hartnäckiger Proxy-Eintrag

Helgomat · 15.10.2014, 12:03

Hallo!

Ich habe auf einem Windows 7-PC folgendes Problem.
In den Internetoptionen hat sich ein Proxy eingetragen. Bei sämtlichen externen seiten die ich aufrufe, werden mir Werbeseiten mit aufgerufen.

Adresse ist 127.0.0.1 (Port 21091)

Bei den Ausnahmen steht origin.com drinne, ea.com und akamaihd.net.

Diesen Eintrag habe ich rausgelöscht, er ist aber sofort wieder drinne.

Hier das Ergebnis von FSRT:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014
Ran by SPetersen (administrator) on PC-W7-009 on 15-10-2014 12:19:48
Running from C:\Users\spetersen\Downloads
Loaded Profile: SPetersen (Available profiles: SPetersen & Administrator & reese)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ESTOS GmbH) C:\Windows\System32\EACUSrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\portcommunicationservice\DeviceControlLog.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\portcommunicationservice\PCSVC.exe
() C:\Users\spetersen\AppData\Local\FreewarePublicWiget\FreewarePublicWiget.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Tobit.Software) C:\Windows\SysWOW64\DV4TS.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ESTOS GmbH) C:\Program Files (x86)\ESTOS\ProCall 4\ECtiClient.exe
() C:\Users\spetersen\AppData\Local\FreewarePublicWiget\ControlDirect3dPerl.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Windows\SysWOW64\JREKernelMinimal\JREKernelMinimal.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Tobit.Software) C:\Program Files (x86)\Tobit InfoCenter\DVWIN32.EXE
(Mesonic) C:\WINLine\CWLSTART.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Tobit.Software) C:\Program Files (x86)\Tobit InfoCenter\DVEDIT32.EXE
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DV4TS.EXE] => c:\windows\SysWOW64\DV4TS.EXE [183808 2011-04-14] (Tobit.Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ECtiClient] => C:\Program Files (x86)\ESTOS\ProCall 4\eCtiClient.exe [22894368 2014-04-15] (ESTOS GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\David.fx.LNK
ShortcutTarget: David.fx.LNK -> C:\Program Files (x86)\Tobit InfoCenter\DVWIN32.EXE (Tobit.Software)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:41530
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daehmlow.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {C5F4D93D-D9A5-4E5D-84D5-D7BB73952A75} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MASBJS
SearchScopes: HKCU - DefaultScope {C5F4D93D-D9A5-4E5D-84D5-D7BB73952A75} URL = 
SearchScopes: HKCU - {C5F4D93D-D9A5-4E5D-84D5-D7BB73952A75} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.162.10

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\spetersen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\spetersen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08]
CHR Extension: (Google Drive) - C:\Users\spetersen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\spetersen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (YouTube) - C:\Users\spetersen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-08]
CHR Extension: (Google-Suche) - C:\Users\spetersen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-08]
CHR Extension: (App Bud) - C:\Users\spetersen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgehohdeddilafacnmjbjlnkomcneoi [2014-10-07]
CHR Extension: (Google Wallet) - C:\Users\spetersen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
CHR Extension: (Google Mail) - C:\Users\spetersen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-08]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVir Security Management Center Agent; C:\Program Files (x86)\Avira\Avira Security Management Center Agent\agent.exe [1128705 2013-04-19] (Avira Operations GmbH & Co. KG) [File not signed]
S4 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806704 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-10-09] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-09-30] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 EACUSrv; C:\Windows\system32\EACUSrv.exe [7081808 2014-04-15] (ESTOS GmbH)
S3 edsservice; C:\Program Files (x86)\ESTOS\ProCall 4\EDeskShareService.exe [702272 2014-04-15] (ESTOS GmbH)
R2 EPSON_Device_Control_Log_Service; C:\Program Files\epson\portcommunicationservice\DeviceControlLog.exe [396288 2013-11-18] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_Port_Communication_Service; C:\Program Files\epson\portcommunicationservice\PCSVC.exe [551936 2013-11-18] (SEIKO EPSON CORPORATION) [File not signed]
R2 FreewarePublicWiget.exe; C:\Users\spetersen\AppData\Local\FreewarePublicWiget\FreewarePublicWiget.exe [129061 2014-10-02] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S3 intelsba; C:\Program Files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [54976 2014-01-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 JREKernelMinimal; C:\Windows\SysWOW64\JREKernelMinimal\JREKernelMinimal.exe [60453 2014-10-02] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2281248 2014-10-08] (IObit)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-09-30] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-06] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-09] (Avira Operations GmbH & Co. KG)
S2 EPSON_PCS_Parallel_Port_Driver; C:\Windows\system32\DRIVERS\pcslpt.sys [21640 2013-11-18] (SEIKO EPSON CORPORATION)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 cpuz136; \??\C:\Users\Administrator\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\C:\SYSPREP\OA30\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-15 12:19 - 2014-10-15 12:20 - 00016221 _____ () C:\Users\spetersen\Downloads\FRST.txt
2014-10-15 12:19 - 2014-10-15 12:19 - 00000000 ____D () C:\FRST
2014-10-15 12:18 - 2014-10-15 12:19 - 02110464 _____ (Farbar) C:\Users\spetersen\Downloads\FRST64.exe
2014-10-14 16:34 - 2014-10-14 16:34 - 00000000 ____D () C:\Users\spetersen\AppData\Local\CheckCode
2014-10-14 16:30 - 2014-10-14 16:30 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-10-14 16:28 - 2014-10-14 16:30 - 00000228 _____ () C:\Windows\wininit.ini
2014-10-14 16:07 - 2014-10-14 16:30 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-14 16:07 - 2014-10-14 16:30 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-14 16:01 - 2014-10-14 16:06 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\spetersen\Downloads\spybot-2.4 (1).exe
2014-10-14 15:59 - 2014-10-14 16:01 - 25423840 _____ (Safer-Networking Ltd. ) C:\Users\spetersen\Downloads\spybot-2.4.exe
2014-10-14 15:41 - 2014-10-14 15:47 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\spetersen\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-14 15:35 - 2014-10-14 15:35 - 01976320 _____ () C:\Users\spetersen\Downloads\adwcleaner_4.000.exe
2014-10-14 15:18 - 2014-10-14 16:40 - 00000000 ____D () C:\AdwCleaner
2014-10-14 15:18 - 2014-10-14 15:18 - 01976320 _____ () C:\Users\administrator\Downloads\adwcleaner_4.000.exe
2014-10-10 09:49 - 2014-07-10 11:24 - 00000703 _____ () C:\Users\spetersen\Desktop\uek.lnk
2014-10-10 09:49 - 2014-07-10 11:24 - 00000694 _____ () C:\Users\spetersen\Desktop\uvk.lnk
2014-10-08 14:23 - 2014-10-08 14:23 - 00000000 ____D () C:\Users\spetersen\AppData\Roaming\ProductData
2014-10-08 14:23 - 2014-10-08 14:23 - 00000000 ____D () C:\Users\spetersen\AppData\Roaming\IObit
2014-10-08 14:20 - 2014-10-08 14:20 - 00000000 ____D () C:\Users\administrator\AppData\Roaming\ProductData
2014-10-08 14:19 - 2014-10-14 15:24 - 00000000 ____D () C:\ProgramData\ProductData
2014-10-08 14:19 - 2014-10-08 14:19 - 17606432 _____ (IObit) C:\Users\administrator\Downloads\iobituninstaller_4.0.4 (1).exe
2014-10-08 14:19 - 2014-10-08 14:19 - 00002902 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2014-10-08 14:19 - 2014-10-08 14:19 - 00001272 _____ () C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-10-08 14:19 - 2014-10-08 14:19 - 00000000 ____D () C:\Users\administrator\AppData\Roaming\IObit
2014-10-08 14:19 - 2014-10-08 14:19 - 00000000 ____D () C:\ProgramData\IObit
2014-10-08 14:19 - 2014-10-08 14:19 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-10-08 14:18 - 2014-10-08 14:19 - 17606432 _____ (IObit) C:\Users\administrator\Downloads\iobituninstaller_4.0.4.exe
2014-10-08 14:06 - 2014-10-08 14:06 - 00000000 ____D () C:\Users\administrator\AppData\Roaming\Macromedia
2014-10-08 14:05 - 2014-10-08 14:05 - 00000000 ____D () C:\Users\administrator\AppData\Local\Microsoft Games
2014-10-08 14:04 - 2014-10-08 14:04 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-10-08 13:04 - 2014-10-08 13:09 - 00000000 ____D () C:\Users\administrator\AppData\Local\Google
2014-10-08 13:04 - 2014-10-08 13:05 - 00000000 ____D () C:\Users\administrator\AppData\Roaming\Tobit
2014-10-08 13:04 - 2014-10-08 13:04 - 00000000 ____D () C:\Users\administrator\AppData\Roaming\ESTOS
2014-10-08 13:04 - 2014-10-08 13:04 - 00000000 ____D () C:\Users\administrator\AppData\Roaming\Avira
2014-10-08 13:04 - 2014-10-08 13:04 - 00000000 ____D () C:\Users\administrator\AppData\Local\ESTOS
2014-10-08 13:01 - 2014-10-14 15:05 - 01170088 _____ (Zugara Investments Limited ) C:\Users\spetersen\Downloads\fastviewerexe.exe
2014-10-08 11:18 - 2014-10-08 11:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-08 11:16 - 2014-10-08 11:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\spetersen\Downloads\mbam-setup-2.0.2.1012 (2).exe
2014-10-08 11:16 - 2014-10-08 11:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\spetersen\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-10-08 11:15 - 2014-10-14 15:37 - 00001114 _____ () C:\Users\spetersen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-10-08 11:08 - 2014-10-08 11:09 - 16896984 _____ (Malwarebytes Corporation ) C:\Users\spetersen\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-06 07:55 - 2014-10-08 11:08 - 00000000 ____D () C:\Users\spetersen\AppData\Roaming\Systweak
2014-10-06 07:55 - 2014-10-06 07:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-02 16:11 - 2014-10-02 16:11 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-10-02 16:05 - 2014-10-06 07:51 - 00000000 ____D () C:\Users\spetersen\AppData\Local\FreewarePublicWiget
2014-10-02 16:05 - 2014-10-02 16:05 - 00000000 ____D () C:\Windows\SysWOW64\JREKernelMinimal
2014-10-01 16:59 - 2014-09-25 04:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 16:59 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-24 16:59 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 16:59 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-15 12:11 - 2014-06-04 12:24 - 01687062 _____ () C:\Windows\WindowsUpdate.log
2014-10-15 12:10 - 2014-07-08 06:59 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-15 11:50 - 2014-07-08 06:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-15 11:46 - 2014-06-06 09:27 - 00000144 _____ () C:\Windows\system32\config\netlogon.ftl
2014-10-15 11:32 - 2014-06-13 18:41 - 00000000 ____D () C:\WINLine
2014-10-15 07:10 - 2014-07-08 06:59 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-15 06:42 - 2009-07-14 06:45 - 00027344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-15 06:42 - 2009-07-14 06:45 - 00027344 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-15 06:38 - 2011-02-23 14:59 - 00699726 _____ () C:\Windows\system32\perfh007.dat
2014-10-15 06:38 - 2011-02-23 14:59 - 00149364 _____ () C:\Windows\system32\perfc007.dat
2014-10-15 06:38 - 2009-07-14 07:13 - 01621742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-15 06:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-15 06:33 - 2009-07-14 06:51 - 00041403 _____ () C:\Windows\setupact.log
2014-10-14 16:41 - 2010-11-21 05:47 - 00447046 _____ () C:\Windows\PFRO.log
2014-10-14 15:29 - 2014-06-06 09:31 - 00000696 _____ () C:\Windows\Tobit.ini
2014-10-09 12:32 - 2014-06-06 09:37 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-09 12:32 - 2014-06-06 09:37 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-09 12:32 - 2014-06-06 09:37 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-08 14:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-08 14:04 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-08 14:01 - 2014-07-08 06:59 - 00000000 ____D () C:\Program Files\Google
2014-10-08 14:01 - 2014-07-08 06:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-08 13:05 - 2014-06-06 09:29 - 00071264 _____ () C:\Users\administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-08 11:13 - 2014-06-06 09:30 - 00001429 _____ () C:\Users\spetersen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-06 08:07 - 2014-06-06 09:27 - 00005174 __RSH () C:\ProgramData\ntuser.pol
2014-10-06 07:55 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-06 07:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-09-29 06:25 - 2014-06-03 11:22 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-26 07:29 - 2014-05-12 09:09 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-24 09:50 - 2014-07-08 06:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-24 09:50 - 2014-06-06 09:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 09:50 - 2014-06-06 09:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\administrator\AppData\Local\Temp\avgnt.exe
C:\Users\administrator\AppData\Local\Temp\sqlite3.dll
C:\Users\spetersen\AppData\Local\Temp\avgnt.exe
C:\Users\spetersen\AppData\Local\Temp\Quarantine.exe
C:\Users\spetersen\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-03 08:29

==================== End Of Log ============================

und hier von Combofix:

Code:

ATTFilter

ComboFix 14-10-15.01 - SPetersen 15.10.2014  12:50:14.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8064.5773 [GMT 2:00]
ausgeführt von:: c:\users\spetersen\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-09-15 bis 2014-10-15  ))))))))))))))))))))))))))))))
.
.
2014-10-15 10:52 . 2014-10-15 10:52	--------	d-----w-	c:\users\reese\AppData\Local\temp
2014-10-15 10:52 . 2014-10-15 10:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-10-15 10:52 . 2014-10-15 10:52	--------	d-----w-	c:\users\administrator\AppData\Local\temp
2014-10-15 10:28 . 2014-10-15 10:28	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-10-15 10:19 . 2014-10-15 10:20	--------	d-----w-	C:\FRST
2014-10-15 06:13 . 2014-10-15 06:13	--------	d-----w-	c:\program files (x86)\Common Files\Tobit
2014-10-14 14:34 . 2014-10-14 14:34	--------	d-----w-	c:\users\spetersen\AppData\Local\CheckCode
2014-10-14 14:07 . 2014-10-14 14:30	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2014-10-14 13:18 . 2014-10-14 14:40	--------	d-----w-	C:\AdwCleaner
2014-10-08 12:23 . 2014-10-08 12:23	--------	d-----w-	c:\users\spetersen\AppData\Roaming\IObit
2014-10-08 12:23 . 2014-10-08 12:23	--------	d-----w-	c:\users\spetersen\AppData\Roaming\ProductData
2014-10-08 12:20 . 2014-10-08 12:20	--------	d-----w-	c:\users\administrator\AppData\Roaming\ProductData
2014-10-08 12:19 . 2014-10-14 13:24	--------	d-----w-	c:\programdata\ProductData
2014-10-08 12:19 . 2014-10-08 12:19	--------	d-----w-	c:\programdata\IObit
2014-10-08 12:19 . 2014-10-08 12:19	--------	d-----w-	c:\users\administrator\AppData\Roaming\IObit
2014-10-08 12:17 . 2014-10-08 12:17	--------	d-----w-	c:\users\administrator\AppData\Local\ElevatedDiagnostics
2014-10-08 12:05 . 2014-10-08 12:05	--------	d-----w-	c:\users\administrator\AppData\Local\Microsoft Games
2014-10-08 12:04 . 2014-10-08 12:04	--------	d-----w-	c:\program files\Microsoft Games
2014-10-08 11:04 . 2014-10-08 11:05	--------	d-----w-	c:\users\administrator\AppData\Roaming\Tobit
2014-10-08 11:04 . 2014-10-08 11:04	--------	d-----w-	c:\users\administrator\AppData\Roaming\ESTOS
2014-10-08 11:04 . 2014-10-08 11:04	--------	d-----w-	c:\users\administrator\AppData\Roaming\Avira
2014-10-08 11:04 . 2014-10-08 11:04	--------	d-----w-	c:\users\administrator\AppData\Local\ESTOS
2014-10-08 11:04 . 2014-10-08 11:09	--------	d-----w-	c:\users\administrator\AppData\Local\Google
2014-10-08 09:18 . 2014-10-08 09:18	--------	d-----w-	c:\programdata\Malwarebytes
2014-10-06 05:55 . 2014-10-08 09:08	--------	d-----w-	c:\users\spetersen\AppData\Roaming\Systweak
2014-10-02 14:05 . 2014-10-02 14:05	--------	d-----w-	c:\windows\SysWow64\JREKernelMinimal
2014-10-02 14:05 . 2014-10-06 05:51	--------	d-----w-	c:\users\spetersen\AppData\Local\FreewarePublicWiget
2014-10-02 14:05 . 2014-10-02 14:05	--------	d-----w-	c:\users\spetersen\AppData\Local\Programs
2014-10-01 14:59 . 2014-09-25 02:08	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-10-01 14:59 . 2014-09-25 01:40	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-24 14:59 . 2014-09-09 22:11	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-24 14:59 . 2014-09-09 21:47	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-15 07:57 . 2014-07-24 04:58	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-10-09 10:32 . 2014-06-06 07:37	43064	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-10-09 10:32 . 2014-06-06 07:37	131608	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-10-09 10:32 . 2014-06-06 07:37	119272	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-09-26 05:41 . 2014-06-03 09:22	590536	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-09-24 07:50 . 2014-06-06 07:38	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 07:50 . 2014-06-06 07:38	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-05 02:10 . 2014-09-10 06:28	578048	----a-w-	c:\windows\system32\aepdu.dll
2014-09-05 02:05 . 2014-09-10 06:28	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-08-29 04:25 . 2012-07-17 12:37	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 15:32	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 15:32	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-28 15:32	3163648	----a-w-	c:\windows\system32\win32k.sys
2014-08-17 04:00 . 2014-09-10 06:29	51712	----a-w-	c:\windows\system32\ie4uinit.exe
2014-08-17 04:00 . 2014-09-10 06:29	2239488	----a-w-	c:\windows\system32\wininet.dll
2014-08-17 03:59 . 2014-09-10 06:29	1407488	----a-w-	c:\windows\system32\urlmon.dll
2014-08-17 03:59 . 2014-09-10 06:29	197120	----a-w-	c:\windows\system32\msrating.dll
2014-08-17 03:59 . 2014-09-10 06:29	97280	----a-w-	c:\windows\system32\mshtmled.dll
2014-08-17 03:59 . 2014-09-10 06:29	19280384	----a-w-	c:\windows\system32\mshtml.dll
2014-08-17 03:59 . 2014-09-10 06:29	603136	----a-w-	c:\windows\system32\msfeeds.dll
2014-08-17 03:58 . 2014-09-10 06:29	53248	----a-w-	c:\windows\system32\jsproxy.dll
2014-08-17 03:58 . 2014-09-10 06:29	855552	----a-w-	c:\windows\system32\jscript.dll
2014-08-17 03:58 . 2014-09-10 06:29	3959296	----a-w-	c:\windows\system32\jscript9.dll
2014-08-17 03:58 . 2014-09-10 06:29	526336	----a-w-	c:\windows\system32\ieui.dll
2014-08-17 03:58 . 2014-09-10 06:29	67072	----a-w-	c:\windows\system32\iesetup.dll
2014-08-17 03:58 . 2014-09-10 06:29	136704	----a-w-	c:\windows\system32\iesysprep.dll
2014-08-17 03:58 . 2014-09-10 06:29	2655232	----a-w-	c:\windows\system32\iertutil.dll
2014-08-17 03:58 . 2014-09-10 06:29	39936	----a-w-	c:\windows\system32\iernonce.dll
2014-08-17 03:58 . 2014-09-10 06:29	255488	----a-w-	c:\windows\system32\iedkcs32.dll
2014-08-17 03:58 . 2014-09-10 06:29	15399424	----a-w-	c:\windows\system32\ieframe.dll
2014-08-17 03:58 . 2014-09-10 06:29	451584	----a-w-	c:\windows\system32\dxtmsft.dll
2014-08-17 03:58 . 2014-09-10 06:29	281600	----a-w-	c:\windows\system32\dxtrans.dll
2014-08-17 03:58 . 2014-09-10 06:29	1508864	----a-w-	c:\windows\system32\inetcpl.cpl
2014-08-17 03:57 . 2014-09-10 06:29	1766400	----a-w-	c:\windows\SysWow64\wininet.dll
2014-08-17 03:57 . 2014-09-10 06:29	2861568	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-08-17 03:57 . 2014-09-10 06:29	61440	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-08-17 03:57 . 2014-09-10 06:29	109056	----a-w-	c:\windows\SysWow64\iesysprep.dll
2014-08-17 03:57 . 2014-09-10 06:29	1440768	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-08-16 07:25 . 2014-09-10 06:29	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2014-08-16 06:43 . 2014-09-10 06:29	2706432	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-08-16 06:34 . 2014-09-10 06:29	89600	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2014-08-16 05:53 . 2014-09-10 06:29	71680	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-08-01 11:53 . 2014-09-10 06:31	1031168	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-10 06:31	793600	----a-w-	c:\windows\SysWow64\TSWorkspace.dll
2014-07-25 00:35 . 2014-07-25 00:35	875688	----a-w-	c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47	869544	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-12-20 292848]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2013-09-16 134616]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"DV4TS.EXE"="c:\windows\system32\DV4TS.EXE" [2011-04-14 183808]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-10-09 703736]
"ECtiClient"="c:\program files (x86)\ESTOS\ProCall 4\eCtiClient.exe" [2014-04-14 22894368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
David.fx.LNK - c:\program files (x86)\Tobit InfoCenter\DVWIN32.EXE [2014-6-6 9025024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
R2 AntiVir Security Management Center Agent;Avira Management Console Agent;c:\program files (x86)\Avira\Avira Security Management Center Agent\agent.exe;c:\program files (x86)\Avira\Avira Security Management Center Agent\agent.exe [x]
R2 EPSON_PCS_Parallel_Port_Driver;EPSON PCS Parallel Port Driver;c:\windows\system32\DRIVERS\pcslpt.sys;c:\windows\SYSNATIVE\DRIVERS\pcslpt.sys [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R3 cpuz136;cpuz136;c:\users\Administrator\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\Administrator\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 e1edc438-f640-4184-a443-d2a7c37a01dc;ASUS home made driver;c:\sysprep\OA30\690b33e1-0462-4e84-9bea-c7552b45432a.sys;c:\sysprep\OA30\690b33e1-0462-4e84-9bea-c7552b45432a.sys [x]
R3 edsservice;ESTOS Desktop Sharing-Dienste;c:\program files (x86)\ESTOS\ProCall 4\EDeskShareService.exe;c:\program files (x86)\ESTOS\ProCall 4\EDeskShareService.exe [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 intelsba;Intel(R) Small Business Advantage;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 EACUSrv;ESTOS Automatic Client Update;c:\windows\system32\EACUSrv.exe;c:\windows\SYSNATIVE\EACUSrv.exe [x]
S2 EPSON_Device_Control_Log_Service;EPSON Device Control Log Service;c:\program files\epson\portcommunicationservice\DeviceControlLog.exe;c:\program files\epson\portcommunicationservice\DeviceControlLog.exe [x]
S2 EPSON_Port_Communication_Service;EPSON Port Communication Service;c:\program files\epson\portcommunicationservice\PCSVC.exe;c:\program files\epson\portcommunicationservice\PCSVC.exe [x]
S2 FreewarePublicWiget.exe;FreewarePublicWiget.exe;c:\users\spetersen\AppData\Local\FreewarePublicWiget\FreewarePublicWiget.exe;c:\users\spetersen\AppData\Local\FreewarePublicWiget\FreewarePublicWiget.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 JREKernelMinimal;JREKernelMinimal;c:\windows\SysWOW64\JREKernelMinimal\JREKernelMinimal.exe;c:\windows\SysWOW64\JREKernelMinimal\JREKernelMinimal.exe [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 07:11	1096520	----a-w-	c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-06 07:50]
.
2014-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-08 04:59]
.
2014-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-08 04:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-09-26 05:43	2334416	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-09-26 05:43	2334416	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-09-26 05:43	2334416	----a-w-	c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-11-04 7204568]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-11-21 36352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-30 391152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-30 771568]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-30 770544]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.daehmlow.de/
mDefault_Search_URL = www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net
uInternet Settings,ProxyServer = http=127.0.0.1:21091
uSearchAssistant = www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.162.10
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
AddRemove-{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} - c:\program files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-10-15  12:53:06
ComboFix-quarantined-files.txt  2014-10-15 10:53
ComboFix2.txt  2014-10-15 10:44
.
Vor Suchlauf: 16 Verzeichnis(se), 78.708.801.536 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 78.404.370.432 Bytes frei
.
- - End Of File - - C242894052A2DA00ABE9587DF85B2916
A36C5E4F47E84449FF07ED3517B43A31

Ich werde den Eintrag einfach nicht los. Spätestens wenn ich entweder den PC oder den IE neu gestarte habe, ist der Eintrag wieder da.

Ich habe auch ADWCleaner und Malwarebytes drüber laufen lassen. Die haben auch etwas gefunden, es wurde entfernt und trotzdem besteht das Problem.
Es war auch die yahoo smarttoolbar installiert. Diese konnte ich mit dem Revo uninstaller aber entfernen.

Was kannich nun noch machen und was sagen Euch die Logs.

Ich danke schon mal für die Hilfe im Voraus.

hartnäckiger Proxy-Eintrag

Log-Analyse und Auswertung: hartnäckiger Proxy-Eintrag

hartnäckiger Proxy-Eintrag

Ähnliche Themen: hartnäckiger Proxy-Eintrag