Moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 54.6 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 21:29:26 ====
         
Vieleicht sollte ich erwähnen das gerade wieder dieses Roll Around aufploppte bin mir nicht sicher ob wir schon versucht haben es zu entfernen.

Antwort

Themen zu Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP
ads, audio, browser, ccsetup, dateien, deinstallation, download, driver booster, dvdvideosoft ltd., guten, installier, installiert, interne, internetseite, internetseiten, launch, morgen, problem, programm, roll around, roll around ads, schonmal, seite, seiten, sierra, super, surfe, surfen, troja, trotz, unbekanntes, werbung, öffnet



Ähnliche Themen: Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP


  1. Windows 7: Werbung von "Roll Around"
    Log-Analyse und Auswertung - 13.03.2015 (11)
  2. Trojan.BitcoinMiner, Werbung trotz AdBlocker, neue Tabs mit Werbung werden automatisch geöffnet und vieles mehr.
    Log-Analyse und Auswertung - 02.03.2015 (23)
  3. Aufdringliche Werbung / "Roll Around"
    Log-Analyse und Auswertung - 28.02.2015 (11)
  4. Werbung sowie unsinnige Links - Roll Around
    Plagegeister aller Art und deren Bekämpfung - 22.02.2015 (7)
  5. Roll Around - Werbung Spam
    Log-Analyse und Auswertung - 21.02.2015 (3)
  6. Roll Around - trotz deinstallieren immer noch da
    Log-Analyse und Auswertung - 20.02.2015 (3)
  7. Win 7:Langsam , Chrome mit Werbung überfüllt, Avast meldet ständig
    Log-Analyse und Auswertung - 29.11.2014 (17)
  8. PC hatte trotz Pop Up Blocker ständig Werbung auf den Internetseiten und sprang über auf eine rote Seite mit der Warnung vor Phishing Angrif
    Plagegeister aller Art und deren Bekämpfung - 17.10.2014 (6)
  9. Werbung auf Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 08.10.2014 (3)
  10. Überall Werbung auf den Internetseiten
    Log-Analyse und Auswertung - 02.10.2014 (3)
  11. Windows 7. Browser mit Werbung überfüllt.
    Plagegeister aller Art und deren Bekämpfung - 02.03.2014 (13)
  12. Internetseiten mit Werbung überfüllt
    Log-Analyse und Auswertung - 03.02.2014 (1)
  13. Internetseiten mit Werbung überfüllt
    Plagegeister aller Art und deren Bekämpfung - 01.02.2014 (3)
  14. Werbung auf Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 31.12.2013 (17)
  15. Werbung bei Chrome - trotz Adblock seltsame Werbung
    Plagegeister aller Art und deren Bekämpfung - 16.09.2013 (5)
  16. Trotz LAN-Verbindung sind keine Internetseiten aufrufbar. Seitenladefehler
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (1)
  17. Ausländischer Werbung in ICQ und auf einigen Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 25.11.2009 (1)

Zum Thema Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP - Hallo und Guten Morgen Trojaner-Board Ich habe ein Problem, meine Frau hat durch den Download eines Audio Converters ein mir unbekanntes Programm mit installiert (Roll Around ads) das unermüdlich Werbung - Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP...
Archiv
Du betrachtest: Internetseiten überfüllt mit Werbung durch Roll Around ads trotz ABP auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.