Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Comodo Security Freeware - lässt sich nicht komplett deinstallieren (https://www.trojaner-board.de/169599-comodo-security-freeware-laesst-komplett-deinstallieren.html)

BernhardK 10.08.2015 21:53
Comodo Security Freeware - lässt sich nicht komplett deinstallieren
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo,
ich wollte heute das Programm Comodo Security Freeware deinstallieren. Allerdings ging es nicht komplett. Es kam die Meldung:
Der Setup Assistent für Endpoint Security wurde aufgrund eines Fehlers vorzeitig beendet. Das System wurde nicht verändert. Sie müssen den Setup-Assistenten erneut ausführen, um dieses Programm zu einem späteren Zeitpunkt zu installieren.
Dies habe ich mehrfach getan, ohne Erfolg. Ich habe auch das Programm wieder neu installieren wollen. Allerdings die neue aktuelle Version. Auch diese fordert mich auf das alte manuell zu löschen. Es lässt sich einfach nicht deinstallieren... Wäre toll wenn ihr mir helfen könnt.
Gruß
BernhardK

cosinus 10.08.2015 22:18
Hi,

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

BernhardK 11.08.2015 07:54
Hallo Cosinus,

sende dir nun die Logfiles, hoffe es klappt...

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 07.08.2015
Suchlaufzeit: 17:48
Protokolldatei: Malwarebytes Anti-Malware.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.08.07.04
Rootkit-Datenbank: v2015.08.06.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: thorsten

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 429596
Abgelaufene Zeit: 26 Min., 10 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 6
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [dd23689e98f3a78f669d22ac8d7510f0],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\Dealply, Löschen bei Neustart, [bf41b5519bf01521bfdc1df733d0a15f],
PUP.Optional.Babylon.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\EPUpdater, Löschen bei Neustart, [e11fc73f8efd96a02614d53f729120e0],
PUP.Optional.PositiveFinds.A, HKLM\SOFTWARE\WOW6432NODE\PositiveFinds, In Quarantäne, [d0303fc74f3c66d08133f72d4eb58977],
PUP.Optional.Spigot.A, HKU\S-1-5-21-2964402223-2653800504-1609740198-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BDBD1EF-A852-46BF-81FF-D222D796D329}, In Quarantäne, [ec14df270f7c93a3b79b0f0c9c677d83],
PUP.Optional.Spigot.A, HKU\S-1-5-21-2964402223-2653800504-1609740198-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E2C4D431-E211-4960-8219-C290E994A73A}, In Quarantäne, [cc34897d4e3df83eb1a15ac1956e6e92],

Registrierungswerte: 3
PUP.Optional.Spigot.A, HKU\S-1-5-21-2964402223-2653800504-1609740198-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BDBD1EF-A852-46BF-81FF-D222D796D329}|URL, hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}, In Quarantäne, [ec14df270f7c93a3b79b0f0c9c677d83]
PUP.Optional.Spigot.A, HKU\S-1-5-21-2964402223-2653800504-1609740198-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E2C4D431-E211-4960-8219-C290E994A73A}|URL, hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}, In Quarantäne, [cc34897d4e3df83eb1a15ac1956e6e92]
PUP.Optional.Spigot.A, HKU\S-1-5-21-2964402223-2653800504-1609740198-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E2C4D431-E211-4960-8219-C290E994A73A}|OSDFileURL, file:///C:/Program%20Files%20(x86)/Common%20Files/Spigot/Search%20Settings/yahoo_ie.xml, In Quarantäne, [10f02bdbc5c60f27ddd4e0c122e21ee2]

Registrierungsdaten: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-2964402223-2653800504-1609740198-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://de.search.yahoo.com/?type=937811&fr=spigot-yhp-ie, Gut: (www.google.com), Schlecht: (hxxp://de.search.yahoo.com/?type=937811&fr=spigot-yhp-ie),Ersetzt,[5ca49670acdfd06624a1f24fbe477b85]

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 9
PUP.Optional.Spigot.SID, C:\ProgramData\Comodo\Cis\Quarantine\data\{12C6DD13-105B-4169-9735-506AA4ECFCF6}, In Quarantäne, [d62a7b8b6a2164d285c383fc0cf92ed2],
PUP.Optional.Spigot.SID, C:\ProgramData\Comodo\Cis\Quarantine\data\{2B774652-06D1-435F-B501-4A519A28258D}, In Quarantäne, [fb05986e1972af87be8a0d7203029f61],
PUP.Optional.BabSolution.A, C:\ProgramData\Comodo\Cis\Quarantine\data\{443E1469-5DB9-4B7C-807F-1788E47F3874}, In Quarantäne, [3fc19b6b92f935011aa8df0b768a6898],
PUP.Optional.Spigot.SID, C:\ProgramData\Comodo\Cis\Quarantine\data\{83D81DB5-D175-4A5B-886C-3C2FB12AEC47}, In Quarantäne, [32cee81e4f3ca294b8908cf3c540f10f],
PUP.Optional.Babylon.A, C:\ProgramData\Comodo\Cis\Quarantine\data\{9020A868-3881-4A85-B87B-D8772A28BB20}, In Quarantäne, [04fc7d89f497e74f14f0c72b30d4fd03],
PUP.Optional.Spigot.SID, C:\ProgramData\Comodo\Cis\Quarantine\data\{AF0914C8-7613-44E1-B047-11B8880F7E31}, In Quarantäne, [9d6336d04c3f082eed5bd6a9897c19e7],
PUP.Optional.Spigot.SID, C:\ProgramData\Comodo\Cis\Quarantine\data\{DD25BABE-C869-4CF5-8EDA-4A6EE141B3F3}, In Quarantäne, [5da32bdbaae18caa38100a755baa2bd5],
PUP.Optional.Spigot.A, C:\Users\thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\ee4b0i08.default\searchplugins\yahoo_ff.xml, In Quarantäne, [6d937e88355652e49856fc2d52b1af51],
PUP.Optional.Spigot.A, C:\Users\thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\ee4b0i08.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=");), Ersetzt,[b34d8e78b4d78da97c3bf98b9b6a58a8]

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:16 on 10/08/2015 (thorsten)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-08-10 22:25:19
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PC3O 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\thorsten\AppData\Local\Temp\kgdcrkob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                        0000000077281401 2 bytes JMP 7768b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1732] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                          0000000077281419 2 bytes JMP 7768b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                        0000000077281431 2 bytes JMP 77708f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                        000000007728144a 2 bytes CALL 7766489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                        * 9
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1732] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                          00000000772814dd 2 bytes JMP 77708822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                    00000000772814f5 2 bytes JMP 777089f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                          000000007728150d 2 bytes JMP 77708718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                    0000000077281525 2 bytes JMP 77708ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                          000000007728153d 2 bytes JMP 7767fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1732] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                              0000000077281555 2 bytes JMP 776868ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                        000000007728156d 2 bytes JMP 77708fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                          0000000077281585 2 bytes JMP 77708b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1732] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                            000000007728159d 2 bytes JMP 777086dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                          00000000772815b5 2 bytes JMP 7767fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                        00000000772815cd 2 bytes JMP 7768b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                    00000000772816b2 2 bytes JMP 77708ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1732] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                    00000000772816bd 2 bytes JMP 77708671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                      0000000077281401 2 bytes JMP 7768b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2280] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                        0000000077281419 2 bytes JMP 7768b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                      0000000077281431 2 bytes JMP 77708f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                      000000007728144a 2 bytes CALL 7766489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                        * 9
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2280] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                        00000000772814dd 2 bytes JMP 77708822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2280] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                  00000000772814f5 2 bytes JMP 777089f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2280] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                        000000007728150d 2 bytes JMP 77708718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2280] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                  0000000077281525 2 bytes JMP 77708ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                        000000007728153d 2 bytes JMP 7767fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2280] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                            0000000077281555 2 bytes JMP 776868ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2280] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                      000000007728156d 2 bytes JMP 77708fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2280] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                        0000000077281585 2 bytes JMP 77708b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2280] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                          000000007728159d 2 bytes JMP 777086dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                        00000000772815b5 2 bytes JMP 7767fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2280] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                      00000000772815cd 2 bytes JMP 7768b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2280] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                  00000000772816b2 2 bytes JMP 77708ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe[2280] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                  00000000772816bd 2 bytes JMP 77708671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe[2524] C:\Windows\syswow64\kernel32.dll!CreateThread + 28                00000000776634a1 4 bytes {CALL 0xffffffff88e4aa08}
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                        0000000077281401 2 bytes JMP 7768b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2916] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                          0000000077281419 2 bytes JMP 7768b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                        0000000077281431 2 bytes JMP 77708f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                        000000007728144a 2 bytes CALL 7766489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                        * 9
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2916] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                          00000000772814dd 2 bytes JMP 77708822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                    00000000772814f5 2 bytes JMP 777089f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2916] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                          000000007728150d 2 bytes JMP 77708718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                    0000000077281525 2 bytes JMP 77708ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                          000000007728153d 2 bytes JMP 7767fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2916] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                              0000000077281555 2 bytes JMP 776868ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                        000000007728156d 2 bytes JMP 77708fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                          0000000077281585 2 bytes JMP 77708b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2916] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                            000000007728159d 2 bytes JMP 777086dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                          00000000772815b5 2 bytes JMP 7767fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                        00000000772815cd 2 bytes JMP 7768b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                    00000000772816b2 2 bytes JMP 77708ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                    00000000772816bd 2 bytes JMP 77708671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                    0000000077281401 2 bytes JMP 7768b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                      0000000077281419 2 bytes JMP 7768b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                    0000000077281431 2 bytes JMP 77708f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                    000000007728144a 2 bytes CALL 7766489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                        * 9
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                      00000000772814dd 2 bytes JMP 77708822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                00000000772814f5 2 bytes JMP 777089f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                      000000007728150d 2 bytes JMP 77708718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                0000000077281525 2 bytes JMP 77708ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                      000000007728153d 2 bytes JMP 7767fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                          0000000077281555 2 bytes JMP 776868ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                    000000007728156d 2 bytes JMP 77708fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                      0000000077281585 2 bytes JMP 77708b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                        000000007728159d 2 bytes JMP 777086dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                      00000000772815b5 2 bytes JMP 7767fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                    00000000772815cd 2 bytes JMP 7768b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                00000000772816b2 2 bytes JMP 77708ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                00000000772816bd 2 bytes JMP 77708671 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000077281401 2 bytes JMP 7768b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2500] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000077281419 2 bytes JMP 7768b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000077281431 2 bytes JMP 77708f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007728144a 2 bytes CALL 7766489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                        * 9
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2500] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17        00000000772814dd 2 bytes JMP 77708822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000772814f5 2 bytes JMP 777089f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17        000000007728150d 2 bytes JMP 77708718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000077281525 2 bytes JMP 77708ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007728153d 2 bytes JMP 7767fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2500] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17            0000000077281555 2 bytes JMP 776868ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007728156d 2 bytes JMP 77708fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000077281585 2 bytes JMP 77708b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2500] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17          000000007728159d 2 bytes JMP 777086dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000772815b5 2 bytes JMP 7767fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000772815cd 2 bytes JMP 7768b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000772816b2 2 bytes JMP 77708ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000772816bd 2 bytes JMP 77708671 C:\Windows\syswow64\kernel32.dll

---- Disk sectors - GMER 2.1 ----

Disk  \Device\Harddisk0\DR0                                                                                                                      unknown MBR code

---- EOF - GMER 2.1 ----


Gruß
BernhardK

cosinus 11.08.2015 08:30
Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


BernhardK 11.08.2015 08:45
Dies ging gestern auch nicht. Habe es nun noch mal versucht und erhalte wieder die folgenden Meldungen:

von FRST64.exe:
Nicht genügend Systemressourcen, um den angeforderten Dienst auszuführen.

Und auch AVIRA reagiert, auch gestern schon:
Der Zugriff auf die Datei C:\Users\thorsten\Desktop\FRST64.exe mit dem Virus oder dem unerwünschten Programm HEUR/APC (Cloud) wurde blockiert....

Gruß

cosinus 11.08.2015 08:47
Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

BernhardK 11.08.2015 10:25
Hier nun die Logfile von Combofix:

Code:
ComboFix 15-08-08.01 - thorsten 11.08.2015  10:40:17.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4023.2640 [GMT 2:00]
ausgeführt von:: c:\users\thorsten\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\thorsten\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-07-11 bis 2015-08-11  ))))))))))))))))))))))))))))))
.
.
2015-08-11 05:18 . 2015-07-21 05:25        12222168        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBAAE9D2-7966-40D1-8D56-813962656990}\mpengine.dll
2015-08-10 19:44 . 2015-08-10 19:44        --------        d-----w-        c:\program files (x86)\VS Revo Group
2015-08-10 18:30 . 2015-08-10 18:30        --------        d-----w-        c:\program files\COMODO
2015-08-10 18:30 . 2015-08-10 18:30        --------        d-----w-        c:\users\thorsten\AppData\Local\Comodo
2015-08-10 18:25 . 2015-08-10 18:30        --------        d-----w-        c:\programdata\Comodo
2015-08-10 11:42 . 2015-08-10 06:30        3429056        ----a-w-        c:\programdata\cisF3D0.exe
2015-08-10 11:41 . 2015-08-10 06:30        3429056        ----a-w-        c:\programdata\cis1351.exe
2015-08-10 11:35 . 2015-08-10 11:35        3429056        ----a-w-        c:\programdata\cis449.exe
2015-08-10 11:34 . 2015-08-10 11:34        3429056        ----a-w-        c:\programdata\cisFBE0.exe
2015-08-10 11:33 . 2015-08-10 11:33        3429056        ----a-w-        c:\programdata\cisFDD3.exe
2015-08-07 20:58 . 2015-08-09 10:28        --------        d-----w-        c:\users\thorsten\AppData\Local\AviraSpeedup
2015-08-07 20:19 . 2015-08-07 20:19        --------        d-----w-        c:\users\Public\Speedup Sessions
2015-08-07 16:26 . 2015-08-07 20:10        --------        d-----w-        c:\users\TEMP
2015-08-07 15:46 . 2015-08-11 08:36        113880        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-07 15:46 . 2015-08-07 15:46        63704        ----a-w-        c:\windows\system32\drivers\mwac.sys
2015-08-07 15:46 . 2015-08-07 15:46        25816        ----a-w-        c:\windows\system32\drivers\mbam.sys
2015-08-07 15:46 . 2015-08-07 15:46        109272        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2015-08-07 15:46 . 2015-08-07 15:46        --------        d-----w-        c:\program files (x86)\Malwarebytes Anti-Malware
2015-08-04 15:21 . 2015-08-04 15:21        --------        d-----w-        c:\users\thorsten\AppData\Local\TomTom
2015-08-04 15:20 . 2015-08-04 15:20        --------        d-----w-        c:\program files (x86)\TomTom International B.V
2015-08-04 15:20 . 2015-08-04 15:20        --------        d-----w-        c:\program files (x86)\MyDrive Connect
2015-07-28 17:16 . 2015-07-28 17:16        765440        ----a-w-        c:\windows\system32\invagent.dll
2015-07-28 17:16 . 2015-07-28 17:16        726528        ----a-w-        c:\windows\system32\generaltel.dll
2015-07-28 17:16 . 2015-07-28 17:16        67584        ----a-w-        c:\windows\system32\acmigration.dll
2015-07-28 17:16 . 2015-07-28 17:16        433664        ----a-w-        c:\windows\system32\devinv.dll
2015-07-28 17:16 . 2015-07-28 17:16        227328        ----a-w-        c:\windows\system32\aepdu.dll
2015-07-28 17:16 . 2015-07-28 17:16        17856        ----a-w-        c:\windows\system32\CompatTelRunner.exe
2015-07-28 17:16 . 2015-07-28 17:16        1145856        ----a-w-        c:\windows\system32\aeinv.dll
2015-07-28 17:16 . 2015-07-28 17:16        1085440        ----a-w-        c:\windows\system32\appraiser.dll
2015-07-21 15:00 . 2015-07-21 15:00        70656        ----a-w-        c:\windows\SysWow64\fontsub.dll
2015-07-21 15:00 . 2015-07-21 15:00        46080        ----a-w-        c:\windows\system32\atmlib.dll
2015-07-21 15:00 . 2015-07-21 15:00        41984        ----a-w-        c:\windows\system32\lpk.dll
2015-07-21 15:00 . 2015-07-21 15:00        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2015-07-21 15:00 . 2015-07-21 15:00        299008        ----a-w-        c:\windows\SysWow64\atmfd.dll
2015-07-21 15:00 . 2015-07-21 15:00        25600        ----a-w-        c:\windows\SysWow64\lpk.dll
2015-07-21 15:00 . 2015-07-21 15:00        14336        ----a-w-        c:\windows\system32\dciman32.dll
2015-07-21 15:00 . 2015-07-21 15:00        10240        ----a-w-        c:\windows\SysWow64\dciman32.dll
2015-07-21 15:00 . 2015-07-21 15:00        100864        ----a-w-        c:\windows\system32\fontsub.dll
2015-07-21 15:00 . 2015-07-15 01:59        372224        ----a-w-        c:\windows\system32\atmfd.dll
2015-07-15 20:08 . 2015-07-15 20:08        254976        ----a-w-        c:\windows\system32\cewmdm.dll
2015-07-15 20:04 . 2015-07-15 20:04        7077376        ----a-w-        c:\windows\system32\mstscax.dll
2015-07-15 20:03 . 2015-07-15 20:03        729088        ----a-w-        c:\windows\system32\kerberos.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-05 00:31 . 2014-03-25 18:22        105096        ----a-w-        c:\windows\system32\drivers\inspect.sys
2015-08-05 00:31 . 2014-03-25 18:22        45856        ----a-w-        c:\windows\system32\drivers\cmdhlp.sys
2015-08-05 00:31 . 2014-03-25 18:22        806032        ----a-w-        c:\windows\system32\drivers\cmdguard.sys
2015-08-05 00:31 . 2014-03-25 18:22        21184        ----a-w-        c:\windows\system32\drivers\cmderd.sys
2015-08-05 00:29 . 2014-03-25 18:22        41224        ----a-w-        c:\windows\system32\cmdcsr.dll
2015-08-05 00:29 . 2014-03-25 18:22        445472        ----a-w-        c:\windows\SysWow64\guard32.dll
2015-08-05 00:29 . 2014-03-25 18:22        579408        ----a-w-        c:\windows\system32\guard64.dll
2015-08-05 00:28 . 2014-03-25 18:22        358080        ----a-w-        c:\windows\system32\cmdvrt64.dll
2015-08-05 00:28 . 2014-03-25 18:22        45760        ----a-w-        c:\windows\system32\cmdkbd64.dll
2015-08-05 00:27 . 2014-03-25 18:22        288448        ----a-w-        c:\windows\SysWow64\cmdvrt32.dll
2015-08-05 00:26 . 2014-03-25 18:22        40640        ----a-w-        c:\windows\SysWow64\cmdkbd32.dll
2015-08-04 15:25 . 2013-03-28 07:37        19968        ----a-w-        c:\windows\system32\drivers\usb8023x.sys
2015-08-04 15:25 . 2013-01-30 17:02        41472        ----a-w-        c:\windows\system32\drivers\rndismpx.sys
2015-07-29 06:00 . 2013-08-15 06:20        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2015-07-29 06:00 . 2013-08-15 06:20        141416        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2015-07-29 06:00 . 2013-08-15 06:20        162528        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2015-07-15 20:10 . 2013-02-02 20:31        778416        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-15 20:10 . 2013-02-02 20:31        142512        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-03 06:43 . 2010-08-17 08:16        130333168        ----a-w-        c:\windows\system32\MRT.exe
2015-06-23 23:29 . 2015-06-23 23:29        1217192        ----a-w-        c:\windows\SysWow64\FM20.DLL
2015-06-23 11:30 . 2010-08-17 08:13        300704        ------w-        c:\windows\system32\MpSigStub.exe
2015-06-11 16:18 . 2015-06-11 16:18        14635008        ----a-w-        c:\windows\system32\wmp.dll
2015-06-11 16:18 . 2015-06-11 16:18        9728        ----a-w-        c:\windows\system32\spwmp.dll
2015-06-11 16:18 . 2015-06-11 16:18        8192        ----a-w-        c:\windows\SysWow64\spwmp.dll
2015-06-11 16:18 . 2015-06-11 16:18        5120        ----a-w-        c:\windows\system32\msdxm.ocx
2015-06-11 16:18 . 2015-06-11 16:18        5120        ----a-w-        c:\windows\system32\dxmasf.dll
2015-06-11 16:18 . 2015-06-11 16:18        4096        ----a-w-        c:\windows\SysWow64\msdxm.ocx
2015-06-11 16:18 . 2015-06-11 16:18        4096        ----a-w-        c:\windows\SysWow64\dxmasf.dll
2015-06-11 16:18 . 2015-06-11 16:18        12625920        ----a-w-        c:\windows\system32\wmploc.DLL
2015-06-11 16:18 . 2015-06-11 16:18        12625408        ----a-w-        c:\windows\SysWow64\wmploc.DLL
2015-06-11 16:17 . 2015-06-11 16:17        1255424        ----a-w-        c:\windows\system32\diagtrack.dll
2015-06-11 16:17 . 2015-06-11 16:17        424960        ----a-w-        c:\windows\system32\KernelBase.dll
2015-06-11 16:17 . 2015-06-11 16:17        1162752        ----a-w-        c:\windows\system32\kernel32.dll
2015-06-11 16:17 . 2015-06-11 16:17        879104        ----a-w-        c:\windows\system32\advapi32.dll
2015-06-11 16:17 . 2015-06-11 16:17        641536        ----a-w-        c:\windows\SysWow64\advapi32.dll
2015-06-11 16:17 . 2015-06-11 16:17        5569984        ----a-w-        c:\windows\system32\ntoskrnl.exe
2015-06-11 16:17 . 2015-06-11 16:17        3989440        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2015-06-11 16:17 . 2015-06-11 16:17        1728960        ----a-w-        c:\windows\system32\ntdll.dll
2015-06-11 16:17 . 2015-06-11 16:17        503808        ----a-w-        c:\windows\system32\srcore.dll
2015-06-11 16:17 . 2015-06-11 16:17        404992        ----a-w-        c:\windows\system32\tracerpt.exe
2015-06-11 16:17 . 2015-06-11 16:17        364544        ----a-w-        c:\windows\SysWow64\tracerpt.exe
2015-06-11 16:17 . 2015-06-11 16:17        338432        ----a-w-        c:\windows\system32\conhost.exe
2015-06-11 16:17 . 2015-06-11 16:17        296960        ----a-w-        c:\windows\system32\rstrui.exe
2015-06-11 16:17 . 2015-06-11 16:17        243712        ----a-w-        c:\windows\system32\wow64.dll
2015-06-11 16:17 . 2015-06-11 16:17        215040        ----a-w-        c:\windows\system32\winsrv.dll
2015-06-11 16:17 . 2015-06-11 16:17        3934144        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2015-06-11 16:17 . 2015-06-11 16:17        879104        ----a-w-        c:\windows\system32\tdh.dll
2015-06-11 16:17 . 2015-06-11 16:17        1310744        ----a-w-        c:\windows\SysWow64\ntdll.dll
2015-06-11 16:17 . 2015-06-11 16:17        92160        ----a-w-        c:\windows\SysWow64\sechost.dll
2015-06-11 16:17 . 2015-06-11 16:17        82944        ----a-w-        c:\windows\SysWow64\logman.exe
2015-06-11 16:17 . 2015-06-11 16:17        635392        ----a-w-        c:\windows\SysWow64\tdh.dll
2015-06-11 16:17 . 2015-06-11 16:17        25600        ----a-w-        c:\windows\SysWow64\setup16.exe
2015-06-11 16:17 . 2015-06-11 16:17        113664        ----a-w-        c:\windows\system32\sechost.dll
2015-06-11 16:17 . 2015-06-11 16:17        112640        ----a-w-        c:\windows\system32\smss.exe
2015-06-11 16:17 . 2015-06-11 16:17        104448        ----a-w-        c:\windows\system32\logman.exe
2015-06-11 16:17 . 2015-06-11 16:17        47104        ----a-w-        c:\windows\system32\typeperf.exe
2015-06-11 16:17 . 2015-06-11 16:17        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2015-06-11 16:17 . 2015-06-11 16:17        43008        ----a-w-        c:\windows\system32\relog.exe
2015-06-11 16:17 . 2015-06-11 16:17        40448        ----a-w-        c:\windows\SysWow64\typeperf.exe
2015-06-11 16:17 . 2015-06-11 16:17        37888        ----a-w-        c:\windows\SysWow64\relog.exe
2015-06-11 16:17 . 2015-06-11 16:17        50176        ----a-w-        c:\windows\system32\srclient.dll
2015-06-11 16:17 . 2015-06-11 16:17        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2015-06-11 16:17 . 2015-06-11 16:17        43008        ----a-w-        c:\windows\SysWow64\srclient.dll
2015-06-11 16:17 . 2015-06-11 16:17        19456        ----a-w-        c:\windows\system32\diskperf.exe
2015-06-11 16:17 . 2015-06-11 16:17        17408        ----a-w-        c:\windows\SysWow64\diskperf.exe
2015-06-11 16:17 . 2015-06-11 16:17        16384        ----a-w-        c:\windows\system32\ntvdm64.dll
2015-06-11 16:17 . 2015-06-11 16:17        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll
2015-06-11 16:17 . 2015-06-11 16:17        362496        ----a-w-        c:\windows\system32\wow64win.dll
2015-06-11 16:17 . 2015-06-11 16:17        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll
2015-06-11 16:17 . 2015-06-11 16:17        13312        ----a-w-        c:\windows\system32\wow64cpu.dll
2015-06-11 16:17 . 2015-06-11 16:17        5120        ----a-w-        c:\windows\SysWow64\wow32.dll
2015-06-11 16:17 . 2015-06-11 16:17        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        6144        ---ha-w-        c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        5120        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-11 16:17 . 2015-06-11 16:17        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-17 14:16        220632        ----a-w-        c:\users\thorsten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-17 14:16        220632        ----a-w-        c:\users\thorsten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-17 14:16        220632        ----a-w-        c:\users\thorsten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATILFE.EXE" [2013-04-26 297024]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Corel File Shell Monitor"="c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2009-08-25 15544]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-07-29 782008]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2013-12-10 1243656]
"Avira Systray"="c:\program files (x86)\Avira\Launcher\Avira.Systray.exe" [2015-07-31 134368]
"Speedup_umh"="c:\program files (x86)\Avira\AviraSpeedup\Speedup_umh.exe" [2015-08-07 194832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys;c:\windows\SYSNATIVE\Drivers\uim_vimx64.sys [x]
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6211.tmp;c:\windows\SYSNATIVE\6211.tmp [x]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys;c:\windows\SYSNATIVE\Drivers\MHIKEY10x64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe;c:\program files (x86)\Avira\Launcher\Avira.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 EPSON_PM_RPCV4_06;EPSON V3 Service4(06);c:\program files\COMMON FILES\EPSON\EPW!3 SSRP\E_S60RPB.EXE;c:\program files\COMMON FILES\EPSON\EPW!3 SSRP\E_S60RPB.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\SYSTEM32\ESCSVC64.EXE;c:\windows\SYSNATIVE\ESCSVC64.EXE [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 11:24        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-02 20:10]
.
2015-08-11 c:\windows\Tasks\EPSON XP-312 313 315 Series Invitation {1B025F43-AF7A-4CC5-9573-0FB0FF788FDA}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLFE.EXE [2013-10-12 06:52]
.
2015-08-11 c:\windows\Tasks\EPSON XP-312 313 315 Series Update {1B025F43-AF7A-4CC5-9573-0FB0FF788FDA}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLFE.EXE [2013-10-12 06:52]
.
2015-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-01 12:36]
.
2015-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-01 12:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-17 14:16        244696        ----a-w-        c:\users\thorsten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-17 14:16        244696        ----a-w-        c:\users\thorsten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-17 14:16        244696        ----a-w-        c:\users\thorsten\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.google.com
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyServer = localhost:8080
uSearchAssistant = hxxp://www.google.com
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A7777C37-C096-4527-90D7-67647D5B9CF1}: NameServer = 8.8.8.8,192.168.2.1
FF - ProfilePath - c:\users\thorsten\AppData\Roaming\Mozilla\Firefox\Profiles\ee4b0i08.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxps://safesearch.avira.com
user_pref(extensions.autoDisableScopes,14);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-NWEReboot - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cistray.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-DSite - c:\users\thorsten\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6211.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_209_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_209.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-08-11  11:18:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-08-11 09:18
.
Vor Suchlauf: 11 Verzeichnis(se), 187.847.434.240 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 187.538.366.464 Bytes frei
.
- - End Of File - - A90ECF57176E558D5391C43E65229339
DC031F4306E79CABD9910BCCB5EC110C
Gruß

cosinus 11.08.2015 10:33
Windows neu starten und FRST nochmal probieren

BernhardK 11.08.2015 10:41
Es kommen leider die gleichen Meldungen s.o.

cosinus 11.08.2015 13:22
Probier mal Revo:

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Comodo Security Freeware

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 

BernhardK 11.08.2015 14:07
Damit habe ich es gestern auch schon versucht. Leider erkennt das Programm nicht die Reste die wohl noch übrig sind. Das Programm erscheint nicht...

Bin nun ein paar Stunden weg... bis später. Danke bis hierher!
Gruß

cosinus 11.08.2015 14:45
Dann kenn ich keine Möglichkeit, das Programm sauber zu installieren. Wende dich an den Hersteller der SOftware.

BernhardK 11.08.2015 19:47
ok, danke dir trotzdem.
Gruß BernhardK


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:29 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27