lenua.de Script im Firefox ?
Hallo zusammen,
irgendwas muss sich mein Firefox eingefangen haben :/ Folgendes Problem:
Ab und an kommt es vor, dass auf einigen (völlig verschiedenen) Seiten mein Firefox versucht zu "lenua.de" zu connecten.
Erkennbar am installierten NoScript, welches dann ab und an aufploppt und meldet lenua.de wurde geblockt.
Nun habe ich mir heute Abend eine neue Festplatte (SSD) eingebaut und bisher lediglich das Firefox profil kopiert & siehe da: Firefox versucht direkt wieder das "Script lenua.de" auszuführen.
Könnt ihr mir helfen zu schauen, was hier los ist? Der Virenscan auf der alten Platte brachte leider keinen Erfolg :|
Vorneweg mal die Erweiterungen die ich im Firefox installiert habe, kennen tu ich alle bis auf "Browser-Security 1.0.6" und würde auch bei allen davon ausgehen, dass sie "save" sind. Code:
- Adblock Plus
- anonymox
- Browser-Security 1.0.6
- Diablo 3 profile +
- DownThemAll!
- Firecookie
- Ghostery
- Greasemonkey
- NoScript
- pulse
- Qipu Cashbackmelder
- Stylish
In Greasemonkey sind lediglich Skripte, die ich allesamt kenne und mir sicher bin, dass sie "save" sind.
Anbei noch die Logfiles wie im Thread beschrieben: Defogger Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:44 on 21/07/2015 (Explo)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Frst.txt
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Explo (administrator) on DIRKSPC on 21-07-2015 00:46:30
Running from C:\Users\Explo\Downloads
Loaded Profiles: Explo (Available Profiles: Explo)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\RunOnce: [LaunchWUApp] => C:\AMD\WU-CCC2\ccc2_install\LaunchWLApp.bat [73 2014-07-01] ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-633568819-157169813-1548094104-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E522206A-86AA-4D2D-BB6A-C8C514A38261}: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddmpts.default
FF user.js: detected! => C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddmpts.default\user.js [2015-07-18]
FF Extension: Avira Browser Safety - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddmpts.default\Extensions\abs@avira.com [2015-07-21]
FF Extension: anonymoX - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddmpts.default\Extensions\client@anonymox.net.xpi [2015-07-21]
FF Extension: Firecookie - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddmpts.default\Extensions\firecookie@janodvarko.cz.xpi [2015-07-21]
FF Extension: Browser-Security - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddmpts.default\Extensions\firefox@browser-security.de.xpi [2015-07-21]
FF Extension: Ghostery - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddmpts.default\Extensions\firefox@ghostery.com.xpi [2015-07-21]
FF Extension: Diablo 3 profile + - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddmpts.default\Extensions\jid1-M4HE20OYnEIt5A@jetpack.xpi [2015-07-21]
FF Extension: Snap Links Plus - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddmpts.default\Extensions\snaplinks@snaplinks.mozdev.org.xpi [2015-07-21]
FF Extension: Qipu Cashbackmelder open beta - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddmpts.default\Extensions\toolbar@qipu.de.xpi [2015-07-21]
FF Extension: pulse - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddmpts.default\Extensions\{18ad14ea-d68a-4cde-9676-0e33d62e18d3}.xpi [2015-07-21]
FF Extension: Stylish - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddmpts.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-07-21]
FF Extension: NoScript - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddmpts.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-07-21]
FF Extension: Adblock Plus - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddmpts.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-21]
FF Extension: DownThemAll! - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddmpts.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-07-21]
FF Extension: Greasemonkey - C:\Users\Explo\AppData\Roaming\Mozilla\Firefox\Profiles\e3ddmpts.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-07-21]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-24] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-21 01:23 - 2015-07-21 00:28 - 00000000 ____D C:\Windows\Panther
2015-07-21 00:46 - 2015-07-21 00:46 - 00005250 _____ C:\Users\Explo\Downloads\FRST.txt
2015-07-21 00:46 - 2015-07-21 00:46 - 00000000 ____D C:\FRST
2015-07-21 00:45 - 2015-07-21 00:45 - 02135552 _____ (Farbar) C:\Users\Explo\Downloads\FRST64.exe
2015-07-21 00:44 - 2015-07-21 00:44 - 00000472 _____ C:\Users\Explo\Downloads\defogger_disable.log
2015-07-21 00:44 - 2015-07-21 00:44 - 00000000 _____ C:\Users\Explo\defogger_reenable
2015-07-21 00:43 - 2015-07-21 00:43 - 00050477 _____ C:\Users\Explo\Downloads\Defogger.exe
2015-07-21 00:33 - 2015-07-21 00:33 - 00060817 _____ C:\Windows\SysWOW64\CCCInstall_201507210033064640.log
2015-07-21 00:33 - 2015-07-21 00:33 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-633568819-157169813-1548094104-1001
2015-07-21 00:33 - 2015-07-21 00:33 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-07-21 00:33 - 2015-07-21 00:33 - 00000000 ____D C:\Users\Explo\AppData\Roaming\Mozilla
2015-07-21 00:33 - 2015-07-21 00:33 - 00000000 ____D C:\Users\Explo\AppData\Local\Mozilla
2015-07-21 00:33 - 2015-07-21 00:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-07-21 00:32 - 2015-07-21 00:32 - 00001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-21 00:32 - 2015-07-21 00:32 - 00001159 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-21 00:32 - 2015-07-21 00:32 - 00000000 __SHD C:\Users\Explo\AppData\Local\EmieUserList
2015-07-21 00:32 - 2015-07-21 00:32 - 00000000 __SHD C:\Users\Explo\AppData\Local\EmieSiteList
2015-07-21 00:32 - 2015-07-21 00:32 - 00000000 ____D C:\Users\Explo\AppData\Roaming\Macromedia
2015-07-21 00:32 - 2015-07-21 00:32 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-21 00:32 - 2015-07-21 00:32 - 00000000 ____D C:\ProgramData\Mozilla
2015-07-21 00:32 - 2015-07-21 00:32 - 00000000 ____D C:\Program Files\ATI Technologies
2015-07-21 00:32 - 2015-07-21 00:32 - 00000000 ____D C:\Program Files\AMD
2015-07-21 00:32 - 2015-07-21 00:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-21 00:32 - 2015-07-21 00:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-21 00:32 - 2015-07-21 00:32 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-07-21 00:32 - 2015-07-21 00:32 - 00000000 ____D C:\AMD
2015-07-21 00:32 - 2015-07-21 00:32 - 00000000 _____ C:\Windows\ativpsrm.bin
2015-07-21 00:31 - 2015-07-21 00:31 - 00000000 ____D C:\Users\Explo\AppData\Local\GWX
2015-07-21 00:28 - 2015-07-21 00:44 - 00000000 ____D C:\Users\Explo
2015-07-21 00:28 - 2015-07-21 00:28 - 00001450 _____ C:\Users\Explo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-21 00:28 - 2015-07-21 00:28 - 00000020 ___SH C:\Users\Explo\ntuser.ini
2015-07-21 00:28 - 2015-07-21 00:28 - 00000000 _SHDL C:\Users\Explo\Vorlagen
2015-07-21 00:28 - 2015-07-21 00:28 - 00000000 _SHDL C:\Users\Explo\Startmenü
2015-07-21 00:28 - 2015-07-21 00:28 - 00000000 _SHDL C:\Users\Explo\Netzwerkumgebung
2015-07-21 00:28 - 2015-07-21 00:28 - 00000000 _SHDL C:\Users\Explo\Lokale Einstellungen
2015-07-21 00:28 - 2015-07-21 00:28 - 00000000 _SHDL C:\Users\Explo\Eigene Dateien
2015-07-21 00:28 - 2015-07-21 00:28 - 00000000 _SHDL C:\Users\Explo\Druckumgebung
2015-07-21 00:28 - 2015-07-21 00:28 - 00000000 _SHDL C:\Users\Explo\Documents\Eigene Musik
2015-07-21 00:28 - 2015-07-21 00:28 - 00000000 _SHDL C:\Users\Explo\Documents\Eigene Bilder
2015-07-21 00:28 - 2015-07-21 00:28 - 00000000 _SHDL C:\Users\Explo\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-21 00:28 - 2015-07-21 00:28 - 00000000 _SHDL C:\Users\Explo\AppData\Local\Verlauf
2015-07-21 00:28 - 2015-07-21 00:28 - 00000000 _SHDL C:\Users\Explo\AppData\Local\Anwendungsdaten
2015-07-21 00:28 - 2015-07-21 00:28 - 00000000 _SHDL C:\Users\Explo\Anwendungsdaten
2015-07-21 00:28 - 2015-07-21 00:28 - 00000000 ____D C:\Users\Explo\AppData\Roaming\Adobe
2015-07-21 00:28 - 2015-07-21 00:28 - 00000000 ____D C:\Users\Explo\AppData\Local\VirtualStore
2015-07-21 00:28 - 2015-07-21 00:28 - 00000000 ____D C:\Users\Explo\AppData\Local\Packages
2015-07-21 00:28 - 2014-09-24 09:43 - 00000000 ___RD C:\Users\Explo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-21 00:28 - 2014-09-24 09:43 - 00000000 ___RD C:\Users\Explo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-21 00:28 - 2014-09-24 08:18 - 00000369 _____ C:\Users\Explo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-21 00:28 - 2014-09-24 08:18 - 00000369 _____ C:\Users\Explo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-21 00:28 - 2013-08-22 17:36 - 00000000 ___RD C:\Users\Explo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-21 00:28 - 2013-08-22 17:36 - 00000000 ____D C:\Users\Explo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-21 00:27 - 2015-07-21 00:27 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-21 00:27 - 2015-07-21 00:27 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-21 00:26 - 2015-07-21 00:32 - 00422721 _____ C:\Windows\WindowsUpdate.log
2015-07-21 00:26 - 2015-07-09 21:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-21 00:26 - 2015-07-09 20:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-21 00:26 - 2015-07-09 18:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-21 00:26 - 2015-07-09 17:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-21 00:26 - 2015-07-09 17:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-21 00:26 - 2015-07-09 17:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-21 00:26 - 2015-07-09 17:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-21 00:26 - 2015-07-09 17:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-21 00:26 - 2015-07-09 17:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-21 00:26 - 2015-07-09 17:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-21 00:26 - 2015-07-09 17:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-21 00:26 - 2015-07-09 17:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-21 00:26 - 2015-07-09 17:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-21 00:26 - 2015-06-27 05:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-21 00:26 - 2015-06-27 05:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-21 00:26 - 2015-06-27 04:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-21 00:26 - 2015-06-02 19:47 - 02502928 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-07-21 00:26 - 2015-06-02 19:47 - 02209080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-07-21 00:26 - 2015-06-02 19:47 - 00129120 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe
2015-07-21 00:26 - 2015-06-02 19:47 - 00110576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
2015-07-21 00:26 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-21 00:26 - 2015-03-14 02:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-07-21 00:26 - 2014-10-18 08:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Users\Default\Vorlagen
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Users\Default\Startmenü
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Programme
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\ProgramData\Vorlagen
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\ProgramData\Startmenü
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\ProgramData\Dokumente
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2015-07-21 00:24 - 2015-07-21 00:24 - 00000000 _SHDL C:\Dokumente und Einstellungen
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-21 01:21 - 2013-08-22 17:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2015-07-21 00:37 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-21 00:34 - 2014-09-24 08:17 - 01686150 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-21 00:34 - 2014-09-24 07:43 - 00727930 _____ C:\Windows\system32\perfh007.dat
2015-07-21 00:34 - 2014-09-24 07:43 - 00151586 _____ C:\Windows\system32\perfc007.dat
2015-07-21 00:33 - 2013-08-22 16:46 - 00012806 _____ C:\Windows\setupact.log
2015-07-21 00:28 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-21 00:27 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-21 00:26 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-07-21 00:24 - 2013-08-22 17:37 - 00002664 _____ C:\Windows\DtcInstall.log
2015-07-21 00:24 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Recovery
2015-07-21 00:24 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows NT
2015-07-21 00:24 - 2013-08-22 15:36 - 00000000 __RHD C:\Users\Default
2015-07-21 00:24 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-21 00:23 - 2014-09-23 23:06 - 00002468 _____ C:\Windows\PFRO.log
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-21 00:23
==================== End of log ============================
--- --- ---
Addition.txt
[CODE]Additional
FRST Logfile: Code:
scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Explo at 2015-07-21 00:46:47
Running from C:\Users\Explo\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-633568819-157169813-1548094104-500 - Administrator - Disabled)
Explo (S-1-5-21-633568819-157169813-1548094104-1001 - Administrator - Enabled) => C:\Users\Explo
Gast (S-1-5-21-633568819-157169813-1548094104-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
21-07-2015 00:26:50 Windows Modules Installer
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (Whitelisted) ==============
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-633568819-157169813-1548094104-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme1\img1.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9BA7F4F5-7BF7-4515-A1D1-B432828A1C1B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EED991A0-3DD9-438C-A5C4-62EDCA2981AA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (07/21/2015 12:32:07 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (07/21/2015 12:32:07 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 43. Der Windows-SChannel-Fehlerstatus lautet: 252.
Error: (07/21/2015 12:28:37 AM) (Source: BTHUSB) (EventID: 5) (User: )
Description: Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe erwartet, das aber nicht empfangen wurde.
Error: (07/21/2015 12:24:14 AM) (Source: BTHUSB) (EventID: 5) (User: )
Description: Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe erwartet, das aber nicht empfangen wurde.
Error: (07/21/2015 12:23:33 AM) (Source: BTHUSB) (EventID: 5) (User: )
Description: Der Bluetooth-Treiber hat ein HCI-Ereignis mit einer bestimmten Größe erwartet, das aber nicht empfangen wurde.
Error: (07/21/2015 12:23:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Netzwerklistendienst" wurde mit folgendem Fehler beendet:
%%21
Error: (07/21/2015 12:23:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IP-Hilfsdienst" wurde mit folgendem Fehler beendet:
%%1058
Error: (07/21/2015 12:23:11 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Microsoft Office:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 17%
Total physical RAM: 8139.28 MB
Available physical RAM: 6702.5 MB
Total Virtual: 10059.28 MB
Available Virtual: 8489.37 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:237.96 GB) (Free:219.97 GB) NTFS
Drive e: (TOSHIBA EXT) (Fixed) (Total:1397.26 GB) (Free:944.01 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 1397.3 GB) (Disk ID: 7386B81F)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
==================== End of log ============================
--- --- ---
Gmer.txt Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-21 00:53:01
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000030 TS256GSSD370 rev.20140516 238,47GB
Running: Gmer-19357.exe; Driver: C:\Users\Explo\AppData\Local\Temp\kxldapoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Windows Defender\MsMpEng.exe[1384] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 506 00007ffeed7f169a 4 bytes [7F, ED, FE, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1384] C:\Windows\system32\psapi.dll!GetModuleBaseNameA + 514 00007ffeed7f16a2 4 bytes [7F, ED, FE, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1384] C:\Windows\system32\psapi.dll!QueryWorkingSet + 118 00007ffeed7f181a 4 bytes [7F, ED, FE, 7F]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1384] C:\Windows\system32\psapi.dll!QueryWorkingSet + 142 00007ffeed7f1832 4 bytes [7F, ED, FE, 7F]
.text C:\Windows\system32\atiesrxx.exe[2768] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffeed7f169a 4 bytes [7F, ED, FE, 7F]
.text C:\Windows\system32\atiesrxx.exe[2768] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffeed7f16a2 4 bytes [7F, ED, FE, 7F]
.text C:\Windows\system32\atiesrxx.exe[2768] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffeed7f181a 4 bytes [7F, ED, FE, 7F]
.text C:\Windows\system32\atiesrxx.exe[2768] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffeed7f1832 4 bytes [7F, ED, FE, 7F]
.text C:\Windows\system32\atieclxx.exe[2760] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffeed7f169a 4 bytes [7F, ED, FE, 7F]
.text C:\Windows\system32\atieclxx.exe[2760] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffeed7f16a2 4 bytes [7F, ED, FE, 7F]
.text C:\Windows\system32\atieclxx.exe[2760] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffeed7f181a 4 bytes [7F, ED, FE, 7F]
.text C:\Windows\system32\atieclxx.exe[2760] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffeed7f1832 4 bytes [7F, ED, FE, 7F]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [516:1988] fffff9600093db90
---- EOF - GMER 2.1 ----
Vielen Dank im Vorraus für eure Hilfe!!!
Bg
Explo
Edit: Ich hoffe es gibt die Möglichkeit ohne Neuinstallation / Profil löschen.. Da steckt eine Menge Arbeit und Liebe in Passwörtern, Lesezeichen & co :| |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
So funktioniert es: