Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig

Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig


Plagegeister aller Art und deren Bekämpfung: Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.08.2014, 00:14   #1
shrekislove
 
Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig - Standard

Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig


Hallo liebes trojaner-board team.
Ich habe gerade eben meine prozesse durchgeschaut und habe da die oben stehenden gefunden.ich habe schon malwarebytes,JRT,adwcleaner,CCleaner und wise registry cleaner durchlaufen lassen, diese haben aber nichts gefunden.ich glaube ich habe wieder einen trojaner, hab aber in letzter zeit nicht wirklich was gedownloadet

Alt 08.08.2014, 00:37   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig - Standard

Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig


Hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 08.08.2014, 04:24   #3
shrekislove
 
Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig - Standard

Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig


soll ich GMER auch durchlaufen lassen?

FRST:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01 (ATTENTION: ====> FRST version is 8 days old and could be outdated)
Ran by Sebastian (administrator) on SEBASTIAN-PC on 08-08-2014 01:42:07
Running from C:\Users\Sebastian\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\ASGT.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\Kone Mouse\OSD.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\ASUS\GPU Tweak\2dpainting.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5581888 2014-02-24] (ESET)
HKLM-x32\...\Run: [Kone] => C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE [180224 2009-09-15] (ROCCAT)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-09-11] (AMD)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-02] (Google Inc.)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21652064 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [37632 2014-01-30] (Overwolf LTD)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [AshSnap] => C:\Program Files\Ashampoo Snap 4\ashsnap.exe [1528176 2011-04-01] (ashampoo GmbH & Co. KG)
HKU\S-1-5-21-2033358269-2921509346-268069936-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sebastian\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk
ShortcutTarget: NETGEAR WNA3100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xED82E6AE3520CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Sebastian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-03]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome: 
=======
CHR HomePage: hxxp://google.de/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-02]
CHR Extension: (Google Drive) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-02]
CHR Extension: (YouTube) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-02]
CHR Extension: (Adblock Plus) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-02]
CHR Extension: (Google-Suche) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-02]
CHR Extension: (Google Wallet) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-02]
CHR Extension: (Google Mail) - C:\Users\Sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-03-23] () [File not signed]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1343408 2014-02-24] (ESET)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [98560 2014-01-30] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-06-28] ()
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [307928 2013-11-11] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
R3 KoneFltr; C:\Windows\System32\drivers\Kone.sys [15488 2008-12-11] (ROCCAT Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
R4 networx; system32\drivers\networx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 00:56 - 2014-08-08 00:56 - 00000056 _____ () C:\Windows\setupact.log
2014-08-08 00:56 - 2014-08-08 00:56 - 00000022 _____ () C:\Windows\S.dirmngr
2014-08-08 00:56 - 2014-08-08 00:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-08 00:53 - 2014-08-08 00:53 - 00010122 _____ () C:\Users\Sebastian\Documents\cc_20140808_005316.reg
2014-08-08 00:53 - 2014-08-08 00:53 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\WiseUpdate
2014-08-08 00:51 - 2014-08-08 00:51 - 00000625 _____ () C:\Users\Sebastian\Desktop\JRT.txt
2014-08-08 00:42 - 2014-08-08 00:42 - 01475072 _____ () C:\Users\Sebastian\Downloads\adwcleaner_3.303.exe
2014-08-07 23:23 - 2014-08-07 23:23 - 00010484 _____ () C:\Users\Sebastian\Desktop\rekt.odt
2014-08-06 05:17 - 2014-08-06 05:18 - 00000036 _____ () C:\Users\Sebastian\Desktop\adnan hodziz zitat.txt
2014-08-05 01:49 - 2014-08-05 01:49 - 00448512 _____ (OldTimer Tools) C:\Users\Sebastian\Downloads\TFC.exe
2014-08-05 00:00 - 2014-08-05 00:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-04 23:52 - 2014-08-04 23:52 - 00001160 _____ () C:\Users\Sebastian\Documents\mbam.txt
2014-08-04 23:28 - 2014-08-04 23:28 - 02347384 _____ (ESET) C:\Users\Sebastian\Downloads\esetsmartinstaller_deu.exe
2014-08-04 23:22 - 2014-08-08 01:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-04 23:22 - 2014-08-04 23:22 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-04 23:22 - 2014-08-04 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-04 23:22 - 2014-08-04 23:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 23:22 - 2014-08-04 23:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-04 23:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-04 23:22 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-04 23:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-04 23:21 - 2014-08-04 23:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sebastian\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-04 17:12 - 2014-08-04 17:12 - 00000405 _____ () C:\Users\Sebastian\Documents\Daniel pws
2014-08-04 16:28 - 2014-08-04 16:28 - 00000000 ____D () C:\Windows\ERUNT
2014-08-04 16:25 - 2014-08-04 16:26 - 01016261 _____ (Thisisu) C:\Users\Sebastian\Desktop\JRT.exe
2014-08-04 16:11 - 2014-04-05 08:21 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-04 16:10 - 2014-08-08 00:45 - 00000000 ____D () C:\AdwCleaner
2014-08-04 16:06 - 2014-08-04 16:06 - 00000030 _____ () C:\Users\Sebastian\Desktop\paypal.txt
2014-08-04 16:05 - 2014-08-04 16:05 - 00000000 _____ () C:\Users\Sebastian\Desktop\MC accs.txt
2014-07-31 15:35 - 2014-07-31 15:35 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\ESET
2014-07-31 13:47 - 2014-07-31 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-07-31 13:47 - 2014-07-31 13:47 - 00000000 ____D () C:\ProgramData\ESET
2014-07-31 13:47 - 2014-07-31 13:47 - 00000000 ____D () C:\Program Files\ESET
2014-07-31 13:40 - 2014-07-31 13:40 - 01695680 _____ (ESET) C:\Users\Sebastian\Downloads\eset_nod32_antivirus_live_installer_.exe
2014-07-31 13:32 - 2014-07-31 13:32 - 00013817 _____ () C:\Users\Sebastian\Desktop\GMER.txt
2014-07-31 12:24 - 2014-07-31 12:24 - 00380416 _____ () C:\Users\Sebastian\Downloads\Gmer-19357.exe
2014-07-31 12:22 - 2014-08-04 23:06 - 00023297 _____ () C:\Users\Sebastian\Downloads\Addition.txt
2014-07-31 12:22 - 2014-07-31 12:22 - 00052312 _____ () C:\Users\Sebastian\Downloads\Shortcut.txt
2014-07-31 12:21 - 2014-08-08 01:42 - 00014749 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-07-31 12:21 - 2014-08-08 01:42 - 00000000 ____D () C:\FRST
2014-07-31 12:20 - 2014-07-31 12:20 - 02094080 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe
2014-07-31 12:17 - 2014-07-31 12:17 - 01084928 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST.exe
2014-07-30 00:37 - 2014-07-30 00:37 - 00011842 _____ () C:\Users\Sebastian\Documents\ayy lmao.odt
2014-07-30 00:14 - 2014-07-30 00:14 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\2K Games
2014-07-28 01:12 - 2014-07-28 01:14 - 06462968 _____ () C:\Users\Sebastian\Documents\I´m Sorry.mp4
2014-07-23 22:55 - 2014-07-23 22:55 - 00000000 ____D () C:\Users\Sebastian\Desktop\Text dokumentz
2014-07-23 22:22 - 2014-07-23 22:24 - 27167987 _____ () C:\Users\Sebastian\Desktop\torbrowser-install-3.6.2_en-US.exe
2014-07-22 20:19 - 2014-07-22 21:16 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Bioshock
2014-07-22 20:19 - 2014-07-22 20:27 - 00000000 ____D () C:\Users\Sebastian\Documents\Bioshock
2014-07-22 18:35 - 2014-07-27 00:31 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\DarknessII
2014-07-21 19:38 - 2014-07-21 19:38 - 00000220 _____ () C:\Users\Sebastian\Desktop\BioShock.url
2014-07-20 21:48 - 2014-07-20 21:48 - 00007605 _____ () C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg
2014-07-16 16:15 - 2014-07-16 16:15 - 00001222 ____R () C:\Users\Sebastian\Desktop\BitLocker-Wiederherstellungsschlüssel B66D4F0E-4BCD-479B-A766-A10180C7A72B.txt
2014-07-12 17:37 - 2014-07-12 17:39 - 00000000 ____D () C:\Users\Sebastian\Desktop\Zelda
2014-07-12 17:36 - 2014-07-12 17:39 - 00000000 ____D () C:\Users\Sebastian\Documents\Dolphin Emulator
2014-07-12 17:34 - 2014-07-12 17:35 - 00000000 ____D () C:\Users\Sebastian\Desktop\dolphin2

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-08 01:42 - 2014-07-31 12:21 - 00014749 _____ () C:\Users\Sebastian\Downloads\FRST.txt
2014-08-08 01:42 - 2014-07-31 12:21 - 00000000 ____D () C:\FRST
2014-08-08 01:38 - 2014-02-04 17:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-08 01:28 - 2014-02-02 21:53 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Skype
2014-08-08 01:24 - 2014-02-02 20:48 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-08 01:11 - 2014-08-04 23:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-08 01:03 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-08 01:03 - 2009-07-14 06:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-08 01:02 - 2014-02-02 01:34 - 01771694 _____ () C:\Windows\WindowsUpdate.log
2014-08-08 00:56 - 2014-08-08 00:56 - 00000056 _____ () C:\Windows\setupact.log
2014-08-08 00:56 - 2014-08-08 00:56 - 00000022 _____ () C:\Windows\S.dirmngr
2014-08-08 00:56 - 2014-08-08 00:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-08 00:56 - 2014-02-02 22:02 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Overwolf
2014-08-08 00:56 - 2014-02-02 20:48 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-08 00:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-08 00:53 - 2014-08-08 00:53 - 00010122 _____ () C:\Users\Sebastian\Documents\cc_20140808_005316.reg
2014-08-08 00:53 - 2014-08-08 00:53 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\WiseUpdate
2014-08-08 00:51 - 2014-08-08 00:51 - 00000625 _____ () C:\Users\Sebastian\Desktop\JRT.txt
2014-08-08 00:45 - 2014-08-04 16:10 - 00000000 ____D () C:\AdwCleaner
2014-08-08 00:42 - 2014-08-08 00:42 - 01475072 _____ () C:\Users\Sebastian\Downloads\adwcleaner_3.303.exe
2014-08-08 00:41 - 2014-02-03 00:07 - 00000000 ____D () C:\ProgramData\Origin
2014-08-08 00:41 - 2014-02-02 22:27 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-08 00:34 - 2014-02-10 22:30 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\Battle.net
2014-08-07 23:43 - 2014-02-02 22:02 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\TS3Client
2014-08-07 23:23 - 2014-08-07 23:23 - 00010484 _____ () C:\Users\Sebastian\Desktop\rekt.odt
2014-08-07 23:17 - 2014-02-03 00:09 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-08-07 02:51 - 2014-02-03 17:02 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-07 01:38 - 2014-02-10 22:30 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-07 00:15 - 2014-02-03 01:24 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-08-07 00:15 - 2014-02-03 00:58 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-08-07 00:14 - 2014-02-03 00:58 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-08-06 05:18 - 2014-08-06 05:17 - 00000036 _____ () C:\Users\Sebastian\Desktop\adnan hodziz zitat.txt
2014-08-06 02:03 - 2014-04-26 16:51 - 00000000 ____D () C:\Users\Sebastian\Desktop\K
2014-08-05 20:25 - 2014-02-02 21:53 - 00000000 ____D () C:\ProgramData\Skype
2014-08-05 01:49 - 2014-08-05 01:49 - 00448512 _____ (OldTimer Tools) C:\Users\Sebastian\Downloads\TFC.exe
2014-08-05 00:00 - 2014-08-05 00:00 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-04 23:52 - 2014-08-04 23:52 - 00001160 _____ () C:\Users\Sebastian\Documents\mbam.txt
2014-08-04 23:28 - 2014-08-04 23:28 - 02347384 _____ (ESET) C:\Users\Sebastian\Downloads\esetsmartinstaller_deu.exe
2014-08-04 23:22 - 2014-08-04 23:22 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-04 23:22 - 2014-08-04 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-04 23:22 - 2014-08-04 23:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-04 23:22 - 2014-08-04 23:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-04 23:21 - 2014-08-04 23:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sebastian\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-04 23:06 - 2014-07-31 12:22 - 00023297 _____ () C:\Users\Sebastian\Downloads\Addition.txt
2014-08-04 17:12 - 2014-08-04 17:12 - 00000405 _____ () C:\Users\Sebastian\Documents\Daniel pws
2014-08-04 16:28 - 2014-08-04 16:28 - 00000000 ____D () C:\Windows\ERUNT
2014-08-04 16:26 - 2014-08-04 16:25 - 01016261 _____ (Thisisu) C:\Users\Sebastian\Desktop\JRT.exe
2014-08-04 16:06 - 2014-08-04 16:06 - 00000030 _____ () C:\Users\Sebastian\Desktop\paypal.txt
2014-08-04 16:05 - 2014-08-04 16:05 - 00000000 _____ () C:\Users\Sebastian\Desktop\MC accs.txt
2014-08-04 15:43 - 2011-04-12 09:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-08-04 15:43 - 2011-04-12 09:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-08-04 15:43 - 2009-07-14 07:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-03 23:05 - 2014-02-04 21:08 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\.minecraft
2014-08-02 23:19 - 2014-06-29 15:18 - 00000075 _____ () C:\Users\Sebastian\.atl.properties
2014-08-01 11:01 - 2014-02-02 23:36 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-31 15:35 - 2014-07-31 15:35 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\ESET
2014-07-31 13:47 - 2014-07-31 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-07-31 13:47 - 2014-07-31 13:47 - 00000000 ____D () C:\ProgramData\ESET
2014-07-31 13:47 - 2014-07-31 13:47 - 00000000 ____D () C:\Program Files\ESET
2014-07-31 13:40 - 2014-07-31 13:40 - 01695680 _____ (ESET) C:\Users\Sebastian\Downloads\eset_nod32_antivirus_live_installer_.exe
2014-07-31 13:32 - 2014-07-31 13:32 - 00013817 _____ () C:\Users\Sebastian\Desktop\GMER.txt
2014-07-31 12:24 - 2014-07-31 12:24 - 00380416 _____ () C:\Users\Sebastian\Downloads\Gmer-19357.exe
2014-07-31 12:22 - 2014-07-31 12:22 - 00052312 _____ () C:\Users\Sebastian\Downloads\Shortcut.txt
2014-07-31 12:20 - 2014-07-31 12:20 - 02094080 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST64.exe
2014-07-31 12:17 - 2014-07-31 12:17 - 01084928 _____ (Farbar) C:\Users\Sebastian\Downloads\FRST.exe
2014-07-30 17:27 - 2014-05-10 17:34 - 00000000 ____D () C:\Users\Sebastian\Desktop\Temp
2014-07-30 17:24 - 2014-05-10 17:34 - 00000000 ____D () C:\Users\Sebastian\Desktop\Instances
2014-07-30 00:37 - 2014-07-30 00:37 - 00011842 _____ () C:\Users\Sebastian\Documents\ayy lmao.odt
2014-07-30 00:14 - 2014-07-30 00:14 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\2K Games
2014-07-29 17:06 - 2014-02-02 20:48 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-29 17:06 - 2014-02-02 20:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-29 15:37 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-29 00:28 - 2014-02-26 22:40 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\.purple
2014-07-28 01:14 - 2014-07-28 01:12 - 06462968 _____ () C:\Users\Sebastian\Documents\I´m Sorry.mp4
2014-07-27 00:31 - 2014-07-22 18:35 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\DarknessII
2014-07-23 22:55 - 2014-07-23 22:55 - 00000000 ____D () C:\Users\Sebastian\Desktop\Text dokumentz
2014-07-23 22:24 - 2014-07-23 22:22 - 27167987 _____ () C:\Users\Sebastian\Desktop\torbrowser-install-3.6.2_en-US.exe
2014-07-22 22:31 - 2014-05-30 17:08 - 00000000 ____D () C:\Users\Sebastian\AppData\Local\PAYDAY 2
2014-07-22 21:19 - 2014-02-03 16:31 - 00000000 ____D () C:\Users\Sebastian\Documents\My Games
2014-07-22 21:16 - 2014-07-22 20:19 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\Bioshock
2014-07-22 20:27 - 2014-07-22 20:19 - 00000000 ____D () C:\Users\Sebastian\Documents\Bioshock
2014-07-22 18:40 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-22 18:23 - 2014-02-02 22:02 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2014-07-22 17:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-21 19:38 - 2014-07-21 19:38 - 00000220 _____ () C:\Users\Sebastian\Desktop\BioShock.url
2014-07-20 21:48 - 2014-07-20 21:48 - 00007605 _____ () C:\Users\Sebastian\AppData\Local\Resmon.ResmonCfg
2014-07-20 19:04 - 2014-02-11 23:58 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\vlc
2014-07-20 16:48 - 2014-05-02 21:04 - 00000000 ____D () C:\Users\Sebastian\AppData\Roaming\dvdcss
2014-07-16 16:15 - 2014-07-16 16:15 - 00001222 ____R () C:\Users\Sebastian\Desktop\BitLocker-Wiederherstellungsschlüssel B66D4F0E-4BCD-479B-A766-A10180C7A72B.txt
2014-07-12 17:39 - 2014-07-12 17:37 - 00000000 ____D () C:\Users\Sebastian\Desktop\Zelda
2014-07-12 17:39 - 2014-07-12 17:36 - 00000000 ____D () C:\Users\Sebastian\Documents\Dolphin Emulator
2014-07-12 17:39 - 2014-06-11 17:11 - 00000000 ____D () C:\Users\Sebastian\Desktop\stick
2014-07-12 17:35 - 2014-07-12 17:34 - 00000000 ____D () C:\Users\Sebastian\Desktop\dolphin2
2014-07-12 17:32 - 2014-06-01 15:50 - 00000000 ____D () C:\Users\Sebastian\Desktop\Stick Patrick
2014-07-09 21:18 - 2014-02-03 22:26 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys

Some content of TEMP:
====================
C:\Users\Sebastian\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 04:47

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 01
Ran by Sebastian at 2014-08-08 01:43:04
Running from C:\Users\Sebastian\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{4B5124DF-F465-2BA6-FCCF-82C149E1223D}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield™ Hardline Beta (HKLM-x32\...\{599276A7-F45D-40B1-A0B6-CF132A1CAD49}) (Version: 1.0.0.5 - Electronic Arts)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0911.2154.37488 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version:  - )
DayZ Commander (HKLM-x32\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET NOD32 Antivirus (HKLM\...\{EDD78A07-776B-417C-817B-35BB00F12EBF}) (Version: 7.0.317.4 - ESET, spol s r. o.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.00.0000 - JoWooD Productions Software AG)
Gpg4win (2.2.1) (HKLM-x32\...\GPG4Win) (Version: 2.2.1 - The Gpg4win Project)
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 2.2.0.2 - NETGEAR)
Nexon Game Manager (HKLM-x32\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.0 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\{A7234617-513C-4292-A013-7DD915493BDA}) (Version: 0.49.305 - Overwolf)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.1 beta r2286 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Rise and Fall (HKLM-x32\...\{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}) (Version: 1.00.0000 - Midway Games)
ROCCAT Kone Mouse Driver (HKLM-x32\...\{9733747E-E53D-4C17-977E-3A872AFB93E1}) (Version:  - )
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Spec Ops: The Line (HKLM-x32\...\Steam App 50300) (Version:  - Yager)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25790 - TeamViewer)
The Darkness II (HKLM-x32\...\Steam App 67370) (Version:  - Digital Extremes)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Tom Clancy's Rainbow Six Vegas 2 (HKLM-x32\...\{FD416706-875C-4B0B-A23A-9E740DAE029E}) (Version: 1.03 - Ubisoft)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
War Thunder Launcher 1.0.1.322 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - 2013 Gaijin Entertainment Corporation)
WarRock (HKLM-x32\...\Warrock EU) (Version:  - )
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wise Registry Cleaner 8.12 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.12 - WiseCleaner.com, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

26-07-2014 20:28:22 DirectX wurde installiert
29-07-2014 14:04:52 DirectX wurde installiert
29-07-2014 22:12:41 DirectX wurde installiert
30-07-2014 18:45:46 DirectX wurde installiert
31-07-2014 11:35:43 avast! antivirus system restore point
31-07-2014 11:43:38 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AE46977-DAFB-4E43-A6E8-48444D062FB6} - System32\Tasks\{EB801E42-A21F-4704-B6D9-FDB2CDBD1FAF} => C:\Program Files (x86)\Steam\Steam.exe [2014-07-16] (Valve Corporation)
Task: {2285D577-B1B3-48A5-B41A-480B3F01516F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02] (Google Inc.)
Task: {25D9B035-D6D6-4154-B1F0-7803BF5B455F} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {98518E86-C0C1-43D9-A8CC-B7A2ED1387FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-02] (Google Inc.)
Task: {9A506F7D-02C4-4CF8-870B-C7785585C6DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-06 17:06 - 2013-12-06 17:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-01-17 12:24 - 2012-01-17 12:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2013-10-07 16:54 - 2013-10-07 16:54 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2014-02-03 00:58 - 2014-06-28 18:03 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-03 21:28 - 2013-11-11 15:10 - 00307928 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2014-05-03 21:28 - 2013-11-22 19:34 - 08266456 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
2014-04-06 16:35 - 2014-04-06 16:35 - 00036536 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2014-04-06 16:35 - 2014-04-06 16:35 - 00747192 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-02-25 21:35 - 2011-02-25 21:35 - 00044032 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\2dpainting.exe
2013-10-07 16:49 - 2013-10-07 16:49 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-10-07 16:47 - 2013-10-07 16:47 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-10-07 16:44 - 2013-10-07 16:44 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-10-07 16:49 - 2013-10-07 16:49 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2014-05-03 21:28 - 2013-10-30 19:06 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2014-05-03 21:28 - 2013-11-01 17:31 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2010-11-01 21:00 - 2010-11-01 21:00 - 00015964 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\mingwm10.dll
2010-11-01 21:00 - 2010-11-01 21:00 - 02741248 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\QtCore4.dll
2010-11-01 21:01 - 2010-11-01 21:01 - 11448320 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\QtGui4.dll
2010-11-01 21:01 - 2010-11-01 21:01 - 00613376 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\QtOpenGL4.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-21 21:30 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-05-22 00:27 - 2014-07-12 02:53 - 01116672 _____ () C:\Program Files (x86)\Steam\libavcodec-55.dll
2014-04-23 14:45 - 2014-07-12 02:53 - 00438784 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2014-05-22 00:27 - 2014-07-12 02:53 - 00399360 _____ () C:\Program Files (x86)\Steam\libavformat-55.dll
2014-02-04 17:32 - 2014-07-12 02:53 - 00331264 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-02-04 17:32 - 2014-06-27 00:40 - 00764416 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 00:27 - 2014-07-16 04:28 - 02139328 _____ () C:\Program Files (x86)\Steam\video.dll
2014-05-22 00:27 - 2014-04-29 02:37 - 00519168 _____ () C:\Program Files (x86)\Steam\libswscale-2.dll
2014-02-04 17:32 - 2014-07-16 04:28 - 01116864 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-02-04 17:32 - 2014-05-02 01:35 - 20628160 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/08/2014 01:11:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.0.0.532 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: be8

Startzeit: 01cfb292d4b7113c

Endzeit: 3

Anwendungspfad: C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe

Berichts-ID: 189c017b-1e88-11e4-a3dd-bc5ff4fa1dc1

Error: (08/08/2014 00:58:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2014 00:56:54 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/08/2014 00:56:54 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/08/2014 00:56:54 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/08/2014 00:56:54 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (08/08/2014 00:56:50 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/08/2014 00:56:50 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (08/08/2014 00:56:50 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/08/2014 00:56:50 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (08/08/2014 00:57:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/08/2014 00:57:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (08/08/2014 00:57:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/08/2014 00:57:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (08/08/2014 00:57:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/08/2014 00:57:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (08/08/2014 00:57:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/08/2014 00:57:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (08/08/2014 00:57:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (08/08/2014 00:57:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.


Microsoft Office Sessions:
=========================
Error: (08/08/2014 01:11:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.532be801cfb292d4b7113c3C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe189c017b-1e88-11e4-a3dd-bc5ff4fa1dc1

Error: (08/08/2014 00:58:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2014 00:56:54 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/08/2014 00:56:54 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/08/2014 00:56:54 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (08/08/2014 00:56:54 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (08/08/2014 00:56:50 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (08/08/2014 00:56:50 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (08/08/2014 00:56:50 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (08/08/2014 00:56:50 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700


==================== Memory info =========================== 

Percentage of memory in use: 37%
Total physical RAM: 8148.75 MB
Available physical RAM: 5067.91 MB
Total Pagefile: 16295.7 MB
Available Pagefile: 12711.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:484.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 4DA2E21B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-08 05:23:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-2 ST1000DM003-1CH162 rev.CC47 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\SEBAST~1\AppData\Local\Temp\kglyauoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1720] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                    00000000765c87c9 4 bytes [C2, 04, 00, 00]
.text  C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         00000000763d1465 2 bytes [3D, 76]
.text  C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000763d14bb 2 bytes [3D, 76]
.text  ...                                                                                                                                           * 2
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              00000000763d1465 2 bytes [3D, 76]
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155             00000000763d14bb 2 bytes [3D, 76]
.text  ...                                                                                                                                           * 2
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                00000000763d1465 2 bytes [3D, 76]
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               00000000763d14bb 2 bytes [3D, 76]
.text  ...                                                                                                                                           * 2
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                       0000000072131a22 2 bytes [13, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                       0000000072131ad0 2 bytes [13, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                       0000000072131b08 2 bytes [13, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                       0000000072131bba 2 bytes [13, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                       0000000072131bda 2 bytes [13, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                00000000763d1465 2 bytes [3D, 76]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                               00000000763d14bb 2 bytes [3D, 76]
.text  ...                                                                                                                                           * 2
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000763d1465 2 bytes [3D, 76]
.text  C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000763d14bb 2 bytes [3D, 76]
.text  ...                                                                                                                                           * 2
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[4056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000763d1465 2 bytes [3D, 76]
.text  C:\Program Files (x86)\Skype\Phone\Skype.exe[4056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000763d14bb 2 bytes [3D, 76]
.text  ...                                                                                                                                           * 2
.text  C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              00000000763d1465 2 bytes [3D, 76]
.text  C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe[3856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             00000000763d14bb 2 bytes [3D, 76]
.text  ...                                                                                                                                           * 2
.text  C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE[3292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            00000000763d1465 2 bytes [3D, 76]
.text  C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE[3292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000763d14bb 2 bytes [3D, 76]
.text  ...                                                                                                                                           * 2
.text  C:\Program Files (x86)\ASUS\GPU Tweak\2dpainting.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            00000000763d1465 2 bytes [3D, 76]
.text  C:\Program Files (x86)\ASUS\GPU Tweak\2dpainting.exe[4768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000763d14bb 2 bytes [3D, 76]
.text  ...                                                                                                                                           * 2
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[4792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       00000000763d1465 2 bytes [3D, 76]
.text  C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[4792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000763d14bb 2 bytes [3D, 76]
.text  ...                                                                                                                                           * 2
.text  C:\Program Files (x86)\Steam\Steam.exe[3916] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                                                    00000000751a4516 5 bytes JMP 00000001000f0800
.text  C:\Program Files (x86)\Steam\Steam.exe[3916] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                          00000000763d1465 2 bytes [3D, 76]
.text  C:\Program Files (x86)\Steam\Steam.exe[3916] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                         00000000763d14bb 2 bytes [3D, 76]
.text  ...                                                                                                                                           * 2
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                                00000000751a4516 5 bytes JMP 0000000100110800
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                      00000000763d1465 2 bytes [3D, 76]
.text  C:\Program Files (x86)\Common Files\Steam\SteamService.exe[2300] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                     00000000763d14bb 2 bytes [3D, 76]
.text  ...                                                                                                                                           * 2

---- Files - GMER 2.1 ----

File   C:\Program Files (x86)\Steam\GameOverlayRenderer.log                                                                                          7633 bytes

---- EOF - GMER 2.1 ----
__________________
Alt 08.08.2014, 22:46   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig - Standard

Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig


was genau stört dich an diesen Prozessen?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.08.2014, 22:50   #5
shrekislove
 
Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig - Standard

Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig


sie sind mir einfach noch nie aufgefallen und kamen mir verdächtig vor und ich weis jetzt nicht ob das eine bedrohung ist


Alt 09.08.2014, 14:31   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig - Standard

Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig


Sind ganz normale Windows Prozesse
__________________
--> Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig

Antwort

Themen zu Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig
adwcleaner, ccleaner, csrss.exe, gefunde, glaube, logon.exe, malwarebytes, nichts, prozesse, registry, registry cleaner, stehe, troja, trojaner-board, verdächtig, winlogon.exe, wirklich


« Computer Öffnet Selbständig Seiten | Ocs lässt sich nicht entfernen, trotz vieler Maßnahmen. »


Ähnliche Themen: Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig


  1. atiedxx.exe, csrss.exe und winlogon.exe Trojaner gefunden.
    Log-Analyse und Auswertung - 26.07.2015 (4)
  2. Windows7: zu langsam - atiedxx.exe, csrss.exe und winlogon.exe
    Log-Analyse und Auswertung - 21.06.2015 (12)
  3. Langsamer Laptop atiedxx.exe, csrss.exe und winlogon.exe
    Log-Analyse und Auswertung - 05.03.2015 (11)
  4. Virus (csrss.exe/winlogon.exe) nach mbr und normaler Formatierung immer noch da
    Log-Analyse und Auswertung - 19.05.2014 (7)
  5. winlogon.exe und csrss.exe ---> Trojaner
    Log-Analyse und Auswertung - 30.10.2013 (3)
  6. Winlogon.exe & csrss.exe...Virus? Trojan (?)
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (22)
  7. tpnumlk.exe , csrss.exe , winlogon.exe ohne Benutzer und Beschreibung im Task-Manager (Win7)
    Plagegeister aller Art und deren Bekämpfung - 01.12.2011 (21)
  8. atiecixx.exe , csrss.exe , winlogon.exe ohne Benutzer und Beschreibung im Task-Manager (Win7)
    Plagegeister aller Art und deren Bekämpfung - 28.10.2011 (7)
  9. Prozesse ohne Beschreibung & Benutzer (csrss.exe aticlxx.exe winlogon.exe) evtl Virus von Facebook
    Plagegeister aller Art und deren Bekämpfung - 22.09.2011 (9)
  10. Prozesse csrss.exe, atiedxx.exe, winlogon; Computer langsam
    Log-Analyse und Auswertung - 21.08.2011 (5)
  11. Facebook-Virus?, *.JPG.scr geöffnet, Folge: winsvc.exe, csrss.exe, atiedxx.exe, winlogon.exe
    Log-Analyse und Auswertung - 16.08.2011 (2)
  12. Trojaner + csrss.exe & winlogon.exe ohne Beschreibung
    Plagegeister aller Art und deren Bekämpfung - 09.06.2011 (32)
  13. Csrss.exe Winlogon.exe Atieclxx.exe ohne zuweisung im Taskmanager
    Log-Analyse und Auswertung - 26.05.2011 (6)
  14. atiedxx,csrss sowie winlogon.exe ohne Dateipfad - Verseucht!
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (1)
  15. csrss.exe, atiedxx.exe, winlogon?
    Plagegeister aller Art und deren Bekämpfung - 03.09.2010 (7)
  16. winlogon.exe/csrss.exe ? jemand entscheidet was ich darf und was nicht..Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2010 (10)
  17. csrss/winlogon/rundll32 unter vista,HILFE
    Log-Analyse und Auswertung - 08.08.2008 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig - Hallo liebes trojaner-board team. Ich habe gerade eben meine prozesse durchgeschaut und habe da die oben stehenden gefunden.ich habe schon malwarebytes,JRT,adwcleaner,CCleaner und wise registry cleaner durchlaufen lassen, diese haben aber - Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig...
Archiv
Du betrachtest: Prozesse 2dpainting.exe;atieclxx.exe;csrss.exe und winlogon.exe verdächtig auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55