Default-Search bleibt auch nach Neustart als Startseite

ComboFix 14-08-02.02 - Sonja 04.08.2014  20:37:51.1.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1014.335 [GMT 2:00]
ausgeführt von:: c:\users\Sonja\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-04 bis 2014-08-04  ))))))))))))))))))))))))))))))
.
.
2014-08-04 18:52 . 2014-08-04 18:53	--------	d-----w-	c:\users\Sonja\AppData\Local\temp
2014-08-04 18:52 . 2014-08-04 18:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-08-04 16:59 . 2014-08-04 17:03	--------	d-----w-	C:\FRST
2014-08-04 15:28 . 2014-08-04 15:28	--------	d-sh--w-	c:\users\Sonja\AppData\Local\EmieUserList
2014-08-04 15:28 . 2014-08-04 15:28	--------	d-sh--w-	c:\users\Sonja\AppData\Local\EmieSiteList
2014-08-04 12:01 . 2014-08-04 15:27	--------	d-----w-	c:\users\Sonja\AppData\Local\Opera Software
2014-08-04 12:01 . 2014-08-04 15:27	--------	d-----w-	c:\users\Sonja\AppData\Roaming\Opera Software
2014-08-04 12:00 . 2014-08-04 15:27	--------	d-----w-	c:\program files\Opera
2014-08-04 11:49 . 2014-07-02 03:11	8217224	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A9EE078-7FF6-4054-86E0-FB0ADA66C79E}\mpengine.dll
2014-07-20 09:08 . 2014-07-20 09:07	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-07-09 20:21 . 2014-07-09 20:21	5018624	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2014-07-09 19:57 . 2014-06-18 23:00	752640	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-07-09 19:57 . 2014-06-18 23:22	592896	----a-w-	c:\windows\system32\jscript9diag.dll
2014-07-09 19:57 . 2014-06-18 23:38	455168	----a-w-	c:\windows\system32\vbscript.dll
2014-07-09 19:57 . 2014-06-18 22:52	4254720	----a-w-	c:\windows\system32\jscript9.dll
2014-07-09 19:57 . 2014-06-18 01:52	399360	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-09 19:57 . 2014-06-18 00:52	2350080	----a-w-	c:\windows\system32\win32k.sys
2014-07-09 19:57 . 2014-06-18 01:51	646144	----a-w-	c:\windows\system32\osk.exe
2014-07-09 19:56 . 2014-06-06 09:44	509440	----a-w-	c:\windows\system32\qedit.dll
2014-07-09 19:56 . 2014-05-30 06:36	338944	----a-w-	c:\windows\system32\drivers\afd.sys
2014-07-09 19:56 . 2014-05-30 07:52	247808	----a-w-	c:\windows\system32\schannel.dll
2014-07-09 19:56 . 2014-05-30 07:52	550912	----a-w-	c:\windows\system32\kerberos.dll
2014-07-09 19:56 . 2014-05-30 07:52	259584	----a-w-	c:\windows\system32\msv1_0.dll
2014-07-09 19:56 . 2014-05-30 07:52	172032	----a-w-	c:\windows\system32\wdigest.dll
2014-07-09 19:56 . 2014-05-30 07:52	65536	----a-w-	c:\windows\system32\TSpkg.dll
2014-07-09 19:56 . 2014-05-30 07:52	220160	----a-w-	c:\windows\system32\ncrypt.dll
2014-07-09 19:56 . 2014-05-30 07:52	17408	----a-w-	c:\windows\system32\credssp.dll
2014-07-09 19:55 . 2014-06-05 14:26	1059840	----a-w-	c:\windows\system32\lsasrv.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-04 15:50 . 2014-04-09 08:29	110296	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-24 17:43 . 2013-05-02 09:14	35848	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2014-07-23 08:52 . 2010-06-29 15:25	231584	------w-	c:\windows\system32\MpSigStub.exe
2014-07-09 20:27 . 2013-07-27 09:33	699056	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-07-09 20:27 . 2013-06-19 09:18	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-03 19:44 . 2013-02-14 19:45	97648	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2014-05-22 08:29 . 2013-02-14 19:45	136216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2014-05-12 05:26 . 2014-04-13 15:02	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-05-12 05:25 . 2014-04-13 15:02	74456	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25 . 2014-04-13 15:02	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-05-09 07:06 . 2014-05-14 09:28	369664	----a-w-	c:\windows\system32\aepdu.dll
2014-05-09 07:04 . 2014-05-14 09:28	302592	----a-w-	c:\windows\system32\aeinv.dll
2014-05-08 09:06 . 2014-06-13 13:37	2742784	----a-w-	c:\windows\system32\rdpcorets.dll
2014-05-08 09:06 . 2014-06-13 13:37	13824	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
2012-08-03 09:39	1476480	----a-w-	c:\program files\ASUS\ASUS WebStorage\3.0.143.296\AsusWSShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
2012-08-03 09:39	1476480	----a-w-	c:\program files\ASUS\ASUS WebStorage\3.0.143.296\AsusWSShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-08-03 09:39	1476480	----a-w-	c:\program files\ASUS\ASUS WebStorage\3.0.143.296\AsusWSShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmazonMP3DownloaderHelper"="c:\users\Sonja\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-22 400704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-17 414384]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-01-06 3058304]
"EeeSplendidAgent"="c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe" [2009-12-29 104960]
"LivCam"="c:\program files\ASUS\LivCam\LivCam.exe" [2009-11-19 284160]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-06-29 2429]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-01-06 2018032]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-07-03 750160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"ASUSWebStorage"="c:\program files\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe" [2012-08-03 740736]
.
c:\users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
 Malwarebytes Anti-Malware .lnk - c:\program files\ Malwarebytes Anti-Malware \mbam.exe [2014-4-13 6970168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-06-18 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-08-04 110296]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-25 37352]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-07-03 430160]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-12-06 1229528]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-12-06 662232]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-08-17 98304]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-12-06 16024]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - UGTIRUOW
*Deregistered* - ugtiruow
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-27 20:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube to MP3 Converter - c:\users\Sonja\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rc0cfbue.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
MSConfigStartUp-Garmin Lifetime Updater - c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2402262172-657694341-2311227042-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\SecuROM\License information*]
"datasecu"=hex:48,d0,70,05,78,3d,42,ce,24,8b,75,a1,01,b0,31,5c,ab,4a,a5,4e,e1,
   fc,f0,58,74,90,91,cd,b7,b6,79,66,4b,aa,90,28,57,09,e8,79,68,98,c1,0f,75,17,\
"rkeysecu"=hex:2b,d5,05,1e,49,12,ca,94,d4,ec,0d,9f,7a,eb,7f,39
.
[HKEY_USERS\S-1-5-21-2402262172-657694341-2311227042-1000\Software\SecuROM\License information*]
"datasecu"=hex:48,d0,70,05,78,3d,42,ce,24,8b,75,a1,01,b0,31,5c,ab,4a,a5,4e,e1,
   fc,f0,58,74,90,91,cd,b7,b6,79,66,4b,aa,90,28,57,09,e8,79,68,98,c1,0f,75,17,\
"rkeysecu"=hex:2b,d5,05,1e,49,12,ca,94,d4,ec,0d,9f,7a,eb,7f,39
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-08-04  20:57:45
ComboFix-quarantined-files.txt  2014-08-04 18:57
.
Vor Suchlauf: 7 Verzeichnis(se), 66.875.420.672 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 66.884.079.616 Bytes frei
.
- - End Of File - - 77D51810A76E4BE65F7BF244F082A766
A36C5E4F47E84449FF07ED3517B43A31