Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7: Starke Verlangsamung des Systemstarts

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.01.2015, 21:13   #1
annoukh
 
Windows 7: Starke Verlangsamung des Systemstarts - Standard

Windows 7: Starke Verlangsamung des Systemstarts



Seit ein paar Tagen fährt mein PC nur stark verlangsamt hoch. Dazu kommen Zeiträume, in denen ich den Mauszeiger nicht bewegen kann. Ich vermutete einen Virusbefall, aber nach einem Scan mit meinem Anitviren-Scanner AVG wurde nur AdWare gefunden, die ich damit nicht löschen konnte. Deshalb deinstallierte ich AVG und installierte Avira. Dieser Virenscanner fand ebenfalls keine Viren.
Da ich mir denke, dass die von AVG angezeigte AdWare Grund für den langsamen Systemstart war, lud ich mir die aktuelle Version des AdwCleaner von chip.de runter. Dieser fand eine toolbar, die ich mit dem selben Programm entfernte.

Trotz dieser Maßnahmen blieb der Systemstart stark verlangsamt.

Hier die Logfiles:

FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Anna (ATTENTION: The logged in user is not administrator) on USER-PC on 25-01-2015 20:56:51
Running from C:\Users\Anna\Desktop
Loaded Profiles: UpdatusUser & user & Anna (Available profiles: UpdatusUser & user & Anna & Gast)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2439072 2010-05-24] (VIA)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [ROCCAT Savu Gaming Mouse] => C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-11-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3424378060-3098743664-1317459497-1002\...\RunOnce: [Adobe Speed Launcher] => 1422214284
Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
URLSearchHook: [S-1-5-21-3424378060-3098743664-1317459497-1000] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-21-3424378060-3098743664-1317459497-1001] ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3424378060-3098743664-1317459497-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={49C23A26-61FD-4D12-B912-4E7240349AFF}&mid=b5dac022ff3f47d3b2acd92928954a2d-f018a8cd6e45578900c28820f242335b4de59be4&lang=de&ds=AVG&coid=avgtbavg&cmpid=1214avi&pr=fr&d=2014-12-10 09:49:44&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\kvxcn5p6.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3424378060-3098743664-1317459497-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\kvxcn5p6.default\searchplugins\avg-secure-search.xml
FF Extension: Avira Browser Safety - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\kvxcn5p6.default\Extensions\abs@avira.com [2014-11-20]
FF Extension: BYTubeD - Bulk YouTube video Downloader - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\kvxcn5p6.default\Extensions\bytubed@cs213.cse.iitk.ac.in [2013-12-02]
FF Extension: anonymoX - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\kvxcn5p6.default\Extensions\client@anonymox.net.xpi [2013-06-04]
FF Extension: Ghostery - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\kvxcn5p6.default\Extensions\firefox@ghostery.com.xpi [2013-08-03]
FF Extension: One Click Proxy - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\kvxcn5p6.default\Extensions\jid0-zXo3XFGyiDalgkeEO4UYJTUwo2I@jetpack.xpi [2014-05-27]
FF Extension: NoScript - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\kvxcn5p6.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-04]
FF Extension: Adblock Plus - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\kvxcn5p6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-04]
FF Extension: BetterPrivacy - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\kvxcn5p6.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-06-04]
FF Extension: DownThemAll! - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\kvxcn5p6.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-12-02]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-11-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S4 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [102400 2009-12-01] (Intel) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S4 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-12-27] ()
R2 Realtek11nCU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S4 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
R2 UNS; C:\Program Files (x86)\Intel\AMT\UNS.exe [2519040 2009-12-01] (Intel) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WLMS; C:\Windows\system32\wlms\wlms.exe [19456 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-10-14] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2014-12-10] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-11-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [115328 2014-04-28] (Huawei Technologies Co., Ltd.) [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-10-14] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1038440 2011-05-09] (Realtek Semiconductor Corporation                           )
S3 RTL85n64; C:\Windows\System32\DRIVERS\RTL85n64.sys [378368 2009-06-10] (Realtek)
R3 rtlss; C:\Windows\System32\Drivers\rtlss.sys [27240 2010-06-21] (Realtek Semiconductor Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 FXDrv32; \??\D:\FXDrv64.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 20:56 - 2015-01-25 20:57 - 00013685 _____ () C:\Users\Anna\Desktop\FRST.txt
2015-01-25 20:56 - 2015-01-25 20:56 - 00000000 ____D () C:\FRST
2015-01-25 20:55 - 2015-01-25 20:55 - 02129920 _____ (Farbar) C:\Users\Anna\Desktop\FRST64.exe
2015-01-25 20:47 - 2015-01-25 20:55 - 00000470 _____ () C:\Users\Anna\Desktop\defogger_disable.log
2015-01-25 20:47 - 2015-01-25 20:47 - 00000000 _____ () C:\Users\user\defogger_reenable
2015-01-25 20:46 - 2015-01-25 20:46 - 00050477 _____ () C:\Users\Anna\Desktop\Defogger.exe
2015-01-25 20:36 - 2015-01-25 20:36 - 00007633 _____ () C:\Users\Anna\Downloads\hijackthis.log
2015-01-25 20:28 - 2015-01-25 20:28 - 00009694 _____ () C:\Users\Anna\AppData\Local\recently-used.xbel
2015-01-25 20:22 - 2015-01-25 20:22 - 02194432 _____ () C:\Users\Anna\Downloads\AdwCleaner09.exe
2015-01-25 19:57 - 2015-01-25 19:57 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Avira
2015-01-25 19:56 - 2015-01-25 19:54 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-01-25 19:53 - 2015-01-25 19:53 - 00000000 ____D () C:\Users\user\AppData\Roaming\Avira
2015-01-25 19:52 - 2015-01-25 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-25 19:51 - 2015-01-25 20:38 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-25 19:51 - 2014-11-24 10:23 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-01-25 19:51 - 2014-11-24 10:23 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-01-25 19:51 - 2014-11-24 10:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-01-25 19:48 - 2015-01-25 19:49 - 00026320 _____ () C:\Users\Anna\Documents\cc_20150125_194848.reg
2015-01-25 19:40 - 2015-01-25 19:40 - 00000000 ____D () C:\Users\Anna\Desktop\Proteinbiochemie
2015-01-23 17:04 - 2015-01-23 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-23 17:04 - 2015-01-23 17:04 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-23 17:03 - 2015-01-23 17:04 - 04188536 _____ (Piriform Ltd) C:\Users\Anna\Downloads\ccsetup501_slim.exe
2015-01-23 17:01 - 2015-01-23 17:01 - 02186752 _____ () C:\Users\Anna\Downloads\adwcleaner_4.108.exe
2015-01-20 16:27 - 2015-01-20 16:31 - 00000000 ____D () C:\Users\Anna\Desktop\2015-01-20
2015-01-19 22:04 - 2015-01-19 22:04 - 00000000 ____D () C:\Users\Anna\Desktop\Comic
2015-01-18 16:41 - 2015-01-18 16:41 - 00025823 _____ () C:\Users\Anna\Downloads\V3_Kinetik_Anastasia.xlsx
2015-01-17 20:10 - 2015-01-17 20:10 - 00824742 _____ () C:\Users\Anna\Downloads\1BVY.pdb
2015-01-17 20:08 - 2015-01-17 20:08 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\AMD
2015-01-14 16:20 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:19 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:19 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:19 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 16:19 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 16:19 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 16:19 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:19 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:19 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 16:19 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:19 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:19 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:19 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-12-28 00:05 - 2015-01-17 18:52 - 00000000 ____D () C:\Users\Anna\Documents\Assassin's Creed IV Black Flag
2014-12-27 23:28 - 2014-12-27 23:28 - 00000000 ____D () C:\Users\Anna\Documents\ROCCAT Savu
2014-12-27 23:24 - 2014-12-27 23:24 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\ATI
2014-12-27 23:24 - 2014-12-27 23:24 - 00000000 ____D () C:\Users\Anna\AppData\Local\ATI
2014-12-27 23:24 - 2014-12-27 23:24 - 00000000 ____D () C:\Users\Anna\AppData\Local\AMD
2014-12-27 23:21 - 2014-12-27 23:21 - 00000000 ____D () C:\Users\user\Documents\ROCCAT Savu
2014-12-27 23:20 - 2014-12-27 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roccat
2014-12-27 23:20 - 2014-12-27 23:20 - 00000000 ____D () C:\Program Files (x86)\ROCCAT
2014-12-27 23:04 - 2014-12-27 23:04 - 27728861 _____ () C:\Users\user\Downloads\ROCCAT_Savu_DRV1.20_FW1.24.zip
2014-12-27 22:12 - 2014-12-27 22:12 - 00000000 ____D () C:\Users\user\AppData\Local\AMD
2014-12-27 22:10 - 2014-12-27 22:10 - 00000000 ____D () C:\Users\user\AppData\Roaming\ATI
2014-12-27 22:10 - 2014-12-27 22:10 - 00000000 ____D () C:\Users\user\AppData\Local\ATI
2014-12-27 22:10 - 2014-12-27 22:10 - 00000000 ____D () C:\ProgramData\ATI
2014-12-27 22:03 - 2014-12-27 22:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\library_dir
2014-12-27 22:02 - 2014-12-27 22:02 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-12-27 22:01 - 2014-12-27 22:01 - 00064312 _____ () C:\Windows\SysWOW64\CCCInstall_201412272201529481.log
2014-12-27 22:01 - 2014-12-27 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-27 22:00 - 2014-12-27 22:02 - 00000000 ____D () C:\ProgramData\AMD
2014-12-27 21:55 - 2014-12-27 21:55 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-12-27 21:53 - 2015-01-25 20:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-27 21:52 - 2014-12-27 22:01 - 00000000 ____D () C:\Program Files\AMD
2014-12-27 21:50 - 2014-12-27 21:50 - 00000000 ____D () C:\AMD
2014-12-27 21:43 - 2014-12-27 21:49 - 302470552 _____ (AMD Inc.) C:\Users\user\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
2014-12-27 21:38 - 2014-12-27 21:39 - 00000000 ____D () C:\Users\user\AppData\Roaming\TeamViewer
2014-12-27 21:38 - 2014-12-27 21:38 - 05337800 _____ (TeamViewer) C:\Users\user\Downloads\TeamViewerQS_de.exe
2014-12-27 21:30 - 2014-12-27 21:34 - 212753896 _____ (Advanced Micro Devices, Inc.) C:\Users\user\Downloads\13-12_win7_win8_64_dd_ccc_whql.exe
2014-12-27 19:31 - 2014-12-27 19:31 - 00000000 ____D () C:\Users\user\AppData\Local\AVG Web TuneUp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 20:54 - 2013-06-04 22:56 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\Skype
2015-01-25 20:39 - 2011-05-10 01:27 - 01815042 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 20:37 - 2009-07-14 05:45 - 00039952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 20:37 - 2009-07-14 05:45 - 00039952 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 20:30 - 2014-09-30 19:13 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-25 20:30 - 2013-05-30 13:28 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-25 20:30 - 2011-05-15 23:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-25 20:30 - 2011-05-10 02:05 - 01009754 _____ () C:\Windows\PFRO.log
2015-01-25 20:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 20:30 - 2009-07-14 05:51 - 00124931 _____ () C:\Windows\setupact.log
2015-01-25 20:29 - 2014-08-20 13:31 - 00000000 ____D () C:\Program Files (x86)\osu!
2015-01-25 20:29 - 2014-02-02 17:47 - 00000000 ____D () C:\AdwCleaner
2015-01-25 20:29 - 2013-06-11 18:50 - 00000000 ____D () C:\Users\Anna\.gimp-2.8
2015-01-25 20:28 - 2014-02-06 19:17 - 00000000 ____D () C:\Users\Anna\AppData\Local\gtk-2.0
2015-01-25 20:26 - 2014-02-11 08:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-25 19:55 - 2013-08-04 00:56 - 00000000 ____D () C:\ProgramData\Avira
2015-01-25 19:50 - 2014-09-30 19:06 - 00000000 ____D () C:\Users\user\AppData\Local\Avg2015
2015-01-25 19:48 - 2013-05-30 13:40 - 00000000 ___HD () C:\$AVG
2015-01-25 19:45 - 2014-03-03 23:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-22 18:16 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-19 19:41 - 2013-06-26 16:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-19 19:17 - 2013-12-11 23:38 - 00049114 _____ () C:\Users\Anna\AppData\Local\CDXLExtendedShim.log
2015-01-14 19:46 - 2013-12-01 13:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 19:46 - 2013-12-01 13:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 16:57 - 2013-11-18 20:21 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 16:57 - 2009-07-14 11:54 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-01-14 16:57 - 2009-07-14 11:54 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-01-14 16:57 - 2009-07-14 06:13 - 01594028 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 16:50 - 2013-07-11 14:47 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 16:45 - 2013-05-30 14:34 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 19:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-08 20:41 - 2013-06-11 14:30 - 00000000 ____D () C:\Users\Anna\AppData\Roaming\vlc
2015-01-06 15:41 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-04 12:13 - 2014-12-13 12:28 - 00000000 ____D () C:\Users\Anna\Desktop\VisualBoyAdvance
2014-12-27 23:20 - 2011-05-10 01:42 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-27 23:17 - 2013-06-02 18:04 - 00705437 _____ () C:\Windows\DirectX.log
2014-12-27 23:12 - 2013-06-09 00:11 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-12-27 23:12 - 2013-06-09 00:11 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-27 22:17 - 2013-06-02 18:29 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-12-27 22:05 - 2013-06-02 20:51 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-12-27 21:34 - 2013-05-30 13:35 - 00117928 _____ () C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2013-12-23 12:18 - 2013-10-29 12:59 - 14024704 _____ () C:\Users\Anna\AppData\Roaming\Sandra.mdb
2013-12-11 23:38 - 2015-01-19 19:17 - 0049114 _____ () C:\Users\Anna\AppData\Local\CDXLExtendedShim.log
2015-01-25 20:28 - 2015-01-25 20:28 - 0009694 _____ () C:\Users\Anna\AppData\Local\recently-used.xbel
2013-06-26 18:44 - 2013-06-26 18:57 - 0000317 _____ () C:\ProgramData\hpzinstall.log
2014-10-29 22:54 - 2014-10-29 22:54 - 0005015 _____ () C:\ProgramData\wmzddnmb.cix

Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\temp\avgnt.exe
C:\Users\user\AppData\Local\temp\DataCard_Setup64.exe
C:\Users\user\AppData\Local\temp\drm_dyndata_7380015.dll
C:\Users\user\AppData\Local\temp\install_flashplayer15x32au_mssd_aaa_aih.exe
C:\Users\user\AppData\Local\temp\Quarantine.exe
C:\Users\user\AppData\Local\temp\raptrpatch.exe
C:\Users\user\AppData\Local\temp\raptr_stub.exe
C:\Users\user\AppData\Local\temp\ResetDevice.exe
C:\Users\user\AppData\Local\temp\SkypeSetup.exe
C:\Users\user\AppData\Local\temp\sqlite3.dll
C:\Users\user\AppData\Local\temp\UninstallerGer.dll
C:\Users\user\AppData\Local\temp\WtgDriverInstallX.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         
--- --- ---


Addition.txt aus FRST

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Anna at 2015-01-25 20:57:58
Running from C:\Users\Anna\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version:  - Ubisoft)
Assassin's Creed Revelations 1.03 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.03 - Ubisoft)
Assassin's Creed(R) III v1.06 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.06 - Ubisoft)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.5.7 - AVG Technologies)
Avira (HKLM-x32\...\{e7c7c227-b742-4878-9425-f09bbf9951db}) (Version: 1.1.27.25527 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.27.25527 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
CambridgeSoft ChemBioDraw Ultra 13.0 (HKLM-x32\...\{8A6A245D-D0CE-477F-A5D0-8F339B4FF921}) (Version: 13.0 - CambridgeSoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2523 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ClipGrab 3.4.4 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
Free Video Editor version 1.4.4.820 (HKLM-x32\...\Free Video Editor_is1) (Version: 1.4.4.820 - DVDVideoSoft Ltd.)
Free Video to MP3 Converter version 5.0.31.1125 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.31.1125 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Gameforge Live 1.6.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.6.0 - Gameforge)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Gray Matter (HKLM-x32\...\Gray Matter_is1) (Version:  - dtp)
HHU Template for Powerpoint (HKLM-x32\...\{C5E630C1-BAB1-4F0F-A6FA-545AA64B55EC}) (Version: 1.0.5 - Heinrich-Heine-Universität Düsseldorf)
Intel(R) Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2266 - Intel Corporation)
Intel® Active-Management-Technologie (HKLM\...\MESOL) (Version:  - Intel Corporation)
ITE Infrared Transceiver (HKLM-x32\...\{40580068-9B10-40B5-9548-536CE88AB23C}) (Version: 1.00.0000 - ITE)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30667 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-3424378060-3098743664-1317459497-1002\...\Juniper_Setup_Client) (Version: 7.4.9.45013 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LEGEND - Hand of God (HKLM-x32\...\{1ED89294-E767-49D1-81BB-4BFA76F42E5A}_is1) (Version: LEGEND - Anaconda)
MestReNova 8.0.1-10878 (HKLM-x32\...\MestReNova) (Version: 8.0.1-10878 - Mestrelab Research S.L.)
Microsoft .NET Compact Framework 2.0 SP1 (HKLM-x32\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.6129 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{6F29F195-B11C-3EAD-B883-997BB29DFA17}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.4 - Notepad++ Team)
NVIDIA 3D Vision Treiber 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 301.42 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 301.42 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 1.8.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.8.15 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
osu! (HKLM-x32\...\{3310c16c-7fd9-4400-9bdf-f2d0544c467c}) (Version: latest - ppy Pty Ltd)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Prince of Persia (HKLM-x32\...\{7C11154F-3539-4CB5-979D-EF7913473E53}) (Version: 1.0 - Ubisoft)
Prince of Persia The Forgotten Sands™ (HKLM-x32\...\{EAEAAF8C-8E86-4CAC-AC08-1A33EDCA34AC}) (Version: 1.0 - Ubisoft)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
PyMOL (32 bit) (HKLM-x32\...\{82B39CBA-144C-4D34-8C5D-31D2CAEC2AFB}) (Version: 1.3.0.0 - Schrodinger LLC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0180 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Savu Mouse (HKLM-x32\...\{6F4B8EA6-4546-4160-A05F-0706F7DC1EFF}) (Version: 1.1.9 - ROCCAT GmbH)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
System Requirements Lab CYRI (HKLM-x32\...\{906B34E5-573C-445A-A5D3-40B6BF0A2EC4}) (Version: 6.0.21.0 - Husdawg, LLC)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Witcher (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red)
The Witcher 2 (HKLM-x32\...\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}) (Version: 1.00.0000 - CD Projekt Red)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Venetica (HKLM-x32\...\Venetica_is1) (Version:  - dtp)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-12-12 14:33 - 00449968 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: ForceWare Intelligent Application Manager (IAM) => 2
MSCONFIG\Services: nSvcIp => 2
MSCONFIG\Services: SandraAgentSrv => 3
MSCONFIG\Services: Secunia PSI Agent => 2
MSCONFIG\Services: Secunia Update Agent => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\Services: vToolbarUpdater18.2.0 => 2
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-3424378060-3098743664-1317459497-500 - Administrator - Disabled)
Anna (S-1-5-21-3424378060-3098743664-1317459497-1002 - Limited - Enabled) => C:\Users\Anna
Gast (S-1-5-21-3424378060-3098743664-1317459497-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-3424378060-3098743664-1317459497-1139 - Limited - Enabled)
UpdatusUser (S-1-5-21-3424378060-3098743664-1317459497-1000 - Limited - Enabled) => C:\Users\UpdatusUser
user (S-1-5-21-3424378060-3098743664-1317459497-1001 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2015 08:31:04 PM) (Source: LMS) (EventID: 2) (User: NT-AUTORITÄT)
Description: LMS Service cannot connect to HECI driver

Error: (01/25/2015 07:37:23 PM) (Source: LMS) (EventID: 2) (User: NT-AUTORITÄT)
Description: LMS Service cannot connect to HECI driver

Error: (01/23/2015 04:55:30 PM) (Source: LMS) (EventID: 2) (User: NT-AUTORITÄT)
Description: LMS Service cannot connect to HECI driver

Error: (01/22/2015 06:16:55 PM) (Source: LMS) (EventID: 2) (User: NT-AUTORITÄT)
Description: LMS Service cannot connect to HECI driver

Error: (01/21/2015 06:04:00 PM) (Source: LMS) (EventID: 2) (User: NT-AUTORITÄT)
Description: LMS Service cannot connect to HECI driver

Error: (01/20/2015 03:42:04 PM) (Source: LMS) (EventID: 2) (User: NT-AUTORITÄT)
Description: LMS Service cannot connect to HECI driver

Error: (01/19/2015 04:01:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Steam.exe, Version 2.50.25.37 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e8c

Startzeit: 01d033f8a2b805ea

Endzeit: 4

Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe

Berichts-ID: 056def85-9fec-11e4-a4e4-08606e71a3de

Error: (01/19/2015 02:51:00 PM) (Source: LMS) (EventID: 2) (User: NT-AUTORITÄT)
Description: LMS Service cannot connect to HECI driver

Error: (01/19/2015 06:51:22 AM) (Source: LMS) (EventID: 2) (User: NT-AUTORITÄT)
Description: LMS Service cannot connect to HECI driver

Error: (01/18/2015 01:12:27 PM) (Source: LMS) (EventID: 2) (User: NT-AUTORITÄT)
Description: LMS Service cannot connect to HECI driver


System errors:
=============
Error: (01/25/2015 08:30:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\Windows\system32\Rtlihvs.dll
Fehlercode: 126

Error: (01/25/2015 08:29:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (01/25/2015 08:29:47 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WMPNetworkSvc" konnte sich nicht als "NT AUTHORITY\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/25/2015 08:29:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (01/25/2015 08:29:47 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (01/25/2015 08:29:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Juniper Network Connect Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%109

Error: (01/25/2015 08:29:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/25/2015 08:29:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (01/25/2015 08:29:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/25/2015 08:29:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-07-14 21:40:21.118
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-07-14 21:40:21.040
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: AMD FX(tm)-6100 Six-Core Processor 
Percentage of memory in use: 29%
Total physical RAM: 8174.12 MB
Available physical RAM: 5769.39 MB
Total Pagefile: 16346.42 MB
Available Pagefile: 13713.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:931.41 GB) (Free:593.14 GB) NTFS
Drive e: (GANDOR) (Removable) (Total:3.73 GB) (Free:2.08 GB) FAT32

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         

Zur Ausführung von GMER:
Ich hielt mich an die Anleitung bis zum Speichern des Scans in GMER.txt. Als ich danach jedoch meinen Antivirenscanner versuchte zu aktivieren, wurde mir mitgeteilt, dass ich nicht die benötigten Administratorrechte hätte um diesen Vorgang durchzuführen. Daraufhin versuchte ich auf ein anderes AdminKonto zu wechseln. Die Reaktion: der Monitor empfing kein Signal mehr, aber die Verbindung zwischen Monitor und PC bestand und der PC war noch an. Deshalb trennte ich die Stromversorgung und startete im abgesicherten Modus. Nachdem ich versuchte mich anzumelden, fuhr der PC erneut hoch, nicht im abgesichterten Modus. Da ich die GMER.txt nicht auf dem Desktop finden konnte, führte ich laut Anleitung GMER nochmals durch. Das Problem wiederholte sich. Beim zweiten Mal konnte ich aber die GMER.txt auf dem Desktoop finden und den Antivirenscanner wieder aktivieren.

GMER.txt

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-25 21:45:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4 WDC_WD10EALX-008EA0 rev.05.01D05 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\user\AppData\Local\Temp\kwtdapoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1784] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69    00000000766a1465 2 bytes [6A, 76]
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[1784] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155   00000000766a14bb 2 bytes [6A, 76]
.text  ...                                                                                                                       * 2
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                   0000000072be1a22 2 bytes [BE, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                   0000000072be1ad0 2 bytes [BE, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                   0000000072be1b08 2 bytes [BE, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                   0000000072be1bba 2 bytes [BE, 72]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[1960] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                   0000000072be1bda 2 bytes [BE, 72]
.text  C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000766a1465 2 bytes [6A, 76]
.text  C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe[2188] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000766a14bb 2 bytes [6A, 76]
.text  ...                                                                                                                       * 2

---- EOF - GMER 2.1 ----
         

Alt 25.01.2015, 22:20   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7: Starke Verlangsamung des Systemstarts - Standard

Windows 7: Starke Verlangsamung des Systemstarts



hi,

Unsere Tools brauchen immer Adminrechte!



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________

__________________

Antwort

Themen zu Windows 7: Starke Verlangsamung des Systemstarts
antivir, antivirus, browser, ccsetup, cid, combofix, converter, downloader, dvdvideosoft ltd., excel, firefox, flash player, helper, hijack, homepage, iexplore.exe, installation, mozilla, mp3, programm, realtek, registry, scan, security, software, svchost.exe, vtoolbarupdater, windows



Ähnliche Themen: Windows 7: Starke Verlangsamung des Systemstarts


  1. Blackscreen -> Piep-Ton -> BIOS , starke verlangsamung des PC's und ruckeln bei Spielen
    Mülltonne - 29.03.2015 (0)
  2. Starke Verlangsamung der Leistung, seeehr langes Hochfahren ...
    Log-Analyse und Auswertung - 27.03.2015 (27)
  3. Windows 7: Nach Installation von Audiograbber RRSavings, ungewollte Verlinkungen auf Webseiten, Verlangsamung des gesamten Systems
    Log-Analyse und Auswertung - 09.05.2014 (3)
  4. Avira ausgeschalten, Verlangsamung und schwarzer Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 07.05.2014 (5)
  5. (Windows 7) Bluescreen, extreme Verlangsamung und kompletter "Stillstand"
    Plagegeister aller Art und deren Bekämpfung - 01.11.2013 (3)
  6. cmd öffnet sich automatisch und Verlangsamung des PCs
    Log-Analyse und Auswertung - 30.09.2013 (7)
  7. Abstürze, totale Verlangsamung bei Windows Vista Home Basic mit Internet Explorer und anderen Browsern
    Log-Analyse und Auswertung - 18.08.2013 (1)
  8. Doppelte Akkuanzeige, eigenmächtige Systemstarts im Ruhezustand
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (7)
  9. Trojaner bit 2048 sowie Verlangsamung des Computers
    Log-Analyse und Auswertung - 14.05.2012 (20)
  10. Starke Probleme mit PC
    Log-Analyse und Auswertung - 10.05.2009 (2)
  11. Starke Rechenleistungseinbüßen
    Log-Analyse und Auswertung - 30.12.2008 (3)
  12. Pc Verlangsamung
    Log-Analyse und Auswertung - 08.12.2008 (0)
  13. PC - Verlangsamung
    Mülltonne - 08.12.2008 (0)
  14. HiJackThis Logfile und extreme Verlangsamung des Rechners :(
    Log-Analyse und Auswertung - 13.02.2008 (7)
  15. Extreme Verlangsamung meiner Internetverbindung + Probleme bei Google
    Log-Analyse und Auswertung - 13.11.2007 (13)
  16. Verlangsamung der Systems/Systemauslastung sehr hoch
    Log-Analyse und Auswertung - 12.11.2007 (4)
  17. ...\ibm00001.exe ?? verlangsamung beim Hochfahren des PC
    Plagegeister aller Art und deren Bekämpfung - 17.01.2006 (10)

Zum Thema Windows 7: Starke Verlangsamung des Systemstarts - Seit ein paar Tagen fährt mein PC nur stark verlangsamt hoch. Dazu kommen Zeiträume, in denen ich den Mauszeiger nicht bewegen kann. Ich vermutete einen Virusbefall, aber nach einem Scan - Windows 7: Starke Verlangsamung des Systemstarts...
Archiv
Du betrachtest: Windows 7: Starke Verlangsamung des Systemstarts auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.