|
Plagegeister aller Art und deren Bekämpfung: Schadsoftware schreibt Texte und klickt willkürlich... was tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.01.2013, 20:46 | #1 |
| Schadsoftware schreibt Texte und klickt willkürlich... was tun? Hallo Leute, ich bin normalerweise recht fit was den Computer angeht aber hier bin auch ich am Ende... Bisher habe ich alles mit HijackThis gefunden und wegbekommen - diesmal findet es nichts... Auch sämtliche Anti-Vitenprogramme und AntiMalware und Spyware Software findet nichts... Es passiert folgendes... ich starte meinen PC und nach ca 2-3 Stunden fängt der Spuk an... die Maus führ von alleine linksklicks aus...heisst es klickt Sachen an oder makiert Texte usw... Dann wird meist ein neues Tab geöffnet oder im aktuellen im der Adresszeile ein Text geschrieben... meist "Alles klar?" oder es öffnet sich die Suche vom Browser und dort wird der Text eingetippt. Wichtig: Der Text wird wirklich getippt... nicht reinkopiert... auch wenn ich dann den Router ausschalte geht der Spuk weiter... Das "Alles klar?" erscheint lustigerweise nur wenn ich es zuvor im Internet irgendwo bereits eingetippt habe... sprich in Facebook, Chat oder was auch immer... Was kann ich noch machen? Achja, ich nutze Windows 8 64bit. Hier noch die OTL.exe - eine Extra.exe hat er nicht gemacht! OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.01.2013 20:33:06 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16453) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,97 Gb Total Physical Memory | 6,85 Gb Available Physical Memory | 85,94% Memory free 8,53 Gb Paging File | 6,88 Gb Available in Paging File | 80,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 54,42 Gb Free Space | 48,72% Space Free | Partition Type: NTFS Drive D: | 100,00 Mb Total Space | 62,54 Mb Free Space | 62,55% Space Free | Partition Type: NTFS Drive E: | 931,41 Gb Total Space | 866,62 Gb Free Space | 93,04% Space Free | Partition Type: NTFS Computer Name: CHRISPC | User Name: Chris | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Chris\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe (MSI) PRC - C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - E:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe () PRC - C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - E:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MSI_SuperCharger) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe (MSI) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\Drivers\AtihdW86.sys (Advanced Micro Devices) DRV:64bit: - (aswTdi) -- C:\WINDOWS\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (MQAC) -- C:\Windows\SysNative\Drivers\mqac.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation) DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation) DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\Drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\Drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\Drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (PAC7302) -- C:\Windows\SysNative\Drivers\PAC7302.SYS (PixArt Imaging Inc.) DRV - (NTIOLib_1_0_3) -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys (MSI) DRV - (ipadtst) -- C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys (Windows (R) Win 7 DDK provider) DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH) DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH) DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (NTIOLib_1_0_6) -- C:\Program Files (x86)\Setup Files\Ms7693v1A0\NTIOLib_X64.sys (MSI) DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (MSI) DRV - (MSI_MSIBIOS_010507) -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys (Your Corporation) DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsi Software GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Chew7Hale] C:\WINDOWS\SysNative\hale.exe () O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI) O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13BE2C00-0168-4E4D-999E-C583B203CB70}: DhcpNameServer = 192.168.178.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - ("C:\Program Files (x86)\NoTilesPlease\ntpload.exe") - C:\Program Files (x86)\NoTilesPlease\ntpload.exe (Quadsoft) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.03 20:29:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Chris\Desktop\HiJackThis204.exe [2013.01.03 20:28:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe [2013.01.02 20:45:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org [2012.12.31 23:45:02 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2012.12.31 23:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2012.12.31 23:43:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\OpenOffice.org 3.4.1 (de) Installation Files [2012.12.28 00:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012.12.28 00:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2012.12.28 00:28:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Anti-Malware [2012.12.26 22:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.26 22:22:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys [2012.12.26 22:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.24 23:55:52 | 000,527,872 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\SysNative\drivers\PAC7302.SYS [2012.12.24 23:55:52 | 000,055,296 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\SysWow64\Remove.exe [2012.12.24 23:55:52 | 000,008,704 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\SysNative\CoInst_071029.dll [2012.12.24 23:55:51 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINDOWS\SysWow64\SP7302.ax [2012.12.24 23:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telescope Driver [2012.12.24 23:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PixArt [2012.12.24 23:55:50 | 000,014,336 | ---- | C] (PixArt Imaging Inc.) -- C:\WINDOWS\SysWow64\P7302USD.dll [2012.12.24 23:55:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\PixArt [2012.12.24 23:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PAC7302 [2012.12.08 22:54:56 | 000,000,000 | -H-D | C] -- C:\SuperChargerProfile [2012.12.05 01:09:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Misc ========== Files - Modified Within 30 Days ========== [2013.01.03 20:29:39 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Chris\Desktop\HiJackThis204.exe [2013.01.03 20:28:53 | 000,302,592 | ---- | M] () -- C:\Users\Chris\Desktop\bcdowx86.exe [2013.01.03 20:28:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe [2013.01.03 20:28:05 | 000,050,477 | ---- | M] () -- C:\Users\Chris\Desktop\Defogger.exe [2013.01.03 20:25:02 | 002,032,354 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2013.01.03 20:25:02 | 000,864,376 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat [2013.01.03 20:25:02 | 000,803,480 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2013.01.03 20:25:02 | 000,197,374 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat [2013.01.03 20:25:02 | 000,165,738 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2013.01.03 20:22:43 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.03 20:20:41 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.01.03 20:20:40 | 2123,984,895 | -HS- | M] () -- C:\hiberfil.sys [2013.01.03 14:29:16 | 000,036,293 | ---- | M] () -- C:\Users\Chris\Desktop\1.jpg [2013.01.02 21:04:29 | 000,009,820 | ---- | M] () -- C:\Users\Chris\Desktop\EK.ods [2013.01.02 20:45:50 | 000,001,239 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.01.01 23:09:57 | 000,304,360 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2012.12.31 23:45:03 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2012.12.31 23:38:23 | 152,249,762 | ---- | M] () -- C:\Users\Chris\Desktop\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe [2012.12.31 21:35:04 | 159,187,632 | ---- | M] () -- C:\Users\Chris\Desktop\BGE_Soundtrack.rar [2012.12.28 00:29:30 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.12.26 22:24:38 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.25 00:04:41 | 000,921,632 | ---- | M] () -- C:\PA7302.DAT [2012.12.08 22:54:57 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\Super-Charger.lnk ========== Files Created - No Company Name ========== [2013.01.03 20:28:52 | 000,302,592 | ---- | C] () -- C:\Users\Chris\Desktop\bcdowx86.exe [2013.01.03 20:28:04 | 000,050,477 | ---- | C] () -- C:\Users\Chris\Desktop\Defogger.exe [2013.01.03 14:29:16 | 000,036,293 | ---- | C] () -- C:\Users\Chris\Desktop\1.jpg [2013.01.02 21:04:27 | 000,009,820 | ---- | C] () -- C:\Users\Chris\Desktop\EK.ods [2013.01.02 20:45:50 | 000,001,239 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2012.12.31 23:45:03 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2012.12.31 23:31:00 | 152,249,762 | ---- | C] () -- C:\Users\Chris\Desktop\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe [2012.12.31 21:27:50 | 159,187,632 | ---- | C] () -- C:\Users\Chris\Desktop\BGE_Soundtrack.rar [2012.12.28 00:29:30 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.12.26 22:22:59 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.25 00:04:40 | 000,921,632 | ---- | C] () -- C:\PA7302.DAT [2012.12.24 23:55:52 | 000,000,291 | ---- | C] () -- C:\WINDOWS\SysWow64\Remover.ini [2012.12.24 23:55:51 | 000,000,566 | ---- | C] () -- C:\WINDOWS\SysWow64\SP7302.ini [2012.12.23 00:50:24 | 000,304,360 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2012.12.14 12:28:46 | 000,385,604 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml [2012.12.08 22:54:57 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\Super-Charger.lnk [2012.11.19 16:48:14 | 000,007,610 | ---- | C] () -- C:\Users\Chris\AppData\Local\Resmon.ResmonCfg [2012.11.13 01:05:29 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2012.11.12 00:55:00 | 001,968,878 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2012.11.12 00:54:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2012.11.07 21:58:02 | 000,000,323 | ---- | C] () -- C:\WINDOWS\SysWow64\WFD_List.ini [2012.10.30 01:14:52 | 000,003,584 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat [2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat [2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.11.06 05:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.11.06 05:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.01 19:46:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Amazon [2012.10.30 00:42:22 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\elsterformular [2012.11.14 13:33:19 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\IrfanView [2012.11.12 18:07:10 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\MobMapUpdater [2013.01.02 20:45:39 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenOffice.org [2012.11.25 18:12:38 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Opera [2012.10.12 10:22:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TeamViewer ========== Purity Check ========== < End of report > |
03.01.2013, 20:50 | #2 |
/// Malware-holic | Schadsoftware schreibt Texte und klickt willkürlich... was tun? Hi
__________________erst mal finger weg von hjt, bringt schon seit Vista nichts mehr, und irgendwelche löschungen damit zu machen kann gefährlich sein. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ |
Themen zu Schadsoftware schreibt Texte und klickt willkürlich... was tun? |
.dll, autorun, avast, bho, browser, computer, down, emsisoft, explorer, firefox, format, hijack, hijackthis, installation, internet, logfile, maus, monitor.exe, object, plug-in, programme, realtek, registry, scan, security, software, spyware, windows |