Computer ist sehr langsam,Firefox stürzt häufig ab,Explorer geht nicht,Fotos können nicht ins Internet geladen werden
 

ComboFix 13-12-04.04 - annettepassarge 04.12.2013 19:57:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.1409 [GMT 1:00]
ausgeführt von:: c:\users\annettepassarge\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\annettepassarge\Desktop\Search.lnk
c:\windows\system32\roboot.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PCSUService
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-11-04 bis 2013-12-04 ))))))))))))))))))))))))))))))
.
.
2013-12-04 19:49 . 2013-12-04 19:49 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-12-04 19:40 . 2013-12-04 19:50 -------- d-----w- c:\users\annettepassarge\AppData\Local\temp
2013-12-04 19:40 . 2013-12-04 19:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-12-04 19:40 . 2013-12-04 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-04 15:14 . 2013-12-04 15:32 -------- d-----w- c:\users\annettepassarge\AppData\Local\cache
2013-12-04 15:14 . 2013-12-04 15:44 -------- d-----w- c:\users\annettepassarge\AppData\Local\Mobogenie
2013-12-04 15:14 . 2013-12-04 15:14 -------- d-----w- c:\users\annettepassarge\Qtrax
2013-12-04 15:13 . 2013-12-04 15:44 -------- d-----w- c:\program files\Mobogenie
2013-12-04 15:13 . 2013-12-04 18:54 -------- d-----w- c:\program files\PC Speed Up
2013-12-04 15:11 . 2013-12-04 15:12 -------- d-----w- c:\users\annettepassarge\AppData\Local\Smartbar
2013-12-04 15:09 . 2013-12-04 15:09 -------- d-----w- c:\users\annettepassarge\AppData\Roaming\IminentToolbar
2013-12-04 15:08 . 2013-12-04 15:29 -------- d-----w- c:\program files\Iminent
2013-12-04 15:06 . 2013-12-04 15:06 -------- d-----w- c:\program files\HitmanPro
2013-12-04 15:05 . 2013-12-04 15:55 -------- d-----w- c:\programdata\HitmanPro
2013-12-04 15:05 . 2013-12-04 15:05 -------- d-----w- c:\programdata\Systweak
2013-12-04 15:05 . 2013-12-04 15:05 -------- d-----w- c:\program files\Advanced System Protector
2013-12-04 15:05 . 2012-07-25 11:03 17136 ----a-w- c:\windows\system32\sasnative32.exe
2013-12-04 15:04 . 2013-12-04 18:24 -------- d-----w- c:\program files\MyPC Backup
2013-12-04 15:04 . 2013-12-04 18:22 -------- d-----w- c:\users\annettepassarge\AppData\Roaming\Systweak
2013-12-04 15:04 . 2013-12-04 15:04 -------- d-----w- c:\users\annettepassarge\AppData\Local\SearchProtect
2013-12-04 15:04 . 2013-12-04 15:04 -------- d-----w- c:\program files\SearchProtect
2013-12-03 06:14 . 2013-11-08 01:15 7772552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C38EAD41-945B-4C6D-A0E0-51FC5B5B7CAC}\mpengine.dll
2013-11-21 11:32 . 2013-11-21 11:32 -------- d-----w- c:\users\annettepassarge\AppData\Local\TempDIR
2013-11-16 09:01 . 2013-11-16 09:01 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-15 15:45 . 2013-11-15 15:45 -------- d-----w- c:\program files\iPod
2013-11-15 15:45 . 2013-11-15 15:46 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-15 15:45 . 2013-11-15 15:46 -------- d-----w- c:\program files\iTunes
2013-11-15 15:44 . 2013-11-15 15:44 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2013-11-15 15:44 . 2013-11-15 15:44 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2013-11-15 14:58 . 2013-11-15 14:58 -------- d-----w- c:\programdata\CSIS
2013-11-15 14:58 . 2013-11-15 15:02 -------- d-----w- c:\program files\Heimdal
2013-11-15 14:55 . 2013-11-15 18:24 564312 ----a-w- c:\windows\system32\hmpalert.dll
2013-11-15 14:55 . 2013-11-15 18:24 14376 ----a-w- c:\windows\system32\drivers\hmpalert.sys
2013-11-15 14:55 . 2013-11-15 14:55 -------- d-----w- c:\users\annettepassarge\AppData\Local\Secunia PSI
2013-11-15 14:54 . 2013-11-15 14:54 -------- d-----w- c:\program files\Secunia
2013-11-15 14:41 . 2013-11-15 14:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-11-15 14:41 . 2013-11-15 14:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-11-15 14:41 . 2013-11-15 14:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-11-15 14:41 . 2013-11-15 14:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-11-15 14:41 . 2013-11-15 14:41 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-11-15 14:40 . 2013-11-15 14:41 -------- d-----w- c:\program files\QuickTime
2013-11-13 14:38 . 2013-10-03 12:45 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 14:38 . 2013-10-03 12:45 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 14:38 . 2013-10-11 02:08 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 14:38 . 2013-10-11 02:07 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-04 18:19 . 2013-10-05 16:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-04 18:19 . 2013-10-05 16:50 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-03 12:42 . 2013-11-01 08:34 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-11-19 13:12 . 2013-11-01 08:34 137208 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-11-11 04:50 . 2010-02-15 20:31 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-04 12:42 . 2013-11-04 12:42 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys
2013-10-23 17:21 . 2013-10-23 17:21 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-23 17:21 . 2013-10-23 17:21 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-10-23 17:21 . 2013-10-23 17:21 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-23 17:21 . 2013-10-23 17:21 403440 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-10-23 17:21 . 2013-10-23 17:21 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-23 17:21 . 2013-10-23 17:21 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-23 17:21 . 2013-10-23 17:21 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-10-23 17:21 . 2013-10-23 17:21 35656 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-10-23 17:21 . 2013-10-23 17:21 269216 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-23 17:21 . 2013-10-23 17:21 43152 ----a-w- c:\windows\avastSS.scr
2013-10-10 18:14 . 2013-11-01 08:34 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-23 17:21 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01MemopalBackedUp]
@="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalBackedUp]
@="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}"
[HKEY_CLASSES_ROOT\CLSID\{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}]
2013-11-15 11:18 1633792 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02MemopalToBackup]
@="{2CDD871E-60EB-40BD-9721-A1CB57042F75}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalToBackup]
@="{2CDD871E-60EB-40BD-9721-A1CB57042F75}"
[HKEY_CLASSES_ROOT\CLSID\{2CDD871E-60EB-40BD-9721-A1CB57042F75}]
2013-11-15 11:18 1633792 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03MemopalPartiallyBackedUp]
@="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalPartiallyBackedUp]
@="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}"
[HKEY_CLASSES_ROOT\CLSID\{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}]
2013-11-15 11:18 1633792 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04MemopalError]
@="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalError]
@="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}"
[HKEY_CLASSES_ROOT\CLSID\{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}]
2013-11-15 11:18 1633792 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01MemopalBackedUp]
@="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalBackedUp]
@="{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}"
[HKEY_CLASSES_ROOT\CLSID\{8ED3CC2D-6BC2-43AD-8C43-F51FBB413AE6}]
2013-11-15 11:18 1633792 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04MemopalError]
@="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalError]
@="{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}"
[HKEY_CLASSES_ROOT\CLSID\{B9CA6E12-7975-4997-B5BD-CA12ECE0FEAD}]
2013-11-15 11:18 1633792 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03MemopalPartiallyBackedUp]
@="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalPartiallyBackedUp]
@="{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}"
[HKEY_CLASSES_ROOT\CLSID\{95DDC869-FC98-4D47-BD34-2EDC9AA09C01}]
2013-11-15 11:18 1633792 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02MemopalToBackup]
@="{2CDD871E-60EB-40BD-9721-A1CB57042F75}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MemopalToBackup]
@="{2CDD871E-60EB-40BD-9721-A1CB57042F75}"
[HKEY_CLASSES_ROOT\CLSID\{2CDD871E-60EB-40BD-9721-A1CB57042F75}]
2013-11-15 11:18 1633792 ----a-w- c:\program files\Avira Secure Backup\ShellExtension\ShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Avira Secure Backup"="c:\program files\Avira Secure Backup\Avira Secure Backup.exe" [2013-11-15 1726032]
"Browser Infrastructure Helper"="c:\users\annettepassarge\AppData\Local\Smartbar\Application\QuickShare.exe" [2013-10-31 20248]
"PCSpeedUp"="c:\program files\PC Speed Up\PCSUNotifier.exe" [2013-08-16 267568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-14 65536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-11-19 683576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Heimdal.lnk - c:\program files\Heimdal\Client\HeimdalAgent.exe [2013-11-6 1170080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-10-19 04:31 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 02:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service REG_MULTI_SZ Update-Service-Installer-Service
Update-Service REG_MULTI_SZ Update-Service
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-05 18:19]
.
2013-12-04 c:\windows\Tasks\PC SpeedUp Service Deactivator.job
- c:\program files\PC Speed Up\PCSUSD.exe [2013-12-04 06:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP46221213-8699-470C-B716-4B8E44512AE2&SSPV=
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: Free YouTube to MP3 Converter - c:\users\annettepassarge\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} - hxxp://www.flatcast.net/objects/NpFv522.dll
FF - ProfilePath - c:\users\annettepassarge\AppData\Roaming\Mozilla\Firefox\Profiles\bwxe0bx7.default\
FF - prefs.js: browser.search.selectedEngine -
FF - ExtSQL: 2013-10-05 03:05; firefox@whilokii.net; c:\users\annettepassarge\AppData\Roaming\Mozilla\Firefox\Profiles\bwxe0bx7.default\extensions\firefox@whilokii.net.xpi
FF - ExtSQL: 2013-10-23 19:21; wrc@avast.com; c:\progra~1\AVASTS~1\Avast\WebRep\FF
FF - ExtSQL: 2013-12-04 16:12; {ce429cf3-7a33-eb4f-aacb-352207f0b408}; c:\users\annettepassarge\AppData\Roaming\Mozilla\Firefox\Profiles\bwxe0bx7.default\extensions\{ce429cf3-7a33-eb4f-aacb-352207f0b408}
FF - user.js: extensions.iminent.tlbrSrchUrl - hxxp://start.iminent.com/?ref=toolbarm#q=
FF - user.js: extensions.iminent.id - 546b1517000000000000001a92c20a4e
FF - user.js: extensions.iminent.appId - {0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
FF - user.js: extensions.iminent.instlDay - 16043
FF - user.js: extensions.iminent.vrsn - 1.8.28.3
FF - user.js: extensions.iminent.vrsni - 1.8.28.3
FF - user.js: extensions.iminent.vrsnTs - 1.8.28.316:10
FF - user.js: extensions.iminent.prtnrId - iminent
FF - user.js: extensions.iminent.prdct - iminent
FF - user.js: extensions.iminent.aflt - orgnl
FF - user.js: extensions.iminent.smplGrp - none
FF - user.js: extensions.iminent.tlbrId - YBCPCSTIPO
FF - user.js: extensions.iminent.instlRef -
FF - user.js: extensions.iminent.dfltLng -
FF - user.js: extensions.iminent.excTlbr - false
FF - user.js: extensions.iminent.ffxUnstlRst - false
FF - user.js: extensions.iminent.admin - false
FF - user.js: extensions.iminent.autoRvrt - false
FF - user.js: extensions.iminent.rvrt - false
FF - user.js: extensions.iminent.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{B80F591E-FE9A-46CF-A13E-180377240586} - (no file)
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Video Converter - c:\program files\VideoConverter\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-12-04 20:49
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe?????????????????????????????????????????????????????????????????????????????????????
.
Scanne versteckte Dateien...
.
.
c:\windows\system.ini 219 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\HitmanPro\hmpsched.exe
c:\program files\HitmanPro.Alert\hmpalert.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Advanced System Protector\AdvancedSystemProtector.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira Secure Backup\Avira Secure BackupCrawler.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Heimdal\HeimdalSecureDNS\DnsService.exe
c:\program files\Heimdal\Service\HeimdalAgentService.exe
c:\program files\Secunia\PSI\PSIA.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Secunia\PSI\sua.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Advanced System Protector\clamunpack\clamscan.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-12-04 21:11:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-12-04 20:10
.
Vor Suchlauf: 21 Verzeichnis(se), 42.184.491.008 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 41.653.805.056 Bytes frei
.
- - End Of File - - C0618E793A350E84CFFA81BB68C10BBE
5C616939100B85E558DA92B899A0FC36

:wtf: :confused:

Wieso knalls du hier fast kommentarlos ein CF Log rein, hier steht außerdem überall, dass CF nicht auf eigene Faust gestartet werden soll! :wtf: