Trojaner-Board - Google-Suchen werden redirected

Hier ist das Log von Combofix. Zwischendurch kam ein Popup, in dem es hieß, mein Rechner sei von einem Rootkit befallen, der sich in den TCIP/IP-Stack eingebaut habe.

Combofix Logfile:
Code:
ComboFix 11-11-15.01 - Hendrik 15.11.2011  15:46:21.1.2 - x86

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.1992.1312 [GMT 1:00]

ausgeführt von:: c:\users\Hendrik\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$NtUninstallKB57481$\3372275318\@

c:\windows\$NtUninstallKB57481$\3372275318\L\xadqgnnk

c:\windows\$NtUninstallKB57481$\3372275318\loader.tlb

c:\windows\$NtUninstallKB57481$\3372275318\U\@00000001

c:\windows\$NtUninstallKB57481$\3372275318\U\@000000c0

c:\windows\$NtUninstallKB57481$\3372275318\U\@000000cb

c:\windows\$NtUninstallKB57481$\3372275318\U\@000000cf

c:\windows\$NtUninstallKB57481$\3372275318\U\@80000000

c:\windows\$NtUninstallKB57481$\3372275318\U\@800000c0

c:\windows\$NtUninstallKB57481$\3372275318\U\@800000cb

c:\windows\$NtUninstallKB57481$\3372275318\U\@800000cf

c:\windows\$NtUninstallKB57481$\3677086922

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

c:\windows\system32\ 

c:\windows\system32\c_09160.nls

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-10-15 bis 2011-11-15  ))))))))))))))))))))))))))))))

.

.

2011-11-14 23:31 . 2011-11-14 23:31        --------        d-----w-        c:\users\Hendrik\AppData\Roaming\Malwarebytes

2011-11-14 23:31 . 2011-11-14 23:31        --------        d-----w-        c:\programdata\Malwarebytes

2011-11-14 23:31 . 2011-11-15 00:03        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-11-14 23:31 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-11-14 19:16 . 2011-11-14 19:16        --------        d-sh--w-        c:\windows\system32\%APPDATA%

2011-11-14 17:25 . 2011-10-07 03:48        6668624        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7F474348-6A32-4E6B-9FD7-5C992F71BE85}\mpengine.dll

2011-10-31 14:19 . 2008-06-03 21:49        248448        ----a-w-        c:\windows\system32\PROUnstl.exe

2011-10-31 13:56 . 2011-08-27 04:26        233472        ----a-w-        c:\windows\system32\oleacc.dll

2011-10-31 13:56 . 2011-08-27 04:26        571904        ----a-w-        c:\windows\system32\oleaut32.dll

2011-10-31 13:55 . 2011-08-17 04:24        465408        ----a-w-        c:\windows\system32\psisdecd.dll

2011-10-31 13:55 . 2011-08-17 04:19        75776        ----a-w-        c:\windows\system32\psisrndr.ax

2011-10-31 13:51 . 2011-09-06 02:28        2334720        ----a-w-        c:\windows\system32\win32k.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-14 13:25 . 2011-06-24 13:51        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-11 16:15 . 2011-10-11 16:16        703824        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DF21EDC-BE30-4C74-8FE3-933FA246A922}\gapaengine.dll

2011-10-07 03:48 . 2009-10-27 11:06        6668624        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-10-03 08:48 . 2011-10-03 08:48        74752        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe

2011-10-03 08:48 . 2011-10-03 08:48        161792        ----a-w-        c:\windows\system32\msls31.dll

2011-10-03 08:48 . 2011-10-03 08:48        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll

2011-10-03 08:48 . 2011-10-03 08:48        86528        ----a-w-        c:\windows\system32\iesysprep.dll

2011-10-03 08:48 . 2011-10-03 08:48        76800        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe

2011-10-03 08:48 . 2011-10-03 08:48        74752        ----a-w-        c:\windows\system32\iesetup.dll

2011-10-03 08:48 . 2011-10-03 08:48        63488        ----a-w-        c:\windows\system32\tdc.ocx

2011-10-03 08:48 . 2011-10-03 08:48        48640        ----a-w-        c:\windows\system32\mshtmler.dll

2011-10-03 08:48 . 2011-10-03 08:48        367104        ----a-w-        c:\windows\system32\html.iec

2011-10-03 08:48 . 2011-10-03 08:48        23552        ----a-w-        c:\windows\system32\licmgr10.dll

2011-10-03 08:48 . 2011-10-03 08:48        152064        ----a-w-        c:\windows\system32\wextract.exe

2011-10-03 08:48 . 2011-10-03 08:48        150528        ----a-w-        c:\windows\system32\iexpress.exe

2011-10-03 08:48 . 2011-10-03 08:48        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl

2011-10-03 08:48 . 2011-10-03 08:48        420864        ----a-w-        c:\windows\system32\vbscript.dll

2011-10-03 08:48 . 2011-10-03 08:48        35840        ----a-w-        c:\windows\system32\imgutil.dll

2011-10-03 08:48 . 2011-10-03 08:48        142848        ----a-w-        c:\windows\system32\ieUnatt.exe

2011-10-03 08:48 . 2011-10-03 08:48        11776        ----a-w-        c:\windows\system32\mshta.exe

2011-10-03 08:48 . 2011-10-03 08:48        101888        ----a-w-        c:\windows\system32\admparse.dll

2011-10-03 08:14 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll

2011-09-12 23:14 . 2011-10-03 08:40        7269712        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\Hendrik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KeePass Password Safe"="e:\eigene dateien\Programme\Portable KeePass\KeePassPortable\App\keepass\keepass.exe" [2009-06-06 769024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"FingerPrintSoftware"="c:\drivers\WIN\FPRA\fpapp.exe \s" [X]

"TpShocks"="TpShocks.exe" [2009-07-08 337184]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]

"PWMTRV"="c:\progra~3\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-09-09 714016]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-24 174104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-24 151064]

"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-08-04 358424]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Hendrik\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"DisallowCpl"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Users^Hendrik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]

path=c:\users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk

backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

2009-09-12 16:09        357800        ----a-w-        c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59        937920        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2010-04-01 09:16        357696        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2010-11-20 12:17        1174016        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-06-15 13:02        15141768        ----a-r-        c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2009-08-25 19:39        98304        ----a-w-        c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-01-26 16:13        1242448        ----a-w-        c:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2011-04-22 12:21        247728        ----a-w-        c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

2009-09-12 16:09        5082488        ----a-w-        c:\programme\Acronis\TrueImageHome\TrueImageMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WLSync]

2010-09-22 23:19        1448800        ----a-w-        c:\program files\Windows Live\Mesh\WLSync.exe

.

R1 MpKsl0689d32a;MpKsl0689d32a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B352110D-AF42-4DA5-8797-CC33F0251E48}\MpKsl0689d32a.sys [x]

R1 MpKsl21ccd3fa;MpKsl21ccd3fa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A99698F0-9B89-4BC6-91C1-175F30672B5D}\MpKsl21ccd3fa.sys [x]

R1 MpKsl2878b49f;MpKsl2878b49f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8BAC3E25-9E33-4051-94D2-F4243135F495}\MpKsl2878b49f.sys [x]

R1 MpKsl2e36723d;MpKsl2e36723d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4469F622-36B7-4322-9CE9-2AD51B7C4630}\MpKsl2e36723d.sys [x]

R1 MpKsl416ba519;MpKsl416ba519;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BAB64209-23C6-4E86-9932-D3F9FD1C156E}\MpKsl416ba519.sys [x]

R1 MpKsl49119f3c;MpKsl49119f3c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5A684DDF-8C51-499D-AAFB-C6447227B5AB}\MpKsl49119f3c.sys [x]

R1 MpKsl4eeb5c4a;MpKsl4eeb5c4a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC1BF3AE-1B07-4C58-94AA-9FE0F71597D6}\MpKsl4eeb5c4a.sys [x]

R1 MpKsl555d0b1b;MpKsl555d0b1b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA7E95D4-8DE4-4429-84B6-0A63005B9F8D}\MpKsl555d0b1b.sys [x]

R1 MpKsl56535294;MpKsl56535294;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{861127EB-333C-4555-B769-54C1D02CD4AB}\MpKsl56535294.sys [x]

R1 MpKsl58de785a;MpKsl58de785a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC3F01F9-9808-4522-9636-F350D12686BF}\MpKsl58de785a.sys [x]

R1 MpKsl5cf30dda;MpKsl5cf30dda;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{24A1C1F8-790F-485F-B239-AAE6ECED36B3}\MpKsl5cf30dda.sys [x]

R1 MpKsl5e3474d8;MpKsl5e3474d8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{36A16DFF-374A-4B63-82A4-AE572A64A435}\MpKsl5e3474d8.sys [x]

R1 MpKsl5ec53d8f;MpKsl5ec53d8f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4EBF3467-6CCC-4DEE-822D-4DF8766A73BE}\MpKsl5ec53d8f.sys [x]

R1 MpKsl64f93954;MpKsl64f93954;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97BA8D16-BA34-4537-8FDD-0FD7F02CF96D}\MpKsl64f93954.sys [x]

R1 MpKsl72351fd9;MpKsl72351fd9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{720A9DCB-CD5E-4FCD-ACAC-AB657E25ADCB}\MpKsl72351fd9.sys [x]

R1 MpKsl7367aa0f;MpKsl7367aa0f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76D2E29B-D815-4D20-A2F8-D2E4AA6A1EE8}\MpKsl7367aa0f.sys [x]

R1 MpKsl74ee14e0;MpKsl74ee14e0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9507634D-5733-44C1-81C2-F3F0B500A87F}\MpKsl74ee14e0.sys [x]

R1 MpKsl7bc19148;MpKsl7bc19148;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1C721622-0296-46F1-8033-8DD58C929C20}\MpKsl7bc19148.sys [x]

R1 MpKsl8034d332;MpKsl8034d332;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44AF9EC1-839F-4A22-BE96-3FF186209EEC}\MpKsl8034d332.sys [x]

R1 MpKsl92607090;MpKsl92607090;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EFCD3BB-C029-45AD-B1AB-F41D85D43EAA}\MpKsl92607090.sys [x]

R1 MpKsl93e589ae;MpKsl93e589ae;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F71FF450-116D-4338-9B1F-DB581AB82D9B}\MpKsl93e589ae.sys [x]

R1 MpKslae677dd3;MpKslae677dd3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2FBF6B15-BACD-4D7E-AA54-F16D22AE1D2E}\MpKslae677dd3.sys [x]

R1 MpKslb1694b4a;MpKslb1694b4a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44244DCE-2ABF-4B61-960F-03B9C996B06F}\MpKslb1694b4a.sys [x]

R1 MpKslb22e0c5e;MpKslb22e0c5e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{020EEEBF-7204-4365-ADC4-2DE5446B5718}\MpKslb22e0c5e.sys [x]

R1 MpKslb671d39e;MpKslb671d39e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BFE05C50-97F2-4FE0-9607-0735D2DC8F41}\MpKslb671d39e.sys [x]

R1 MpKslba9eafd8;MpKslba9eafd8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D5101E1-C323-40CD-BFAC-BDA57BA29AF3}\MpKslba9eafd8.sys [x]

R1 MpKslc0d64bbd;MpKslc0d64bbd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CE0E950-1EBA-4BF8-9CFD-6B284418D89C}\MpKslc0d64bbd.sys [x]

R1 MpKslc55402ab;MpKslc55402ab;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{065033FD-ACD6-4CC2-A9C3-425ED5A863B4}\MpKslc55402ab.sys [x]

R1 MpKslc62497a3;MpKslc62497a3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6FDC689-8193-476B-A8DE-31C98BC675D2}\MpKslc62497a3.sys [x]

R1 MpKsld5288853;MpKsld5288853;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D011611C-8437-4605-8BFC-0E853D3DF8A7}\MpKsld5288853.sys [x]

R1 MpKsld57fc968;MpKsld57fc968;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21B38FF8-5990-4C7B-82EC-B08C6C010EE5}\MpKsld57fc968.sys [x]

R1 MpKsld73b9a5e;MpKsld73b9a5e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60311743-C6E2-42C7-8772-651AF7D2119D}\MpKsld73b9a5e.sys [x]

R1 MpKsle8a9b3ca;MpKsle8a9b3ca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD05E813-2E94-4148-ACF4-620150F8CB02}\MpKsle8a9b3ca.sys [x]

R1 MpKslf1ef020a;MpKslf1ef020a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB950410-3F0D-475C-B17C-96B2CD8F218A}\MpKslf1ef020a.sys [x]

R1 MpKslf8215018;MpKslf8215018;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79EBD039-5405-4955-AE5E-052522FE3B14}\MpKslf8215018.sys [x]

R1 MpKslfa91ddbe;MpKslfa91ddbe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2FAD04D-A8C4-4F60-8400-662B8BCC1BB0}\MpKslfa91ddbe.sys [x]

R1 MpKslfaa9a6c3;MpKslfaa9a6c3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FC145A50-915E-4240-B7B4-0684CAFF1D8B}\MpKslfaa9a6c3.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-08-31 106496]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 100736]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.EXE [2009-09-09 75040]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-15 691696]

S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2009-10-22 902432]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]

S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2009-10-22 2326920]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-24 169404]

S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-08-31 1683972]

S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-08-31 95160]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 359008]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 86488]

S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-08-04 2049920]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2009-10-22 159168]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-08-24 5073920]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-08-24 106496]

S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-08-31 485376]

S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-08-22 225408]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-08-24 5924864]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

.

.

------- Zusätzlicher Suchlauf -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\zcvon8zx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Add Bookmark Here Â²: abhere2@moztw.org - %profile%\extensions\abhere2@moztw.org

FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

FF - Ext: Image Toolbar: {A4732521-77D9-447E-A557-B279AC923F06} - %profile%\extensions\{A4732521-77D9-447E-A557-B279AC923F06}

FF - Ext: Personal Menu: CompactMenuCE@Merci.chao - %profile%\extensions\CompactMenuCE@Merci.chao

FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}

FF - Ext: OPIE: OPIE@guid.customsoftwareconsult.com - %profile%\extensions\OPIE@guid.customsoftwareconsult.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Ghostery: firefox@ghostery.com - %profile%\extensions\firefox@ghostery.com

FF - Ext: Beef Taco (Targeted Advertising Cookie Opt-Out): john@velvetcache.org - %profile%\extensions\john@velvetcache.org

FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

FF - Ext: Firefox Sync: {340c2bbc-ce74-4362-90b5-7c26312808ef} - %profile%\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-11-15  15:59:58

ComboFix-quarantined-files.txt  2011-11-15 14:59

.

Vor Suchlauf: 5.347.262.464 Bytes frei

Nach Suchlauf: 5.243.363.328 Bytes frei

.

- - End Of File - - 404AE4D1B9B1B29948F637635A182831
--- --- ---