Werbe - Trojaner ohne offenes Fenster ... inetstat.exe !

Sir.Kitty · 04.07.2014, 11:02

Hallo,
ich habe mich bereits etwas informiert, aber leider keine Lösung gefunden, die euch die Arbeit erspart hätte

Ich habe mir ein Zip Prog laden wollen, doch leider war die Installation nicht Safe wie es scheint. Habe seit dem Probleme beim Systemstart mit Audio Werbung ohne ein zu schliessendes Fenster. Habe dann geguckt, was sich an Programmen in den Menüs und in %appdata% erneuert hat ... und sie da, Inetstat.exe, die im SystemExplorer immer eine Verbindung mit der ie.exe hat ... Selner deinstallieren und löschen hat nix geholfen, also hoffe ich ihr könnt mir helfen ...
wie in diesem Thread habe ich schon mal einige Schritte befolgt, ausser das mit zoek ...

http://www.trojaner-board.de/153687-radiotrojaner.html

AddwareCleaner

Code:

ATTFilter

# AdwCleaner v3.214 - Bericht erstellt am 04/07/2014 um 11:27:19
# Aktualisiert 29/06/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : sir kitty - KITTY
# Gestartet von : C:\Users\sir kitty\Downloads\adwcleaner_3.214.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\SIRKIT~1\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\sir kitty\AppData\Local\Browsersafeguard
Ordner Gelöscht : C:\Users\sir kitty\AppData\Roaming\InetStat
Datei Gelöscht : C:\Users\sir kitty\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\sir kitty\AppData\Roaming\Mozilla\Firefox\Profiles\3ewbninm.default\searchplugins\trovi-search.xml
Datei Gelöscht : C:\Users\sir kitty\AppData\Roaming\Mozilla\Firefox\Profiles\3ewbninm.default\user.js
Datei Gelöscht : C:\Windows\Tasks\APSnotifierPP1.job
Datei Gelöscht : C:\Windows\System32\Tasks\APSnotifierPP1
Datei Gelöscht : C:\Windows\Tasks\APSnotifierPP2.job
Datei Gelöscht : C:\Windows\System32\Tasks\APSnotifierPP2
Datei Gelöscht : C:\Windows\Tasks\APSnotifierPP3.job
Datei Gelöscht : C:\Windows\System32\Tasks\APSnotifierPP3

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\sir kitty\AppData\Roaming\Mozilla\Firefox\Profiles\3ewbninm.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2396 octets] - [04/07/2014 11:24:20]
AdwCleaner[S0].txt - [2088 octets] - [04/07/2014 11:27:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2148 octets] ##########

JunkRemoval

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by sir kitty on 04.07.2014 at 11:32:46,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\sir kitty\AppData\Roaming\mozilla\firefox\profiles\3ewbninm.default\minidumps [16 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.07.2014 at 11:36:40,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MalewareAnti

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 04.07.2014
Suchlauf-Zeit: 11:38:52
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.04.03
Rootkit Datenbank: v2014.07.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: sir kitty

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 270589
Verstrichene Zeit: 2 Min, 38 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 1
Malware.Trace, HKLM\SOFTWARE\WOW6432NODE\YingSoft, In Quarantäne, [a8db29721b60f442abfb462406fdfb05], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 2
PUP.Optional.Extutil.A, C:\Users\sir kitty\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, In Quarantäne, [afd47f1cf18a221483d89d1371911ce4], 
PUP.Optional.Managera.A, C:\Users\sir kitty\AppData\Local\Temp\38FDAAE5-8E0E-493C-88EC-E05C3BE06E42, In Quarantäne, [ee959209710abe78a2ba0ba58a78aa56], 

Dateien: 14
PUP.Optional.SearchProtect.A, C:\Users\sir kitty\AppData\Local\Temp\nsd1B7E.tmp, In Quarantäne, [6d16c2d9c4b73bfbfd5eafe3c938a25e], 
PUP.Optional.Conduit.A, C:\Users\sir kitty\AppData\Local\Temp\nsd74CC.exe, In Quarantäne, [1c67514a3249b383df5a6c1cfc0539c7], 
PUP.Optional.Conduit.A, C:\Users\sir kitty\AppData\Local\Temp\nsd78C3.exe, In Quarantäne, [265dddbe374440f605348afe936ebd43], 
PUP.Optional.Conduit.A, C:\Users\sir kitty\AppData\Local\Temp\nsj70A7.exe, In Quarantäne, [90f34952423936003bfe840447baae52], 
PUP.Optional.Conduit.A, C:\Users\sir kitty\AppData\Local\Temp\nso4C30.exe, In Quarantäne, [3f446833c6b5ea4c6ecbaddbb05135cb], 
PUP.Optional.Conduit.A, C:\Users\sir kitty\AppData\Local\Temp\nsv92EF.exe, In Quarantäne, [572c7328bebd4de995a4ccbc23debb45], 
PUP.Optional.Conduit.A, C:\Users\sir kitty\AppData\Local\Temp\nsy4FC9.exe, In Quarantäne, [691a6b3039423402152468205da4a25e], 
PUP.Optional.Conduit.A, C:\Users\sir kitty\AppData\Local\Temp\nsy5372.exe, In Quarantäne, [dfa449529ae1330375c48701de231ce4], 
PUP.Optional.BuzzIT.A, C:\Users\sir kitty\AppData\Local\Temp\PreExe_ID_13667.exe, In Quarantäne, [daa96d2e5d1eab8be812c980eb15629e], 
PUP.Optional.Extutil.A, C:\Users\sir kitty\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, In Quarantäne, [afd47f1cf18a221483d89d1371911ce4], 
PUP.Optional.Extutil.A, C:\Users\sir kitty\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, In Quarantäne, [afd47f1cf18a221483d89d1371911ce4], 
PUP.Optional.Extutil.A, C:\Users\sir kitty\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, In Quarantäne, [afd47f1cf18a221483d89d1371911ce4], 
PUP.Optional.Managera.A, C:\Users\sir kitty\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, In Quarantäne, [ee959209710abe78a2ba0ba58a78aa56], 
PUP.Optional.Managera.A, C:\Users\sir kitty\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, In Quarantäne, [ee959209710abe78a2ba0ba58a78aa56], 

Physische Sektoren: 0
(No malicious items detected)


(end)

FRST64 - FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014
Ran by sir kitty (administrator) on KITTY on 04-07-2014 11:52:30
Running from C:\Users\sir kitty\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\Avast\avastui.exe
() C:\FightMouse Elite\Gaming 3.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Avast\AvastUI.exe [3890208 2014-06-25] (AVAST Software)
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [AnyProtect Tray] => "C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe"
HKLM-x32\...\Run: [Gaming 3] => C:\FightMouse Elite\Gaming 3.exe [1273856 2010-06-09] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\sir kitty\AppData\Roaming\Mozilla\Firefox\Profiles\3ewbninm.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Boost - C:\Users\sir kitty\AppData\Roaming\Mozilla\Firefox\Profiles\3ewbninm.default\Extensions\boost@boost.net.xpi [2014-05-16]
FF Extension: NoScript - C:\Users\sir kitty\AppData\Roaming\Mozilla\Firefox\Profiles\3ewbninm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-25]
FF Extension: Adblock Plus - C:\Users\sir kitty\AppData\Roaming\Mozilla\Firefox\Profiles\3ewbninm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-25]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Avast\WebRep\FF [2014-03-26]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Avast\AvastSvc.exe [50344 2014-05-03] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-03] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-04 11:52 - 2014-07-04 11:52 - 00008508 _____ () C:\Users\sir kitty\Desktop\FRST.txt
2014-07-04 11:52 - 2014-07-04 11:52 - 00000000 ____D () C:\FRST
2014-07-04 11:51 - 2014-07-04 11:51 - 02083840 _____ (Farbar) C:\Users\sir kitty\Desktop\FRST64.exe
2014-07-04 11:49 - 2014-07-04 11:49 - 00003459 _____ () C:\Users\sir kitty\Desktop\mbam.txt
2014-07-04 11:45 - 2014-07-04 11:45 - 00000713 _____ () C:\Users\sir kitty\Desktop\post.txt
2014-07-04 11:36 - 2014-07-04 11:37 - 00000761 _____ () C:\Users\sir kitty\Desktop\JRT.txt
2014-07-04 11:27 - 2014-07-04 11:27 - 00002236 _____ () C:\Users\sir kitty\Desktop\AdwCleaner[S0].txt
2014-07-04 11:26 - 2014-07-04 11:26 - 00000120 _____ () C:\Users\sir kitty\Desktop\virustotal.txt
2014-07-04 11:26 - 2014-07-04 11:26 - 00000000 ____D () C:\Windows\ERUNT
2014-07-04 11:23 - 2014-07-04 11:23 - 01285120 _____ () C:\Users\sir kitty\Desktop\zoek.exe
2014-07-04 11:22 - 2014-07-04 11:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 11:22 - 2014-07-04 11:22 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 11:22 - 2014-07-04 11:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-04 11:22 - 2014-07-04 11:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-04 11:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-04 11:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-04 11:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-04 11:21 - 2014-07-04 11:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\sir kitty\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-04 11:21 - 2014-07-04 11:21 - 01016261 _____ (Thisisu) C:\Users\sir kitty\Desktop\JRT.exe
2014-07-04 11:20 - 2014-07-04 11:31 - 00000000 ____D () C:\AdwCleaner
2014-07-04 11:20 - 2014-07-04 11:20 - 01346519 _____ () C:\Users\sir kitty\Downloads\adwcleaner_3.214.exe
2014-07-04 10:56 - 2014-07-04 10:56 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-03 16:42 - 2014-07-03 16:42 - 00000028 _____ () C:\Users\sir kitty\Documents\explo_t4.mf
2014-07-03 16:10 - 2014-07-03 16:28 - 00008250 _____ () C:\Users\sir kitty\Documents\backup_2014-07-03.mbf
2014-07-03 15:51 - 2014-07-03 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FightMouse Elite
2014-07-03 15:51 - 2014-07-03 15:51 - 00000000 ____D () C:\FightMouse Elite
2014-07-03 15:48 - 2014-07-03 15:49 - 00000000 ____D () C:\ProgramData\SystemExplorer
2014-07-03 15:48 - 2014-07-03 15:48 - 00961360 _____ (Chip Digital GmbH) C:\Users\sir kitty\Downloads\System Explorer - CHIP-Installer.exe
2014-07-03 15:48 - 2014-07-03 15:48 - 00001098 _____ () C:\Users\Public\Desktop\System Explorer.lnk
2014-07-03 15:48 - 2014-07-03 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2014-07-03 15:48 - 2014-07-03 15:48 - 00000000 ____D () C:\Program Files (x86)\System Explorer
2014-07-03 15:47 - 2014-07-03 15:47 - 00000000 ____D () C:\Users\sir kitty\AppData\Roaming\WinRAR
2014-07-03 15:45 - 2014-07-03 15:45 - 00291606 _____ () C:\Users\sir kitty\Downloads\TcpView-3.05.zip
2014-07-03 15:44 - 2014-07-03 15:44 - 00961360 _____ (Chip Digital GmbH) C:\Users\sir kitty\Downloads\TCPView - CHIP-Installer.exe
2014-07-03 15:35 - 2014-07-03 15:35 - 00000000 ____D () C:\Users\sir kitty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-03 15:35 - 2014-07-03 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-03 15:34 - 2014-07-03 15:35 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-03 15:34 - 2014-07-03 15:34 - 01915800 _____ () C:\Users\sir kitty\Downloads\winrar-x64-510.exe
2014-07-03 15:28 - 2014-07-03 15:28 - 00000000 __SHD () C:\Users\sir kitty\AppData\Local\EmieUserList
2014-07-03 15:28 - 2014-07-03 15:28 - 00000000 __SHD () C:\Users\sir kitty\AppData\Local\EmieSiteList
2014-07-03 15:23 - 2014-07-03 15:23 - 00623696 _____ (Click Me In Limited) C:\Users\sir kitty\AppData\Local\nsyC736.tmp
2014-07-03 15:22 - 2014-07-03 15:22 - 00469328 _____ () C:\Users\sir kitty\Downloads\7z920-x64-Downloader.exe
2014-07-03 15:19 - 2014-07-03 15:19 - 14142143 _____ () C:\Users\sir kitty\Downloads\FightMouse_Elite_RE122_100609.rar
2014-06-26 09:46 - 2014-06-26 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
2014-06-21 07:26 - 2014-06-21 07:26 - 01831683 _____ () C:\Users\sir kitty\Desktop\Unbenannt.pdn
2014-06-18 16:28 - 2014-06-18 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-12 16:18 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 16:18 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 16:18 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 16:18 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 16:18 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 16:18 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 16:18 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 16:18 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 16:18 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 16:18 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 16:18 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 16:18 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 16:18 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 16:18 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 16:18 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 16:18 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 16:18 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 16:18 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 16:18 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 16:18 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 16:18 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 16:18 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 16:18 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 16:18 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 16:18 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 16:18 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 16:18 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 16:18 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 16:18 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 16:18 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 16:18 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 16:18 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 16:18 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 16:18 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 16:18 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 16:18 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 16:18 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 16:18 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 16:18 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 16:18 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 16:18 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 16:18 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 16:18 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 16:18 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 16:18 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 16:18 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 16:18 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 16:18 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 16:18 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 16:18 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 16:18 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 16:18 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 16:18 - 2014-05-08 11:32 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 16:18 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 16:18 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 16:18 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 16:18 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 16:18 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 16:18 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 16:18 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 16:18 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 16:18 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 16:18 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 16:18 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 16:18 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 16:17 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 16:17 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 07:09 - 2014-06-09 01:47 - 00000000 ____D () C:\Users\sir kitty\eBay
2014-06-07 07:07 - 2014-06-21 07:26 - 00000000 ____D () C:\Users\sir kitty\AppData\Local\Paint.NET
2014-06-07 07:07 - 2014-06-07 07:07 - 00001302 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-06-07 07:07 - 2014-06-07 07:07 - 00000000 ____D () C:\Program Files\Paint.NET
2014-06-07 07:06 - 2014-06-07 07:06 - 03739157 _____ () C:\Users\sir kitty\Downloads\Paint.NET.3.5.11.Install.zip
2014-06-07 07:05 - 2014-06-07 07:05 - 00961360 _____ (Chip Digital GmbH) C:\Users\sir kitty\Downloads\Paint NET - CHIP-Installer.exe

==================== One Month Modified Files and Folders =======

2014-07-04 11:52 - 2014-07-04 11:52 - 00008508 _____ () C:\Users\sir kitty\Desktop\FRST.txt
2014-07-04 11:52 - 2014-07-04 11:52 - 00000000 ____D () C:\FRST
2014-07-04 11:51 - 2014-07-04 11:51 - 02083840 _____ (Farbar) C:\Users\sir kitty\Desktop\FRST64.exe
2014-07-04 11:50 - 2014-03-24 22:15 - 01835275 _____ () C:\Windows\WindowsUpdate.log
2014-07-04 11:49 - 2014-07-04 11:49 - 00003459 _____ () C:\Users\sir kitty\Desktop\mbam.txt
2014-07-04 11:48 - 2014-07-04 11:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 11:47 - 2014-03-26 17:29 - 00004152 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-04 11:47 - 2014-03-25 09:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-04 11:47 - 2010-11-21 05:47 - 00162378 _____ () C:\Windows\PFRO.log
2014-07-04 11:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-04 11:47 - 2009-07-14 06:51 - 00060403 _____ () C:\Windows\setupact.log
2014-07-04 11:45 - 2014-07-04 11:45 - 00000713 _____ () C:\Users\sir kitty\Desktop\post.txt
2014-07-04 11:37 - 2014-07-04 11:36 - 00000761 _____ () C:\Users\sir kitty\Desktop\JRT.txt
2014-07-04 11:36 - 2009-07-14 06:45 - 00026672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-04 11:36 - 2009-07-14 06:45 - 00026672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-04 11:35 - 2014-03-25 07:09 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-07-04 11:35 - 2014-03-25 07:09 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-07-04 11:35 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-04 11:31 - 2014-07-04 11:20 - 00000000 ____D () C:\AdwCleaner
2014-07-04 11:27 - 2014-07-04 11:27 - 00002236 _____ () C:\Users\sir kitty\Desktop\AdwCleaner[S0].txt
2014-07-04 11:27 - 2014-03-26 17:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-04 11:26 - 2014-07-04 11:26 - 00000120 _____ () C:\Users\sir kitty\Desktop\virustotal.txt
2014-07-04 11:26 - 2014-07-04 11:26 - 00000000 ____D () C:\Windows\ERUNT
2014-07-04 11:23 - 2014-07-04 11:23 - 01285120 _____ () C:\Users\sir kitty\Desktop\zoek.exe
2014-07-04 11:22 - 2014-07-04 11:22 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 11:22 - 2014-07-04 11:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-04 11:22 - 2014-07-04 11:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-04 11:22 - 2014-07-04 11:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\sir kitty\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-04 11:21 - 2014-07-04 11:21 - 01016261 _____ (Thisisu) C:\Users\sir kitty\Desktop\JRT.exe
2014-07-04 11:20 - 2014-07-04 11:20 - 01346519 _____ () C:\Users\sir kitty\Downloads\adwcleaner_3.214.exe
2014-07-04 10:57 - 2014-03-26 17:28 - 00000000 ____D () C:\Users\sir kitty\AppData\Local\Google
2014-07-04 10:57 - 2014-03-26 17:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-04 10:56 - 2014-07-04 10:56 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-04 10:48 - 2014-03-24 22:15 - 00000000 ____D () C:\Users\sir kitty
2014-07-04 10:46 - 2014-03-25 10:09 - 00000000 ____D () C:\Users\sir kitty\AppData\Local\Battle.net
2014-07-04 10:39 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-03 18:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-03 16:42 - 2014-07-03 16:42 - 00000028 _____ () C:\Users\sir kitty\Documents\explo_t4.mf
2014-07-03 16:28 - 2014-07-03 16:10 - 00008250 _____ () C:\Users\sir kitty\Documents\backup_2014-07-03.mbf
2014-07-03 15:51 - 2014-07-03 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FightMouse Elite
2014-07-03 15:51 - 2014-07-03 15:51 - 00000000 ____D () C:\FightMouse Elite
2014-07-03 15:49 - 2014-07-03 15:48 - 00000000 ____D () C:\ProgramData\SystemExplorer
2014-07-03 15:48 - 2014-07-03 15:48 - 00961360 _____ (Chip Digital GmbH) C:\Users\sir kitty\Downloads\System Explorer - CHIP-Installer.exe
2014-07-03 15:48 - 2014-07-03 15:48 - 00001098 _____ () C:\Users\Public\Desktop\System Explorer.lnk
2014-07-03 15:48 - 2014-07-03 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2014-07-03 15:48 - 2014-07-03 15:48 - 00000000 ____D () C:\Program Files (x86)\System Explorer
2014-07-03 15:47 - 2014-07-03 15:47 - 00000000 ____D () C:\Users\sir kitty\AppData\Roaming\WinRAR
2014-07-03 15:45 - 2014-07-03 15:45 - 00291606 _____ () C:\Users\sir kitty\Downloads\TcpView-3.05.zip
2014-07-03 15:44 - 2014-07-03 15:44 - 00961360 _____ (Chip Digital GmbH) C:\Users\sir kitty\Downloads\TCPView - CHIP-Installer.exe
2014-07-03 15:35 - 2014-07-03 15:35 - 00000000 ____D () C:\Users\sir kitty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-03 15:35 - 2014-07-03 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-03 15:35 - 2014-07-03 15:34 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-03 15:34 - 2014-07-03 15:34 - 01915800 _____ () C:\Users\sir kitty\Downloads\winrar-x64-510.exe
2014-07-03 15:28 - 2014-07-03 15:28 - 00000000 __SHD () C:\Users\sir kitty\AppData\Local\EmieUserList
2014-07-03 15:28 - 2014-07-03 15:28 - 00000000 __SHD () C:\Users\sir kitty\AppData\Local\EmieSiteList
2014-07-03 15:23 - 2014-07-03 15:23 - 00623696 _____ (Click Me In Limited) C:\Users\sir kitty\AppData\Local\nsyC736.tmp
2014-07-03 15:22 - 2014-07-03 15:22 - 00469328 _____ () C:\Users\sir kitty\Downloads\7z920-x64-Downloader.exe
2014-07-03 15:19 - 2014-07-03 15:19 - 14142143 _____ () C:\Users\sir kitty\Downloads\FightMouse_Elite_RE122_100609.rar
2014-06-27 07:24 - 2014-03-26 08:43 - 00000000 ____D () C:\Users\sir kitty\Documents\Diablo III
2014-06-26 09:46 - 2014-06-26 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
2014-06-25 22:31 - 2014-03-25 10:09 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-25 22:24 - 2014-03-26 17:28 - 00000000 ____D () C:\Program Files\Avast
2014-06-21 07:26 - 2014-06-21 07:26 - 01831683 _____ () C:\Users\sir kitty\Desktop\Unbenannt.pdn
2014-06-21 07:26 - 2014-06-07 07:07 - 00000000 ____D () C:\Users\sir kitty\AppData\Local\Paint.NET
2014-06-19 19:06 - 2014-03-25 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 16:28 - 2014-06-18 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-15 14:11 - 2014-03-26 17:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-15 14:11 - 2014-03-25 09:53 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-15 14:11 - 2014-03-25 09:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-12 18:10 - 2014-03-26 08:49 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 18:10 - 2014-03-26 08:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 18:09 - 2014-05-06 10:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-09 01:47 - 2014-06-07 07:09 - 00000000 ____D () C:\Users\sir kitty\eBay
2014-06-08 11:13 - 2014-06-12 16:17 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-12 16:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 07:07 - 2014-06-07 07:07 - 00001302 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-06-07 07:07 - 2014-06-07 07:07 - 00000000 ____D () C:\Program Files\Paint.NET
2014-06-07 07:06 - 2014-06-07 07:06 - 03739157 _____ () C:\Users\sir kitty\Downloads\Paint.NET.3.5.11.Install.zip
2014-06-07 07:05 - 2014-06-07 07:05 - 00961360 _____ (Chip Digital GmbH) C:\Users\sir kitty\Downloads\Paint NET - CHIP-Installer.exe
2014-06-07 07:03 - 2014-03-25 10:09 - 00000000 ____D () C:\Users\sir kitty\AppData\Roaming\Battle.net

Some content of TEMP:
====================
C:\Users\sir kitty\AppData\Local\Temp\2014042408022049~YingInstall-ProvideForInstall.exe
C:\Users\sir kitty\AppData\Local\Temp\6_Offer_18.exe
C:\Users\sir kitty\AppData\Local\Temp\f.exe
C:\Users\sir kitty\AppData\Local\Temp\nvStInst.exe
C:\Users\sir kitty\AppData\Local\Temp\PreExe_ID_13296.exe
C:\Users\sir kitty\AppData\Local\Temp\Quarantine.exe
C:\Users\sir kitty\AppData\Local\Temp\SecurityUtility.exe
C:\Users\sir kitty\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\sir kitty\AppData\Local\Temp\System.Data.SQLite73191.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-03 18:36

==================== End Of Log ============================

FRST64 - Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2014
Ran by sir kitty at 2014-07-04 11:52:46
Running from C:\Users\sir kitty\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
FightMouse Elite (HKLM-x32\...\FightMouse Elite 3) (Version:  - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.61.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.61.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
GIGABYTE VGA @BIOS (HKLM-x32\...\{AA12545D-5EB8-4078-AFD9-8E8DC0AE3A76}) (Version: 5.51 - GIGABYTE)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
System Explorer 5.8.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version:  - Mister Group)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Restore Points  =========================

21-05-2014 15:14:54 Windows Update
30-05-2014 19:45:34 Windows Update
04-06-2014 05:51:04 Windows Update
07-06-2014 05:07:39 Paint.NET v3.5.11
10-06-2014 14:40:49 Windows Update
12-06-2014 16:09:29 Windows Update
17-06-2014 13:45:36 Windows Update
21-06-2014 05:26:40 Windows Update
24-06-2014 08:29:03 Windows Update
28-06-2014 20:43:03 Windows Update
04-07-2014 08:52:40 Windows Update
04-07-2014 08:56:16 Removed Microsoft Silverlight

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {37B1159F-2869-4ED1-A301-B98AFDED768A} - System32\Tasks\avast! Emergency Update => C:\Program Files\Avast\AvastEmUpdate.exe [2014-05-03] (AVAST Software)
Task: {39316FBB-342C-4530-BDED-28C966168E47} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {973275ED-3DE5-4E86-9083-B8F1448FA1FA} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {A4DD375B-2800-4E0E-844B-E47246A147F7} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {B0B6A918-059A-4504-9104-847370925A9C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-15] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-03-25 09:39 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-06-09 06:36 - 2010-06-09 06:36 - 01273856 _____ () C:\FightMouse Elite\Gaming 3.exe
2014-07-03 23:51 - 2014-07-03 23:51 - 02789888 _____ () C:\Program Files\Avast\defs\14070301\algo.dll
2014-03-26 17:28 - 2014-03-26 17:28 - 19336120 _____ () C:\Program Files\Avast\libcef.dll
2014-06-18 16:28 - 2014-06-18 16:28 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-25 09:10 - 2013-09-16 13:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2014 11:47:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (07/04/2014 11:47:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 16345.22 MB
Available physical RAM: 14076.3 MB
Total Pagefile: 32688.62 MB
Available Pagefile: 30420.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:149.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: E5BC8641)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Virustotal - inetstat.exe

https://www.virustotal.com/de/file/0fc8a283ff8b8f9dcd9c9ae57420f6147c5940bb11e22af02e24936279b8c6a6/analysis/1404465435/

Ich hoffe das ist ein Anfang für euch / Dich und ihr könnt mir helfen

Bitte

Danke
Marthell

schrauber · 04.07.2014, 12:21

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Sir.Kitty · 04.07.2014, 15:41

Super danke, ich miss gerade mal paar Besorgungen machen und wenn ich zurück bin, lasse ich das sofort durchlaufen und poste es dann asap

Hallo

so, habe mal alles durchlaufen lassen ...
Ob alles OK ist? Ich hoffe doch

aber du siehst ja die Logfiles und wirst mir hoffentlich sagen, ob das alles schick aussieht.

ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=04a1020117b4d746998dfbf6d87c49f7
# engine=19025
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-04 02:34:53
# local_time=2014-07-04 04:34:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 756648 8640405 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 18444 156114343 0 0
# scanned=110133
# found=10
# cleaned=0
# scan_time=836
sh=9ED1BE63209CB827D638ABA2CE12635CD5CCB24E ft=1 fh=2308bdfb841a9f9b vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SIRKIT~1\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=4E92D8E52DC238D1D66F78FBA8BB14F691EC7BCA ft=1 fh=ece05f62e6de8699 vn="Variante von Win32/OutBrowse.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\sir kitty\AppData\Local\Temp\f.exe"
sh=2D2573E0720EB26E1915EA6F2CFD2149E7C07623 ft=1 fh=29d7e4114cb897cf vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\sir kitty\AppData\Local\Temp\ICReinstall_nsp39F5.tmp"
sh=2D2573E0720EB26E1915EA6F2CFD2149E7C07623 ft=1 fh=29d7e4114cb897cf vn="Variante von Win32/InstallCore.PK evtl. unerwünschte Anwendung" ac=I fn="C:\Users\sir kitty\AppData\Local\Temp\nsp39F5.tmp"
sh=CB010222CB25D67810F46D20C4DAFFEA60B86C6E ft=1 fh=1a252869efe0850c vn="Win32/OutBrowse.V evtl. unerwünschte Anwendung" ac=I fn="C:\Users\sir kitty\AppData\Local\Temp\nsf3C26.tmp\Convert.dll"
sh=0A08FEA81E46E70181828E1DC99E4228446608B9 ft=1 fh=8326364648206fd9 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\sir kitty\Downloads\7z920-x64-Downloader.exe"
sh=5FF9E451ECF9CE3E201BCD78990C962FCC57A027 ft=1 fh=af2fed375f7395d1 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\sir kitty\Downloads\Paint NET - CHIP-Installer.exe"
sh=6C4A62EEB6AAF18595C6C50002562E77979F2E7E ft=1 fh=fc2f13f086f763de vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\sir kitty\Downloads\System Explorer - CHIP-Installer.exe"
sh=BFD23A9FBB9FF12BCE30A6897446AB948F8523E0 ft=1 fh=e09c5acf87e6d924 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\sir kitty\Downloads\TCPView - CHIP-Installer.exe"
sh=48CBD822DA77CEF74A418BE52C8FB6F57FCD9413 ft=1 fh=4faceee7a8abe1ca vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\sir kitty\Downloads\TeamSpeak 3 64 Bit - CHIP-Downloader.exe"

SecCheck

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 14.0.0.125  
 Mozilla Firefox (30.0) 
````````Process Check: objlist.exe by Laurent````````  
 Avast AvastSvc.exe   
 Avast avastui.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014
Ran by sir kitty (administrator) on KITTY on 04-07-2014 16:37:59
Running from C:\Users\sir kitty\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\Avast\avastui.exe
() C:\FightMouse Elite\Gaming 3.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\Avast\AvastUI.exe [3890208 2014-06-25] (AVAST Software)
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [AnyProtect Tray] => "C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe"
HKLM-x32\...\Run: [Gaming 3] => C:\FightMouse Elite\Gaming 3.exe [1273856 2010-06-09] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\OC_GURU.exe (GIGABYTE Technology Co.,Ltd.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\sir kitty\AppData\Roaming\Mozilla\Firefox\Profiles\3ewbninm.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Boost - C:\Users\sir kitty\AppData\Roaming\Mozilla\Firefox\Profiles\3ewbninm.default\Extensions\boost@boost.net.xpi [2014-05-16]
FF Extension: NoScript - C:\Users\sir kitty\AppData\Roaming\Mozilla\Firefox\Profiles\3ewbninm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-25]
FF Extension: Adblock Plus - C:\Users\sir kitty\AppData\Roaming\Mozilla\Firefox\Profiles\3ewbninm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-25]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Avast\WebRep\FF [2014-03-26]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Avast\AvastSvc.exe [50344 2014-05-03] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-03] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-18] (Qualcomm Atheros Co., Ltd.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-04 16:37 - 2014-07-04 16:37 - 00000711 _____ () C:\Users\sir kitty\Desktop\checkup.txt
2014-07-04 16:22 - 2014-07-04 16:23 - 00854390 _____ () C:\Users\sir kitty\Desktop\SecurityCheck.exe
2014-07-04 16:17 - 2014-07-04 16:17 - 02347384 _____ (ESET) C:\Users\sir kitty\Downloads\esetsmartinstaller_deu.exe
2014-07-04 11:52 - 2014-07-04 16:38 - 00008446 _____ () C:\Users\sir kitty\Desktop\FRST.txt
2014-07-04 11:52 - 2014-07-04 16:38 - 00000000 ____D () C:\FRST
2014-07-04 11:52 - 2014-07-04 11:52 - 00009822 _____ () C:\Users\sir kitty\Desktop\Addition.txt
2014-07-04 11:51 - 2014-07-04 11:51 - 02083840 _____ (Farbar) C:\Users\sir kitty\Desktop\FRST64.exe
2014-07-04 11:49 - 2014-07-04 11:49 - 00003459 _____ () C:\Users\sir kitty\Desktop\mbam.txt
2014-07-04 11:45 - 2014-07-04 11:45 - 00000713 _____ () C:\Users\sir kitty\Desktop\post.txt
2014-07-04 11:36 - 2014-07-04 11:37 - 00000761 _____ () C:\Users\sir kitty\Desktop\JRT.txt
2014-07-04 11:27 - 2014-07-04 11:27 - 00002236 _____ () C:\Users\sir kitty\Desktop\AdwCleaner[S0].txt
2014-07-04 11:26 - 2014-07-04 11:26 - 00000120 _____ () C:\Users\sir kitty\Desktop\virustotal.txt
2014-07-04 11:26 - 2014-07-04 11:26 - 00000000 ____D () C:\Windows\ERUNT
2014-07-04 11:23 - 2014-07-04 11:23 - 01285120 _____ () C:\Users\sir kitty\Desktop\zoek.exe
2014-07-04 11:22 - 2014-07-04 11:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 11:22 - 2014-07-04 11:22 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 11:22 - 2014-07-04 11:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-04 11:22 - 2014-07-04 11:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-04 11:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-04 11:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-04 11:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-04 11:21 - 2014-07-04 11:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\sir kitty\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-04 11:21 - 2014-07-04 11:21 - 01016261 _____ (Thisisu) C:\Users\sir kitty\Desktop\JRT.exe
2014-07-04 11:20 - 2014-07-04 11:31 - 00000000 ____D () C:\AdwCleaner
2014-07-04 11:20 - 2014-07-04 11:20 - 01346519 _____ () C:\Users\sir kitty\Downloads\adwcleaner_3.214.exe
2014-07-04 10:56 - 2014-07-04 10:56 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-03 16:42 - 2014-07-03 16:42 - 00000028 _____ () C:\Users\sir kitty\Documents\explo_t4.mf
2014-07-03 16:10 - 2014-07-03 16:28 - 00008250 _____ () C:\Users\sir kitty\Documents\backup_2014-07-03.mbf
2014-07-03 15:51 - 2014-07-03 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FightMouse Elite
2014-07-03 15:51 - 2014-07-03 15:51 - 00000000 ____D () C:\FightMouse Elite
2014-07-03 15:48 - 2014-07-03 15:49 - 00000000 ____D () C:\ProgramData\SystemExplorer
2014-07-03 15:48 - 2014-07-03 15:48 - 00961360 _____ (Chip Digital GmbH) C:\Users\sir kitty\Downloads\System Explorer - CHIP-Installer.exe
2014-07-03 15:48 - 2014-07-03 15:48 - 00001098 _____ () C:\Users\Public\Desktop\System Explorer.lnk
2014-07-03 15:48 - 2014-07-03 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2014-07-03 15:48 - 2014-07-03 15:48 - 00000000 ____D () C:\Program Files (x86)\System Explorer
2014-07-03 15:47 - 2014-07-03 15:47 - 00000000 ____D () C:\Users\sir kitty\AppData\Roaming\WinRAR
2014-07-03 15:45 - 2014-07-03 15:45 - 00291606 _____ () C:\Users\sir kitty\Downloads\TcpView-3.05.zip
2014-07-03 15:44 - 2014-07-03 15:44 - 00961360 _____ (Chip Digital GmbH) C:\Users\sir kitty\Downloads\TCPView - CHIP-Installer.exe
2014-07-03 15:35 - 2014-07-03 15:35 - 00000000 ____D () C:\Users\sir kitty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-03 15:35 - 2014-07-03 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-03 15:34 - 2014-07-03 15:35 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-03 15:34 - 2014-07-03 15:34 - 01915800 _____ () C:\Users\sir kitty\Downloads\winrar-x64-510.exe
2014-07-03 15:28 - 2014-07-03 15:28 - 00000000 __SHD () C:\Users\sir kitty\AppData\Local\EmieUserList
2014-07-03 15:28 - 2014-07-03 15:28 - 00000000 __SHD () C:\Users\sir kitty\AppData\Local\EmieSiteList
2014-07-03 15:23 - 2014-07-03 15:23 - 00623696 _____ (Click Me In Limited) C:\Users\sir kitty\AppData\Local\nsyC736.tmp
2014-07-03 15:22 - 2014-07-03 15:22 - 00469328 _____ () C:\Users\sir kitty\Downloads\7z920-x64-Downloader.exe
2014-07-03 15:19 - 2014-07-03 15:19 - 14142143 _____ () C:\Users\sir kitty\Downloads\FightMouse_Elite_RE122_100609.rar
2014-06-26 09:46 - 2014-06-26 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
2014-06-21 07:26 - 2014-06-21 07:26 - 01831683 _____ () C:\Users\sir kitty\Desktop\Unbenannt.pdn
2014-06-18 16:28 - 2014-06-18 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-12 16:18 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 16:18 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 16:18 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 16:18 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 16:18 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 16:18 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 16:18 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 16:18 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 16:18 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 16:18 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 16:18 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 16:18 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 16:18 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 16:18 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 16:18 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 16:18 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 16:18 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 16:18 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 16:18 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 16:18 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 16:18 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 16:18 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 16:18 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 16:18 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 16:18 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 16:18 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 16:18 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 16:18 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 16:18 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 16:18 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 16:18 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 16:18 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 16:18 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 16:18 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 16:18 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 16:18 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 16:18 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 16:18 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 16:18 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 16:18 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 16:18 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 16:18 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 16:18 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 16:18 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 16:18 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 16:18 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 16:18 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 16:18 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 16:18 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 16:18 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 16:18 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 16:18 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 16:18 - 2014-05-08 11:32 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 16:18 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 16:18 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 16:18 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 16:18 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 16:18 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 16:18 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 16:18 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 16:18 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 16:18 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 16:18 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 16:18 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 16:18 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 16:17 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-12 16:17 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 07:09 - 2014-06-09 01:47 - 00000000 ____D () C:\Users\sir kitty\eBay
2014-06-07 07:07 - 2014-06-21 07:26 - 00000000 ____D () C:\Users\sir kitty\AppData\Local\Paint.NET
2014-06-07 07:07 - 2014-06-07 07:07 - 00001302 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-06-07 07:07 - 2014-06-07 07:07 - 00000000 ____D () C:\Program Files\Paint.NET
2014-06-07 07:06 - 2014-06-07 07:06 - 03739157 _____ () C:\Users\sir kitty\Downloads\Paint.NET.3.5.11.Install.zip
2014-06-07 07:05 - 2014-06-07 07:05 - 00961360 _____ (Chip Digital GmbH) C:\Users\sir kitty\Downloads\Paint NET - CHIP-Installer.exe

==================== One Month Modified Files and Folders =======

2014-07-04 16:38 - 2014-07-04 11:52 - 00008446 _____ () C:\Users\sir kitty\Desktop\FRST.txt
2014-07-04 16:38 - 2014-07-04 11:52 - 00000000 ____D () C:\FRST
2014-07-04 16:37 - 2014-07-04 16:37 - 00000711 _____ () C:\Users\sir kitty\Desktop\checkup.txt
2014-07-04 16:27 - 2014-03-26 17:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-04 16:23 - 2014-07-04 16:22 - 00854390 _____ () C:\Users\sir kitty\Desktop\SecurityCheck.exe
2014-07-04 16:18 - 2009-07-14 06:45 - 00026672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-04 16:18 - 2009-07-14 06:45 - 00026672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-04 16:17 - 2014-07-04 16:17 - 02347384 _____ (ESET) C:\Users\sir kitty\Downloads\esetsmartinstaller_deu.exe
2014-07-04 16:17 - 2014-03-25 07:09 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-07-04 16:17 - 2014-03-25 07:09 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-07-04 16:17 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-04 16:14 - 2014-03-24 22:15 - 01846246 _____ () C:\Windows\WindowsUpdate.log
2014-07-04 16:11 - 2014-03-26 17:29 - 00004152 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-04 16:11 - 2014-03-25 09:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-04 16:11 - 2014-03-24 22:15 - 00000000 ____D () C:\Users\sir kitty
2014-07-04 16:11 - 2010-11-21 05:47 - 00162728 _____ () C:\Windows\PFRO.log
2014-07-04 16:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-04 16:11 - 2009-07-14 06:51 - 00060683 _____ () C:\Windows\setupact.log
2014-07-04 13:03 - 2014-03-25 10:09 - 00000000 ____D () C:\Users\sir kitty\AppData\Local\Battle.net
2014-07-04 11:52 - 2014-07-04 11:52 - 00009822 _____ () C:\Users\sir kitty\Desktop\Addition.txt
2014-07-04 11:51 - 2014-07-04 11:51 - 02083840 _____ (Farbar) C:\Users\sir kitty\Desktop\FRST64.exe
2014-07-04 11:49 - 2014-07-04 11:49 - 00003459 _____ () C:\Users\sir kitty\Desktop\mbam.txt
2014-07-04 11:48 - 2014-07-04 11:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 11:45 - 2014-07-04 11:45 - 00000713 _____ () C:\Users\sir kitty\Desktop\post.txt
2014-07-04 11:37 - 2014-07-04 11:36 - 00000761 _____ () C:\Users\sir kitty\Desktop\JRT.txt
2014-07-04 11:31 - 2014-07-04 11:20 - 00000000 ____D () C:\AdwCleaner
2014-07-04 11:27 - 2014-07-04 11:27 - 00002236 _____ () C:\Users\sir kitty\Desktop\AdwCleaner[S0].txt
2014-07-04 11:26 - 2014-07-04 11:26 - 00000120 _____ () C:\Users\sir kitty\Desktop\virustotal.txt
2014-07-04 11:26 - 2014-07-04 11:26 - 00000000 ____D () C:\Windows\ERUNT
2014-07-04 11:23 - 2014-07-04 11:23 - 01285120 _____ () C:\Users\sir kitty\Desktop\zoek.exe
2014-07-04 11:22 - 2014-07-04 11:22 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 11:22 - 2014-07-04 11:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-04 11:22 - 2014-07-04 11:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-04 11:22 - 2014-07-04 11:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\sir kitty\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-04 11:21 - 2014-07-04 11:21 - 01016261 _____ (Thisisu) C:\Users\sir kitty\Desktop\JRT.exe
2014-07-04 11:20 - 2014-07-04 11:20 - 01346519 _____ () C:\Users\sir kitty\Downloads\adwcleaner_3.214.exe
2014-07-04 10:57 - 2014-03-26 17:28 - 00000000 ____D () C:\Users\sir kitty\AppData\Local\Google
2014-07-04 10:57 - 2014-03-26 17:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-04 10:56 - 2014-07-04 10:56 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-04 10:39 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-03 18:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-03 16:42 - 2014-07-03 16:42 - 00000028 _____ () C:\Users\sir kitty\Documents\explo_t4.mf
2014-07-03 16:28 - 2014-07-03 16:10 - 00008250 _____ () C:\Users\sir kitty\Documents\backup_2014-07-03.mbf
2014-07-03 15:51 - 2014-07-03 15:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FightMouse Elite
2014-07-03 15:51 - 2014-07-03 15:51 - 00000000 ____D () C:\FightMouse Elite
2014-07-03 15:49 - 2014-07-03 15:48 - 00000000 ____D () C:\ProgramData\SystemExplorer
2014-07-03 15:48 - 2014-07-03 15:48 - 00961360 _____ (Chip Digital GmbH) C:\Users\sir kitty\Downloads\System Explorer - CHIP-Installer.exe
2014-07-03 15:48 - 2014-07-03 15:48 - 00001098 _____ () C:\Users\Public\Desktop\System Explorer.lnk
2014-07-03 15:48 - 2014-07-03 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
2014-07-03 15:48 - 2014-07-03 15:48 - 00000000 ____D () C:\Program Files (x86)\System Explorer
2014-07-03 15:47 - 2014-07-03 15:47 - 00000000 ____D () C:\Users\sir kitty\AppData\Roaming\WinRAR
2014-07-03 15:45 - 2014-07-03 15:45 - 00291606 _____ () C:\Users\sir kitty\Downloads\TcpView-3.05.zip
2014-07-03 15:44 - 2014-07-03 15:44 - 00961360 _____ (Chip Digital GmbH) C:\Users\sir kitty\Downloads\TCPView - CHIP-Installer.exe
2014-07-03 15:35 - 2014-07-03 15:35 - 00000000 ____D () C:\Users\sir kitty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-03 15:35 - 2014-07-03 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-03 15:35 - 2014-07-03 15:34 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-03 15:34 - 2014-07-03 15:34 - 01915800 _____ () C:\Users\sir kitty\Downloads\winrar-x64-510.exe
2014-07-03 15:28 - 2014-07-03 15:28 - 00000000 __SHD () C:\Users\sir kitty\AppData\Local\EmieUserList
2014-07-03 15:28 - 2014-07-03 15:28 - 00000000 __SHD () C:\Users\sir kitty\AppData\Local\EmieSiteList
2014-07-03 15:23 - 2014-07-03 15:23 - 00623696 _____ (Click Me In Limited) C:\Users\sir kitty\AppData\Local\nsyC736.tmp
2014-07-03 15:22 - 2014-07-03 15:22 - 00469328 _____ () C:\Users\sir kitty\Downloads\7z920-x64-Downloader.exe
2014-07-03 15:19 - 2014-07-03 15:19 - 14142143 _____ () C:\Users\sir kitty\Downloads\FightMouse_Elite_RE122_100609.rar
2014-06-27 07:24 - 2014-03-26 08:43 - 00000000 ____D () C:\Users\sir kitty\Documents\Diablo III
2014-06-26 09:46 - 2014-06-26 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
2014-06-25 22:31 - 2014-03-25 10:09 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-25 22:24 - 2014-03-26 17:28 - 00000000 ____D () C:\Program Files\Avast
2014-06-21 07:26 - 2014-06-21 07:26 - 01831683 _____ () C:\Users\sir kitty\Desktop\Unbenannt.pdn
2014-06-21 07:26 - 2014-06-07 07:07 - 00000000 ____D () C:\Users\sir kitty\AppData\Local\Paint.NET
2014-06-19 19:06 - 2014-03-25 09:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 16:28 - 2014-06-18 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-15 14:11 - 2014-03-26 17:26 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-15 14:11 - 2014-03-25 09:53 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-15 14:11 - 2014-03-25 09:53 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-12 18:10 - 2014-03-26 08:49 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 18:10 - 2014-03-26 08:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 18:09 - 2014-05-06 10:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-09 01:47 - 2014-06-07 07:09 - 00000000 ____D () C:\Users\sir kitty\eBay
2014-06-08 11:13 - 2014-06-12 16:17 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-12 16:17 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 07:07 - 2014-06-07 07:07 - 00001302 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2014-06-07 07:07 - 2014-06-07 07:07 - 00000000 ____D () C:\Program Files\Paint.NET
2014-06-07 07:06 - 2014-06-07 07:06 - 03739157 _____ () C:\Users\sir kitty\Downloads\Paint.NET.3.5.11.Install.zip
2014-06-07 07:05 - 2014-06-07 07:05 - 00961360 _____ (Chip Digital GmbH) C:\Users\sir kitty\Downloads\Paint NET - CHIP-Installer.exe
2014-06-07 07:03 - 2014-03-25 10:09 - 00000000 ____D () C:\Users\sir kitty\AppData\Roaming\Battle.net

Some content of TEMP:
====================
C:\Users\sir kitty\AppData\Local\Temp\2014042408022049~YingInstall-ProvideForInstall.exe
C:\Users\sir kitty\AppData\Local\Temp\6_Offer_18.exe
C:\Users\sir kitty\AppData\Local\Temp\f.exe
C:\Users\sir kitty\AppData\Local\Temp\nvStInst.exe
C:\Users\sir kitty\AppData\Local\Temp\PreExe_ID_13296.exe
C:\Users\sir kitty\AppData\Local\Temp\Quarantine.exe
C:\Users\sir kitty\AppData\Local\Temp\SecurityUtility.exe
C:\Users\sir kitty\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\sir kitty\AppData\Local\Temp\System.Data.SQLite73191.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-03 18:36

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition
FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2014
Ran by sir kitty at 2014-07-04 16:38:14
Running from C:\Users\sir kitty\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
FightMouse Elite (HKLM-x32\...\FightMouse Elite 3) (Version:  - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIGABYTE OC_GURU II (HKLM-x32\...\InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}) (Version: 1.61.0000 - GIGABYTE Technology Co.,Ltd.)
GIGABYTE OC_GURU II (x32 Version: 1.61.0000 - GIGABYTE Technology Co.,Ltd.) Hidden
GIGABYTE VGA @BIOS (HKLM-x32\...\{AA12545D-5EB8-4078-AFD9-8E8DC0AE3A76}) (Version: 5.51 - GIGABYTE)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
System Explorer 5.8.0 (HKLM-x32\...\{40F485F7-6478-4896-B0D5-F94BE677EB78}_is1) (Version:  - Mister Group)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Restore Points  =========================

21-05-2014 15:14:54 Windows Update
30-05-2014 19:45:34 Windows Update
04-06-2014 05:51:04 Windows Update
07-06-2014 05:07:39 Paint.NET v3.5.11
10-06-2014 14:40:49 Windows Update
12-06-2014 16:09:29 Windows Update
17-06-2014 13:45:36 Windows Update
21-06-2014 05:26:40 Windows Update
24-06-2014 08:29:03 Windows Update
28-06-2014 20:43:03 Windows Update
04-07-2014 08:52:40 Windows Update
04-07-2014 08:56:16 Removed Microsoft Silverlight

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {37B1159F-2869-4ED1-A301-B98AFDED768A} - System32\Tasks\avast! Emergency Update => C:\Program Files\Avast\AvastEmUpdate.exe [2014-05-03] (AVAST Software)
Task: {39316FBB-342C-4530-BDED-28C966168E47} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {973275ED-3DE5-4E86-9083-B8F1448FA1FA} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {A4DD375B-2800-4E0E-844B-E47246A147F7} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {B0B6A918-059A-4504-9104-847370925A9C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-15] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-03-25 09:39 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-06-09 06:36 - 2010-06-09 06:36 - 01273856 _____ () C:\FightMouse Elite\Gaming 3.exe
2014-07-04 16:11 - 2014-07-04 16:11 - 02789888 _____ () C:\Program Files\Avast\defs\14070400\algo.dll
2014-03-26 17:28 - 2014-03-26 17:28 - 19336120 _____ () C:\Program Files\Avast\libcef.dll
2014-06-18 16:28 - 2014-06-18 16:28 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-25 09:10 - 2013-09-16 13:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2014 04:35:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/04/2014 04:17:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/04/2014 04:17:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/04/2014 04:11:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 11:47:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (07/04/2014 04:35:35 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/04/2014 04:17:44 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\sir kitty\Downloads\esetsmartinstaller_deu.exe

Error: (07/04/2014 04:17:40 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\sir kitty\Downloads\esetsmartinstaller_deu.exe

Error: (07/04/2014 04:11:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2014 11:47:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 17%
Total physical RAM: 16345.22 MB
Available physical RAM: 13495.59 MB
Total Pagefile: 32688.62 MB
Available Pagefile: 29870.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:149.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: E5BC8641)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

ESET hatte 10 Bedrohungen gefunden, da sie ja nicht vom Programm gelöscht werden sollten, sollen die irgendwie gelöscht werden?

Wie schauen die Logfiles aus?
Grüße

schrauber · 05.07.2014, 11:58

das sind nur Temps oder Sachen die schon in QUarantäne sind. Noch Probleme? Logs sehen gut aus

Sir.Kitty · 05.07.2014, 14:06

Also, laut system explorer ist keine inet.exe in Prozess, hatte bisher auch noch keine Werbewiedergabe

denke also, dass es geholfen hat und wieder alles einen Gang nimmt, sonst melde ich mich wieder.
SUPER FORUM, DANKE an dich und alle die so etwas möglich machen

schrauber · 05.07.2014, 22:32

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

05.07.2014, 11:58	#4
schrauber /// the machine /// TB-Ausbilder	Werbe - Trojaner ohne offenes Fenster ... inetstat.exe ! das sind nur Temps oder Sachen die schon in QUarantäne sind. Noch Probleme? Logs sehen gut aus __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Werbe - Trojaner ohne offenes Fenster ... inetstat.exe !

Plagegeister aller Art und deren Bekämpfung: Werbe - Trojaner ohne offenes Fenster ... inetstat.exe !