Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
tastatur und maus agiert alleine, sticky keys, einrastfunktion

tastatur und maus agiert alleine, sticky keys, einrastfunktion


Plagegeister aller Art und deren Bekämpfung: tastatur und maus agiert alleine, sticky keys, einrastfunktion

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.09.2015, 09:57   #1
lololo99
 
tastatur und maus agiert alleine, sticky keys, einrastfunktion - Standard

tastatur und maus agiert alleine, sticky keys, einrastfunktion


hallo;

ich habe das problem, dass bei meinem computer seit gestern meine tastatur und auch die maus sich selbst umschaltet. davor hatte ich keine probleme, darum tippe ich AUf einen VIRUS? Z:B: HIER hat sich von selbst die großschreibung eingschalten, ohne, dass ich was getan hätte.
AUCH FUNKTionen wie z.b. im internet haben sich verändert. wenn ich auf firefox klicke öffnet sich automatisch ein neues fenster und ähnliches. auch das benutzungsmenü ist plötzlich iN english.

es macht den computer relativ unbearbeitbar, weil man nicht mal ein email normal schreiben kann.
ich hab schon gegooglet, ob es hier einen trojaner gibt oder anderen virus, aber nix gefunden.

ja, hilft das als beschreibung? über tipps wäre ich dankbar...

Alt 19.09.2015, 11:38   #2
schrauber
/// the machine
/// TB-Ausbilder
 
tastatur und maus agiert alleine, sticky keys, einrastfunktion - Standard

tastatur und maus agiert alleine, sticky keys, einrastfunktion


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 19.09.2015, 14:35   #3
lololo99
 
tastatur und maus agiert alleine, sticky keys, einrastfunktion - Standard

tastatur und maus agiert alleine, sticky keys, einrastfunktion


hallo und danke für die rasche antwort. ich weiß das sehr zu schätzen

ich muss sagen, ich bin gerade heim und hab den computer gerade hochgefahren und den scan gemacht. bis jetzt funktioniert alles. bei den letzten malen war es dann so, dass es irgendwann losgegangen ist, dass es nicht mehr geklappt hat.


hier zuerst die FRST Datei:
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-09-2015
Ran by mattl (administrator) on KHIRA (19-09-2015 15:10:43)
Running from C:\Users\mattl\Downloads
Loaded Profiles: mattl (Available Profiles: mattl)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Lavasoft Limited) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Absolute Software Corp.) C:\Windows\System32\rpcnet.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Lavasoft Limited) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Mozilla Corporation) D:\firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [TrojanScanner] => C:\Program Files\Trojan Remover\Trjscan.exe /boot
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-3900217696-1402065389-687827829-1001\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
AppInit_DLLs: C:\Users\mattl\AppData\Local\Linkey\IEEXTE~1\iedll.dll => No File
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll
Startup: C:\Users\mattl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk [2015-07-10]
ShortcutTarget: DesktopVideoPlayer.lnk -> C:\Users\mattl\AppData\Local\vghd\bin\vghd.exe (Totem Entertainment)
BootExecute: autocheck autochk * lsdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
Tcpip\..\Interfaces\{F6D25660-37C2-4D19-9D41-F5FE4C575461}: [DhcpNameServer] 195.34.133.21 212.186.211.21

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-3900217696-1402065389-687827829-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://www.default-search.net?sid=503&aid=100&itype=n&ver=13001&tm=397&src=hmp
HKU\S-1-5-21-3900217696-1402065389-687827829-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
URLSearchHook: HKU\S-1-5-21-3900217696-1402065389-687827829-1001 - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} -  No File
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13001&tm=397&src=ds&p={searchTerms}
SearchScopes: HKLM -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
SearchScopes: HKU\S-1-5-21-3900217696-1402065389-687827829-1001 -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3900217696-1402065389-687827829-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP2C1C675D-FEBF-4132-A6FA-96EDDCDB5DBA&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3900217696-1402065389-687827829-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtDtByEzztCyC0EtAtBzz0CzyyDzz0FtN0D0Tzu0SyBtCtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1364943656&ir=
SearchScopes: HKU\S-1-5-21-3900217696-1402065389-687827829-1001 -> {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
SearchScopes: HKU\S-1-5-21-3900217696-1402065389-687827829-1001 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = 
SearchScopes: HKU\S-1-5-21-3900217696-1402065389-687827829-1001 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3900217696-1402065389-687827829-1001 -> {8D3B632F-4AF5-4DB0-967E-2E67F9279A61} URL = hxxps://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3900217696-1402065389-687827829-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13001&tm=397&src=ds&p={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\mattl\AppData\Local\Linkey\IEEXTE~1\iedll.dll No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
Toolbar: HKLM - facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll No File
Toolbar: HKU\S-1-5-21-3900217696-1402065389-687827829-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-3900217696-1402065389-687827829-1001 -> No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_45-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\mattl\AppData\Roaming\Mozilla\Firefox\Profiles\9z9kfl9l.default-1442602718293
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-10-22] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3900217696-1402065389-687827829-1001: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\mattl\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2011-04-18]
FF Extension: Firefox HTTP authentication from sub-resources Hotfix - C:\Users\mattl\AppData\Roaming\Mozilla\Firefox\Profiles\9z9kfl9l.default-1442602718293\Extensions\firefox-hotfix@mozilla.org.xpi [2015-09-18]
FF Extension: Adblock Plus - C:\Users\mattl\AppData\Roaming\Mozilla\Firefox\Profiles\9z9kfl9l.default-1442602718293\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-19]
StartMenuInternet: FIREFOX.EXE - D:\firefox\firefox.exe

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoods.crx <not found>
CHR HKLM\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\mattl\AppData\Local\Temp\crxEEBE.tmp <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [461672 2015-08-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-27] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
R2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2152152 2011-10-29] (Lavasoft Limited)
R2 rpcnet; C:\Windows\system32\rpcnet.exe [78032 2015-04-24] (Absolute Software Corp.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [X]
S2 UI Assistant Service; C:\Program Files\Orange Mobiles Internet\AssistantServices.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108448 2015-07-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136728 2015-07-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-05-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 Lavasoft Kernexplorer; C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [15232 2011-08-18] ()
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [64512 2011-08-18] (Lavasoft AB)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-06-16] (Avira Operations GmbH & Co. KG)
S3 zte_cdc_acm; C:\Windows\System32\DRIVERS\zte_cdc_acm.sys [67968 2011-05-23] (ZTE)
S3 zte_cdc_ecm; C:\Windows\System32\DRIVERS\zte_cdc_ecm.sys [32768 2011-05-23] (ZTE)
S3 zte_cpo; C:\Windows\System32\DRIVERS\zte_cpo.sys [9984 2011-05-23] (ZTE)
S3 zte_ecm_enum; C:\Windows\System32\DRIVERS\zte_ecm_enum.sys [47488 2011-05-23] (ZTE)
S3 zte_ecm_enum_filter; C:\Windows\System32\DRIVERS\zte_ecm_enum_filter.sys [47488 2011-05-23] (ZTE)
S3 StarOpen; no ImagePath
S3 Synth3dVsc; no ImagePath
S3 tsusbhub; no ImagePath
S3 VGPU; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-19 15:06 - 2015-09-19 15:07 - 00026736 _____ C:\Users\mattl\Downloads\Addition.txt
2015-09-19 15:04 - 2015-09-19 15:11 - 00014039 _____ C:\Users\mattl\Downloads\FRST.txt
2015-09-19 15:04 - 2015-09-19 15:10 - 00000000 ____D C:\FRST
2015-09-19 15:03 - 2015-09-19 15:04 - 01695232 _____ (Farbar) C:\Users\mattl\Downloads\FRST.exe
2015-09-19 14:58 - 2015-09-19 14:58 - 00000384 _____ C:\Windows\Tasks\Ad-Aware Update (Weekly).job
2015-09-19 09:49 - 2015-09-19 09:49 - 00000000 ____D C:\vghd
2015-09-15 14:54 - 2015-09-15 14:54 - 00174414 _____ C:\Users\mattl\Downloads\NeXus_2015_Case study_Change Management.pptx
2015-09-14 20:20 - 2015-09-14 20:20 - 00055580 _____ C:\Users\mattl\Downloads\interstellar_english-1080178.zip
2015-09-14 20:20 - 2015-09-14 20:20 - 00000000 ____D C:\Users\mattl\Downloads\interstellar_english-1080178
2015-09-08 21:51 - 2015-09-02 04:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-08 21:51 - 2015-09-02 04:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 21:51 - 2015-09-02 04:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-08 21:51 - 2015-09-02 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-08 21:51 - 2015-09-02 03:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 21:51 - 2015-09-02 03:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 21:51 - 2015-08-26 19:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-08 21:51 - 2015-08-26 19:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-08 21:51 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-08 21:51 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-08 21:51 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-08 21:51 - 2015-08-26 19:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-08 21:51 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-08 21:51 - 2015-08-26 19:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-08 21:51 - 2015-08-26 19:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-08 21:51 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-08 21:51 - 2015-08-26 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-08 21:51 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-08 21:51 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-08 21:51 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-08 21:51 - 2015-08-15 07:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-08 21:51 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-08 21:51 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-08 21:51 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-08 21:51 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-08 21:51 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-08 21:51 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-08 21:51 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-08 21:51 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-08 21:51 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-08 21:51 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-08 21:51 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-08 21:51 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-08 21:51 - 2015-08-15 07:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-08 21:51 - 2015-08-15 07:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-08 21:51 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-08 21:51 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-08 21:51 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-08 21:51 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-08 21:51 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-08 21:51 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-08 21:51 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-08 21:51 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-08 21:51 - 2015-08-15 07:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-08 21:51 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-08 21:51 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-08 21:51 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-08 21:51 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-08 21:51 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-08 21:51 - 2015-08-05 19:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 21:51 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 21:51 - 2015-08-05 19:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-08 21:51 - 2015-08-04 19:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-08 21:51 - 2015-08-04 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-08 21:51 - 2015-08-04 19:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-08 21:51 - 2015-08-04 19:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-08 21:51 - 2015-08-04 19:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-08 21:51 - 2015-08-04 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-08 21:51 - 2015-07-15 04:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-02 18:24 - 2015-09-08 11:16 - 00001096 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-08-27 11:47 - 2015-08-27 12:14 - 00024851 _____ C:\Users\mattl\Desktop\untertitel bbc doku.odt
2015-08-23 10:25 - 2015-08-23 10:25 - 00000000 ___RD C:\Program Files\Skype
2015-08-23 10:25 - 2015-08-23 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-23 10:25 - 2015-08-23 10:25 - 00000000 ____D C:\Program Files\Common Files\Skype

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-19 15:04 - 2009-12-09 23:57 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-19 15:03 - 2009-12-09 23:43 - 01885627 _____ C:\Windows\WindowsUpdate.log
2015-09-19 14:58 - 2015-08-10 09:58 - 00008512 _____ C:\Windows\setupact.log
2015-09-19 14:58 - 2012-03-09 16:37 - 00255716 _____ C:\aaw7boot.log
2015-09-19 14:58 - 2009-12-11 15:57 - 00078032 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2015-09-19 14:58 - 2009-12-09 23:40 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2015-09-19 14:58 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-19 11:32 - 2009-07-14 06:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-19 11:32 - 2009-07-14 06:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-19 11:28 - 2013-03-11 13:25 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-19 11:27 - 2015-03-31 22:04 - 00000000 ____D C:\Users\mattl\AppData\Roaming\Skype
2015-09-18 22:53 - 2015-04-17 11:54 - 00000000 ____D C:\Users\mattl\AppData\Roaming\vlc
2015-09-17 16:32 - 2011-09-05 21:12 - 00000064 _____ C:\Windows\system32\rp_stats.dat
2015-09-17 16:32 - 2011-09-05 21:12 - 00000044 _____ C:\Windows\system32\rp_rules.dat
2015-09-13 22:28 - 2015-04-03 02:18 - 00000000 ____D C:\Users\mattl\AppData\Roaming\TeamViewer
2015-09-09 19:39 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-09 19:10 - 2009-12-09 23:41 - 00017408 _____ C:\Windows\system32\rpcnetp.dll
2015-09-09 19:10 - 2009-07-14 06:33 - 00282944 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 19:08 - 2009-07-14 09:50 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-08 11:16 - 2014-08-16 08:27 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-08 11:16 - 2013-03-24 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-01 16:09 - 2015-06-12 21:00 - 00000000 ____D C:\Users\mattl\AppData\Roaming\uTorrent
2015-08-28 15:59 - 2010-12-29 22:35 - 00444958 _____ C:\Windows\PFRO.log
2015-08-27 11:32 - 2009-07-14 06:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-24 16:55 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2015-08-23 10:26 - 2010-03-05 13:11 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2014-07-03 18:47 - 2015-07-14 08:48 - 0003584 _____ () C:\Users\mattl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-15 11:46 - 2012-11-15 11:46 - 95023320 ____T () C:\ProgramData\dsgsdgdsgdsgw.pad
2010-03-05 13:12 - 2010-03-05 13:12 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-11-15 11:46 - 2012-11-15 11:46 - 0044544 _____ (Microsoft Corporation) C:\ProgramData\lsass.exe

Some files in TEMP:
====================
C:\Users\mattl\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-11 11:29

==================== End of FRST.txt ============================
--- --- ---







Und hier ADDITION:




FRST Additions Logfile:
[CODE]Additional
FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x86) Version:15-09-2015
Ran by mattl (2015-09-19 15:11:22)
Running from C:\Users\mattl\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2009-12-09 21:43:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3900217696-1402065389-687827829-500 - Administrator - Disabled)
Guest (S-1-5-21-3900217696-1402065389-687827829-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3900217696-1402065389-687827829-1002 - Limited - Enabled)
mattl (S-1-5-21-3900217696-1402065389-687827829-1001 - Administrator - Enabled) => C:\Users\mattl

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Lavasoft Ad-Watch Live! Virenschutz (Enabled - Up to date) {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Lavasoft Ad-Watch Live! (Enabled - Up to date) {24938260-56EE-C1E5-047B-DC2BDD234BAB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3900217696-1402065389-687827829-1001\...\uTorrent) (Version: 3.4.4.40911 - BitTorrent Inc.)
Ad-Aware (HKLM\...\{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}) (Version: 9.5.0 - Lavasoft Limited)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM\...\{315dd168-0794-4cf1-8355-f195cde642fc}) (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG)
Avira Launcher (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Hidden
FLV Player 2.0 (build 25) (HKLM\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
HappyFoto Bestellsoftware (HKU\S-1-5-21-3900217696-1402065389-687827829-1001\...\HappyFoto Bestellsoftware) (Version:  - HAPPY - FOTO GmbH / ©2010 Aberger Software GmbH)
HappyFoto-Designer 2.7 (HKLM\...\HappyFoto-Designer_is1) (Version:  - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox (3.6.13) (HKLM\...\Mozilla Firefox (3.6.13)) (Version: 3.6.13 (de) - Mozilla)
Mozilla Firefox 40.0.3 (x86 de) (HKU\S-1-5-21-3900217696-1402065389-687827829-1001\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
OpenOffice.org 3.1 (HKLM\...\{D765F1CE-5AE5-4C47-B134-AE58AC474740}) (Version: 3.1.9420 - OpenOffice.org)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
VLC media player 1.0.5 (HKLM\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3900217696-1402065389-687827829-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3900217696-1402065389-687827829-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\mattl\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3900217696-1402065389-687827829-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\mattl\AppData\Local\Google\Update\1.3.27.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3900217696-1402065389-687827829-1001_Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\InprocServer32 -> C:\Users\mattl\AppData\Roaming\Facebook\axfbootloader.dll No File
CustomCLSID: HKU\S-1-5-21-3900217696-1402065389-687827829-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-3900217696-1402065389-687827829-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\mattl\AppData\Local\Google\Update\1.3.26.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3900217696-1402065389-687827829-1001_Classes\CLSID\{C98FE784-B96E-41e1-8399-1337AE3E539F}\InprocServer32 -> C:\Users\mattl\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
CustomCLSID: HKU\S-1-5-21-3900217696-1402065389-687827829-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\mattl\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3900217696-1402065389-687827829-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {088E4DA1-E735-4280-8C8E-612E0827C07D} - System32\Tasks\{524C0E2B-0AEE-4D5F-B291-FBC10B85CC13} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158.259/de/go/help.faq.installer?LastError=1603
Task: {1B300C68-7D48-4152-9FDE-AFFCB7EBA847} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {2BC6ABE4-FFC9-43AE-B154-54C12E1D8AD8} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-10-29] (Lavasoft Limited                                                      )
Task: {37F0E57B-3D4E-4FC1-804A-3861B54BDEEE} - System32\Tasks\{43A77960-B9F4-4CB8-A10E-D60F7D07C8AE} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?page=tsProgressBar
Task: {41EB8875-8AA9-46B1-9DDD-A7683BDD06E1} - System32\Tasks\{081D07C4-6EE4-4C23-9379-BB95C1DADA23} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.119.259&amp;LastError=404
Task: {4E7E18E9-08F1-4396-83A0-D4170FEF335D} - System32\Tasks\{24BDD93C-00CF-48A3-BB4D-AFD8BC4AB1C8} => pcalua.exe -a C:\Windows\system32\javaws.exe -c -uninstall -prompt "hxxp://happyfoto.at:80/images/resources/express/HappyFoto-Expressordering.jnlp?mnd=hpy&amp;applet=false"
Task: {662F01E3-94B6-4B03-B561-E52822162A63} - System32\Tasks\{1C762213-42D0-47D0-B58B-9FBD60FEE736} => pcalua.exe -a C:\Windows\system32\javaws.exe -c -uninstall -prompt "hxxp://happyfoto.at:80/images/resources/express/HappyFoto-Expressordering.jnlp?mnd=hpy&amp;applet=false"
Task: {8CA413AD-7D63-4641-B109-F15982A8A5CC} - System32\Tasks\{D27CBED6-E597-416D-8828-8BB0A10E058F} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.114/de/go/help.faq.installer?LastError=1603
Task: {9A4164CC-C6ED-4B3E-B605-786F9B48CB91} - System32\Tasks\{8D6E81C1-9E10-4083-B933-A16EFF1A0B6F} => pcalua.exe -a C:\Users\mattl\Downloads\orgplus8express_de.exe -d C:\Users\mattl\Downloads
Task: {C6E83C94-5047-490B-ADFE-20B3499F44A1} - System32\Tasks\{45BE3BCF-5840-4BF1-BB84-805906222872} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.156/de/go/help.faq.installer?LastError=1603
Task: {D2D28A77-1FE0-47AD-89A3-384E8B739215} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-13] (Adobe Systems Incorporated)
Task: {D57A425F-3517-4804-86E4-1FCB3EBDD0B3} - System32\Tasks\{E708FF3D-22D6-47C0-A499-997F8C4EF096} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?page=tsProgressBar
Task: {E879440A-A8D8-4FED-93E9-CAA2CF16F583} - System32\Tasks\{F5018C9F-6235-4DED-AAE4-409AE5477C97} => C:\Program Files\Skype\Phone\Skype.exe [2015-08-07] (Skype Technologies S.A.)
Task: {EE6F5819-AC17-4D59-B164-73C2EABF23B4} - System32\Tasks\{01C081A6-1687-46AE-9B89-336812DC4434} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.105/de/abandoninstall?page=tsProgressBar


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2011-08-18 15:25 - 2011-09-02 10:53 - 00589184 _____ () C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
2011-08-18 15:25 - 2011-09-02 10:54 - 00430568 _____ () C:\Program Files\Lavasoft\Ad-Aware\viprebridge.dll
2011-08-18 15:25 - 2011-08-18 15:25 - 00308560 _____ () C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
2012-07-14 21:50 - 2014-12-19 06:01 - 00192376 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
2012-07-14 21:50 - 2014-12-19 06:01 - 00180088 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
2011-08-28 22:40 - 2011-08-28 22:40 - 00508776 _____ () C:\ProgramData\Lavasoft\Ad-Aware\Defs\thorax.aaw

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:364682BC
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3900217696-1402065389-687827829-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 195.34.133.21 - 212.186.211.21
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{9FBC5BD8-FBD5-4E8D-B024-B5F9FBA168F6}D:\firefox\firefox.exe] => (Block) D:\firefox\firefox.exe
FirewallRules: [UDP Query User{61778F03-4A1C-4E07-8BC1-A2CA81A1D3F8}D:\firefox\firefox.exe] => (Block) D:\firefox\firefox.exe
FirewallRules: [TCP Query User{9A2008CB-40B6-49FA-901E-188A125CFFBC}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{357D3AFC-EC6A-46AC-9ECF-EC1408FB9992}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [{B322483B-7F9D-48C2-9E0F-1DEEC979560A}] => (Allow) LPort=49161
FirewallRules: [{692DEEFC-7AC1-49A2-B014-15580DE8F948}] => (Allow) LPort=5000
FirewallRules: [{77C8D986-CC3A-40A5-9502-D78E5B4819DB}] => (Allow) LPort=49503
FirewallRules: [{CE1DE4E1-F97E-4C56-8C96-23C039CA4512}] => (Allow) LPort=5000
FirewallRules: [TCP Query User{6EFA3935-36DA-482D-B820-A9BA7C4A5837}D:\firefox\plugin-container.exe] => (Block) D:\firefox\plugin-container.exe
FirewallRules: [UDP Query User{963D3899-1AC9-4974-A694-C460DEC1BCEA}D:\firefox\plugin-container.exe] => (Block) D:\firefox\plugin-container.exe
FirewallRules: [{5F3FD504-0A9E-4648-9E81-08631D498CBD}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{A1FB3E87-986A-4903-99EE-62E178A37F2E}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{BE9F3523-F9AB-4BA4-95AB-C3FA2192D1B2}] => (Allow) C:\Program Files\AIM\aim.exe
FirewallRules: [{CA42094B-2D71-4BD9-AA14-450553B2AEE5}] => (Allow) C:\Program Files\AIM\aim.exe
FirewallRules: [TCP Query User{924501E6-C026-4451-BECD-79F87FFA8DB0}C:\users\mattl\downloads\utorrent.exe] => (Allow) C:\users\mattl\downloads\utorrent.exe
FirewallRules: [UDP Query User{304D47FC-51D0-441D-942F-CA15C1952D70}C:\users\mattl\downloads\utorrent.exe] => (Allow) C:\users\mattl\downloads\utorrent.exe
FirewallRules: [{E0BB2E08-AB59-42A4-B433-176A52B823E7}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{4039CDEC-1BEB-4706-B4B0-CE2769BF8FE5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{3AA61160-9C1A-41DC-9F8E-A8D1461F10E1}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D80205EE-DB67-4243-B160-DE219BBB625A}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{98CC0D48-B7F7-410F-B54B-D38C2142F4B4}] => (Allow) C:\Users\mattl\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9A398E2C-4CEA-485A-A059-B74744B1EE9B}] => (Allow) C:\Users\mattl\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{5D08C071-796F-49EB-9C89-723B9B12E075}D:\firefox\firefox.exe] => (Block) D:\firefox\firefox.exe
FirewallRules: [UDP Query User{AAC8D496-1515-4964-B1D1-EB05867ACE3A}D:\firefox\firefox.exe] => (Block) D:\firefox\firefox.exe


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/19/2015 10:04:32 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (09/17/2015 10:55:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 7.8.0.102, time stamp: 0x55c4ffc4
Faulting module name: Skype.exe, version: 7.8.0.102, time stamp: 0x55c4ffc4
Exception code: 0xc0000005
Fault offset: 0x017a8c4b
Faulting process id: 0xe78
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (09/17/2015 06:00:28 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (09/17/2015 04:33:19 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (09/15/2015 09:09:43 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (09/14/2015 11:04:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17514, time stamp: 0x4ce796f3
Faulting module name: Trshlex.dll_unloaded, version: 0.0.0.0, time stamp: 0x4a86f46b
Exception code: 0xc0000005
Fault offset: 0x0d3a29f0
Faulting process id: 0xb08
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (09/14/2015 06:58:31 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (09/13/2015 11:03:24 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (09/13/2015 02:40:16 PM) (Source: Lavasoft Ad-Aware Service) (EventID: 0) (User: )
Description: Only one instance of service process is allowed.

Error: (09/12/2015 10:25:56 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005


System errors:
=============
Error: (09/19/2015 02:58:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error: 
%%2

Error: (09/19/2015 02:58:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UI Assistant Service service failed to start due to the following error: 
%%2

Error: (09/19/2015 02:58:33 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/19/2015 02:58:33 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/19/2015 09:46:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error: 
%%2

Error: (09/19/2015 09:46:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UI Assistant Service service failed to start due to the following error: 
%%2

Error: (09/19/2015 09:46:41 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (09/19/2015 09:46:41 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/18/2015 08:50:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Protect by Conduit Service service failed to start due to the following error: 
%%2

Error: (09/18/2015 08:50:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
Percentage of memory in use: 56%
Total physical RAM: 3066.27 MB
Available physical RAM: 1332.74 MB
Total Virtual: 6130.84 MB
Available Virtual: 4083.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:34.18 GB) (Free:0.36 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Galle) (Fixed) (Total:253.91 GB) (Free:165.34 GB) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:1 GB) (Free:1 GB) FAT32
Drive f: (HP_RECOVERY) (Fixed) (Total:9 GB) (Free:1.65 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 80D2F3EE)
Partition 1: (Active) - (Size=34.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=253.9 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=1 GB) - (Type=0C)
Partition 4: (Not Active) - (Size=9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
--- --- ---

--- --- ---


und jetzt hat es wieder begonnen...
__________________
Alt 20.09.2015, 11:30   #4
schrauber
/// the machine
/// TB-Ausbilder
 
tastatur und maus agiert alleine, sticky keys, einrastfunktion - Standard

tastatur und maus agiert alleine, sticky keys, einrastfunktion


hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu tastatur und maus agiert alleine, sticky keys, einrastfunktion
anderen, automatisch, computer, einrastfunktion, email, fenster, firefox, funktion, funktionen, großschreibung, hilft, interne, internet, klicke, maus, neues, plötzlich, problem, probleme, relativ, sticky, tastatur, tastatur selbständig, tipps, trojaner, virus, virus?, öffnet


« Browser Hijacker? googleadservices.com | Win7: Malware nach Software Download? »


Ähnliche Themen: tastatur und maus agiert alleine, sticky keys, einrastfunktion


  1. Maus klickt von alleine!
    Plagegeister aller Art und deren Bekämpfung - 22.12.2014 (3)
  2. Laptop Tastatur und Maus spinnen
    Plagegeister aller Art und deren Bekämpfung - 23.11.2014 (9)
  3. Maus und Tastatur frieren ein
    Alles rund um Windows - 11.01.2014 (19)
  4. Maus und Tastatur spielen verrückt.
    Mülltonne - 10.10.2013 (1)
  5. Maus scrollt von alleine
    Netzwerk und Hardware - 15.02.2013 (1)
  6. Maus und Tastatur spielen verrückt
    Plagegeister aller Art und deren Bekämpfung - 27.11.2010 (1)
  7. Maus bewegt sich von alleine
    Log-Analyse und Auswertung - 22.09.2010 (14)
  8. Zeitweiser Ausfall der Tastatur und der Maus
    Alles rund um Windows - 17.06.2010 (3)
  9. Generalkeys Tastatur und Maus (pearl)
    Netzwerk und Hardware - 11.04.2010 (7)
  10. Maus und Tastatur spinnen
    Plagegeister aller Art und deren Bekämpfung - 19.09.2009 (1)
  11. Maus und tastatur spinnen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2009 (6)
  12. Tastatur und Maus schreiben/klicken von alleine
    Plagegeister aller Art und deren Bekämpfung - 26.05.2009 (0)
  13. Maus und Tastatur spinnt...
    Log-Analyse und Auswertung - 26.01.2009 (1)
  14. Maus bewegt sich von alleine. !!!
    Log-Analyse und Auswertung - 09.10.2008 (1)
  15. Maus bewegt sich von alleine
    Log-Analyse und Auswertung - 07.05.2008 (6)
  16. maus und tastatur spielen verrückt
    Netzwerk und Hardware - 26.04.2007 (1)
  17. maus bewegt sich von alleine...???
    Log-Analyse und Auswertung - 28.01.2006 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema tastatur und maus agiert alleine, sticky keys, einrastfunktion - hallo; ich habe das problem, dass bei meinem computer seit gestern meine tastatur und auch die maus sich selbst umschaltet. davor hatte ich keine probleme, darum tippe ich AUf einen - tastatur und maus agiert alleine, sticky keys, einrastfunktion...
Archiv
Du betrachtest: tastatur und maus agiert alleine, sticky keys, einrastfunktion auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55