![]() |
|
Log-Analyse und Auswertung: Windows 7: Proxy-Server reagiert nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Windows 7: Proxy-Server reagiert nicht Hallo Zusammen, seit einiger Zeit habe ich öfters den Fehler, dass bei Firefox immer wieder die Fehlermeldung "Proxyserver reagiert nicht" kommt. Der Fehler kommt nicht immer und auch nicht bei bestimmten Websites vor. Hier die logfiles: Vielen Dank für die Hilfe! Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 05:31 on 13/08/2014 (HP) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014 Ran by HP (administrator) on HP-PC on 13-08-2014 05:34:47 Running from C:\Users\HP\Desktop\TrojanerBoard Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc.exe (Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc2.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe () C:\Program Files (x86)\iSafe\ipcdl.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeTray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Spotify Ltd) C:\Users\HP\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Dropbox, Inc.) C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPL.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Tlapia) C:\Program Files (x86)\sysTPL\sysTPLService.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6960864 2012-12-25] (Realtek Semiconductor) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] (Microsoft Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-12-11] (Intel Corporation) HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sysTPL] => C:\Program Files (x86)\sysTPL\sysTPL.exe [1244440 2014-03-13] (Tlapia) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3555238676-2185496674-898315862-1000\...\Run: [Spotify] => C:\Users\HP\AppData\Roaming\Spotify\Spotify.exe [5955072 2013-11-17] (Spotify Ltd) HKU\S-1-5-21-3555238676-2185496674-898315862-1000\...\Run: [Spotify Web Helper] => C:\Users\HP\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-17] (Spotify Ltd) HKU\S-1-5-21-3555238676-2185496674-898315862-1000\...\Run: [SSync] => C:\Users\HP\AppData\Roaming\SSync\SSync.exe [36864 2013-04-09] () HKU\S-1-5-21-3555238676-2185496674-898315862-1000\...\Run: [SCheck] => C:\Users\HP\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] () HKU\S-1-5-21-3555238676-2185496674-898315862-1000\...\Run: [Snoozer] => C:\Users\HP\AppData\Roaming\Snz\Snz.exe [1209625 2013-12-24] () HKU\S-1-5-21-3555238676-2185496674-898315862-1000\...\Run: [Intermediate] => C:\Users\HP\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] () HKU\S-1-5-21-3555238676-2185496674-898315862-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-3555238676-2185496674-898315862-1000\...\MountPoints2: {40a8a29e-6d66-11e3-b10b-f4b7e2ace1d4} - E:\SISetup.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8877 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386680568&from=tugs&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFF0185A20D73CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386680568&from=tugs&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX&q={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default FF NewTab: chrome://quick_start/content/index.html FF Homepage: hxxp://www.bild.de/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\searchplugins\bingp.xml FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\searchplugins\fbdownloader_search.xml FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\searchplugins\search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: shortcut - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\Extensions\shortcutff@gmail.com [2014-07-30] FF Extension: Simple New Tab - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\Extensions\snt@dotlabs.co.xpi [2013-12-16] FF Extension: Adblock Plus - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-11] FF HKLM-x32\...\Firefox\Extensions: [shortcutff@gmail.com] - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\extensions\shortcutff@gmail.com FF HKCU\...\Firefox\Extensions: [{4d14b136-5d8b-4df3-8d9c-86b41de6c32d}] - C:\Program Files (x86)\Re-markit\136.xpi FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HomePage: http:\/\/search.fbdownloader.com\/?channel=sfde203fbdgy21 CHR RestoreOnStartup: "http:\/\/search.fbdownloader.com\/?channel=sfde203fbdgy21" CHR NewTab: "chrome-extension:\/\/pmgkeimkiojpjcoiiipekfjaopchhjga\/snt.html", "chrome-extension:\/\/ifohbjbgfchkkfhphahclmkpgejiplfo\/index.html" CHR DefaultSearchKeyword: Search CHR DefaultSearchProvider: Search CHR DefaultSearchURL: http:\/\/search.fbdownloader.com\/search.php?channel=sfde203fbdgy21&q={searchTerms} CHR Extension: (Google Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-10] CHR Extension: (Lightning Newtab) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2014-02-26] CHR Extension: (Google Wallet) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10] CHR Extension: (Extended Protection) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo [2014-06-12] CHR HKLM-x32\...\Chrome\Extension: [ainbkicbloikcngphmjfpjdemblcojdd] - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\slidebar.crx [2014-06-12] CHR HKLM-x32\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-02-26] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation) R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [118048 2014-07-16] (Elex do Brasil Participações Ltda) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor) R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [399640 2014-03-13] (Tlapia) R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [400664 2014-03-13] (Tlapia) R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [425104 2014-02-26] (Taiwan Shui Mu Chih Ching Technology Limited.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation) R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation) R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-12-11] (Intel Corporation) R1 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [247488 2014-07-16] (Elex do Brasil Participações Ltda) R1 iSafeKrnlKit; C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [78016 2014-07-16] (Elex do Brasil Participações Ltda) R1 iSafeKrnlR3; C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [65216 2014-07-16] (Elex do Brasil Participações Ltda) R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [48640 2014-07-09] (Elex do Brasil Participações Ltda) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-12] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 MOSUMAC; C:\Windows\System32\DRIVERS\M7830A64.SYS [48128 2008-07-25] (--) R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation) R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [273040 2012-09-06] (Realtek Semiconductor Corp.) R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.) U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.) S3 iSafeKrnlBoot; \??\system32\DRIVERS\iSafeKrnlBoot.sys [X] S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-13 05:34 - 2014-08-13 05:35 - 00000000 ____D () C:\FRST 2014-08-13 05:31 - 2014-08-13 05:31 - 00000000 _____ () C:\Users\HP\defogger_reenable 2014-08-13 05:30 - 2014-08-13 05:30 - 00050477 _____ () C:\Users\HP\Downloads\Defogger(1).exe 2014-08-13 05:29 - 2014-08-13 05:29 - 00000466 _____ () C:\Users\HP\Downloads\defogger_disable.log 2014-08-13 05:29 - 2014-08-13 05:29 - 00000238 _____ () C:\Users\HP\Downloads\defogger_enable.log 2014-08-13 05:27 - 2014-08-13 05:34 - 00000000 ____D () C:\Users\HP\Desktop\TrojanerBoard 2014-08-13 05:26 - 2014-08-13 05:26 - 00050477 _____ () C:\Users\HP\Downloads\Defogger.exe 2014-08-09 02:44 - 2014-08-09 02:44 - 00000000 ____D () C:\Users\HP\Documents\UNI ERLANGEN 2014-08-06 14:49 - 2014-08-06 14:49 - 00000000 __SHD () C:\Users\HP\AppData\Local\EmieUserList 2014-08-06 14:49 - 2014-08-06 14:49 - 00000000 __SHD () C:\Users\HP\AppData\Local\EmieSiteList 2014-07-31 17:58 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-07-31 17:58 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-07-31 17:58 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-07-31 17:58 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-07-31 17:57 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-07-31 17:57 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-07-31 17:57 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-07-31 17:57 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-07-31 17:57 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-07-31 17:57 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-07-31 17:57 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-07-31 17:57 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-07-31 17:57 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-07-31 17:57 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-07-31 11:09 - 2014-07-31 11:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-13 05:35 - 2014-08-13 05:34 - 00000000 ____D () C:\FRST 2014-08-13 05:34 - 2014-08-13 05:27 - 00000000 ____D () C:\Users\HP\Desktop\TrojanerBoard 2014-08-13 05:32 - 2013-12-10 08:05 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-13 05:31 - 2014-08-13 05:31 - 00000000 _____ () C:\Users\HP\defogger_reenable 2014-08-13 05:31 - 2013-02-22 07:59 - 00000000 ____D () C:\Users\HP 2014-08-13 05:30 - 2014-08-13 05:30 - 00050477 _____ () C:\Users\HP\Downloads\Defogger(1).exe 2014-08-13 05:29 - 2014-08-13 05:29 - 00000466 _____ () C:\Users\HP\Downloads\defogger_disable.log 2014-08-13 05:29 - 2014-08-13 05:29 - 00000238 _____ () C:\Users\HP\Downloads\defogger_enable.log 2014-08-13 05:28 - 2013-06-30 14:04 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Skype 2014-08-13 05:26 - 2014-08-13 05:26 - 00050477 _____ () C:\Users\HP\Downloads\Defogger.exe 2014-08-13 05:17 - 2013-02-22 07:56 - 02015699 _____ () C:\Windows\WindowsUpdate.log 2014-08-13 05:05 - 2012-09-26 02:53 - 00000950 _____ () C:\Windows\SysWOW64\bscs.ini 2014-08-13 05:02 - 2013-06-27 04:42 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI 2014-08-13 05:02 - 2013-06-27 04:42 - 00000088 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI 2014-08-13 05:01 - 2013-12-10 08:03 - 00000000 ____D () C:\Program Files (x86)\iSafe 2014-08-13 04:59 - 2013-06-30 14:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-13 04:57 - 2013-11-11 20:51 - 00000093 _____ () C:\Windows\SysWOW64\REMOTEDEVICE.INI 2014-08-12 09:46 - 2014-06-22 08:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-12 09:45 - 2014-04-06 11:40 - 00000000 ___RD () C:\Users\HP\Dropbox 2014-08-12 09:45 - 2014-04-06 11:30 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Dropbox 2014-08-12 09:45 - 2013-07-27 10:20 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Spotify 2014-08-12 09:44 - 2013-12-10 08:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-12 09:43 - 2009-07-13 23:45 - 00021264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-12 09:43 - 2009-07-13 23:45 - 00021264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-12 09:38 - 2014-02-26 09:52 - 00000000 ____D () C:\Program Files (x86)\WinZipper 2014-08-12 09:35 - 2014-06-18 08:00 - 00004827 _____ () C:\Windows\setupact.log 2014-08-12 09:35 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-09 15:13 - 2013-07-06 10:52 - 00000000 ____D () C:\Users\HP\Documents\Youcam 2014-08-09 09:15 - 2013-06-30 16:33 - 00026112 _____ () C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-08-09 02:44 - 2014-08-09 02:44 - 00000000 ____D () C:\Users\HP\Documents\UNI ERLANGEN 2014-08-07 11:40 - 2010-11-21 01:50 - 00702820 _____ () C:\Windows\system32\perfh007.dat 2014-08-07 11:40 - 2010-11-21 01:50 - 00151326 _____ () C:\Windows\system32\perfc007.dat 2014-08-07 11:40 - 2009-07-14 00:13 - 01630698 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-06 14:49 - 2014-08-06 14:49 - 00000000 __SHD () C:\Users\HP\AppData\Local\EmieUserList 2014-08-06 14:49 - 2014-08-06 14:49 - 00000000 __SHD () C:\Users\HP\AppData\Local\EmieSiteList 2014-08-06 14:38 - 2014-05-04 09:25 - 00000000 ____D () C:\Users\HP\Documents\Studium 2014-07-31 22:47 - 2013-07-27 07:15 - 00000000 ____D () C:\Program Files (x86)\sysTPL 2014-07-31 17:38 - 2014-06-18 08:00 - 00126094 _____ () C:\Windows\PFRO.log 2014-07-31 17:38 - 2013-06-30 11:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-31 11:59 - 2013-12-10 08:04 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup 2014-07-31 11:31 - 2014-06-12 07:38 - 00000000 ____D () C:\Users\HP\AppData\Roaming\337Games 2014-07-31 11:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding 2014-07-31 11:26 - 2013-06-30 14:10 - 00000000 ____D () C:\Users\HP\AppData\Roaming\DataMgr 2014-07-31 11:10 - 2014-07-31 11:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-28 17:52 - 2013-07-12 07:26 - 00000000 ____D () C:\Users\HP\Documents\MEXICO 2014-07-25 16:31 - 2014-04-06 11:40 - 00000970 _____ () C:\Users\HP\Desktop\Dropbox.lnk 2014-07-25 16:31 - 2014-04-06 11:38 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-07-25 08:47 - 2013-07-06 11:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-25 08:47 - 2013-07-06 11:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-25 07:26 - 2013-07-06 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-22 00:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-20 16:46 - 2013-12-10 08:03 - 00000000 ____D () C:\Users\HP\AppData\Roaming\iSafe 2014-07-16 04:39 - 2014-04-22 20:12 - 00045248 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys Some content of TEMP: ==================== C:\Users\HP\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmz4_5a.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-12 06:15 ==================== End Of Log ============================ GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-08-13 06:08:00 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000063 ATA_____ rev.AC90 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\HP\AppData\Local\Temp\pxldipoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003007000 59 bytes [8B, 47, 10, 89, 0C, D0, 85, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 588 fffff8000300703c 81 bytes {IN AL, DX; XOR EBP, EBP; JMP 0x57264} ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\iSafe\ipcdl.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000753b1465 2 bytes [3B, 75] .text C:\Program Files (x86)\iSafe\ipcdl.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000753b14bb 2 bytes [3B, 75] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\SysWOW64\ntdll.dll [848:872] 00000000002b13fe ---- Processes - GMER 2.1 ---- Library C:\Users\HP\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe [4220](2014-07-21 20:53:38) 0000000003c50000 Library c:\users\hp\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmz4_5a.dll (*** suspicious ***) @ C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe [4220](2014-08-12 14:45:17) 0000000004090000 Library C:\Users\HP\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe [4220](2013-10-18 23:55:02) 000000005aec0000 Library C:\Users\HP\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe [4220] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 000000005a530000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2acb05a Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2ace1d4 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2ace1d4@2847aa2bbb93 0xD8 0x1A 0xA0 0x45 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2acb05a (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2ace1d4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2ace1d4@2847aa2bbb93 0xD8 0x1A 0xA0 0x45 ... ---- EOF - GMER 2.1 ---- Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12.08.2014 Scan Time: 09:54:04 Logfile: Malwarebytes.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.12.05 Rootkit Database: v2014.08.04.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: HP Scan Type: Threat Scan Result: Completed Objects Scanned: 336253 Time Elapsed: 15 min, 38 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 5 PUP.Optional.Delta.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX, Good: (www.google.com), Bad: (hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX),Delete-on-Reboot,[b5008342d6a5d56187528c40d82c40c0] PUP.Optional.Delta.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX, Good: (www.google.com), Bad: (hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX),Delete-on-Reboot,[bcf9bd08d3a856e0eaf305c7bd47bb45] PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX, Good: (www.google.com), Bad: (hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX),Delete-on-Reboot,[dcd9cff64536cf674b8e12baae569c64] PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX, Good: (www.google.com), Bad: (hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX),Delete-on-Reboot,[3b7a6c59bdbeb4829d40725a58acac54] PUP.Optional.Delta.A, HKU\S-1-5-21-3555238676-2185496674-898315862-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX, Good: (www.google.com), Bad: (hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX),Replaced,[c5f08f36b6c5bd7936a46d5fde26dd23] Folders: 0 (No malicious items detected) Files: 9 PUP.Optional.QuickStart.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Removal Failed,[773ed1f4dba02a0c63d87586996bd030] PUP.Optional.MySearchDial.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cntry", "MX");), Removal Failed,[bbfa3f86f9828aacc6be30cc62a2e11f] PUP.Optional.MySearchDial.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,1828564131,3396905322,2787570089,1850357963,3855095921,1516386922,3836221436,2015489896,270173904,3729539987,424611005,965674394,609003582,2041931190,3874294282,2774755777,931959409,398575749,3999997753,1104451911,1233863968,4280856088,1554076246,1949401179,1770772786,3253391265,3778438159,1649478750,2848156272,2476712966,3103989719,475488147,1715867073,3594694113,3774606882,4036647035,1593922001,4110151693,2941033654,3206511613");), Removal Failed,[8233c6ff92e93105156f41bbee1602fe] PUP.Optional.MySearchDial.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hdrMd5", "");), Removal Failed,[4f66c0054e2d86b0176d51abe61efe02] PUP.Optional.MySearchDial.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.lastB", "chrome://branding/locale/browserconfig.properties");), Removal Failed,[08ad14b194e7270f671d51abc440728e] PUP.Optional.MySearchDial.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.lastVrsnTs", "");), Removal Failed,[6055f7ce1962f93dd1b3a359729222de] PUP.Optional.MySearchDial.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"96\",\"lastVrsn\":\"96\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");), Removal Failed,[4273269f5526082e236129d3cf35c53b] PUP.Optional.MySearchDial.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.sg", "{smplGrp}");), Removal Failed,[edc8a81ddd9ee1554f35718b52b29e62] PUP.Optional.MySearchDial.A, C:\Users\Party\AppData\Roaming\Mozilla\Firefox\Profiles\yrb97ks2.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_15_ff&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtB0A0C0EtC0DyEtDtCyC0CtN0D0Tzu0SzztBzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtA0F0F0BtB0D0CtGyC0EtAyBtGtB0D0D0BtGzytD0FzztGyCtByCtCzztD0AtCzyyCzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0D0B0F0ByD0EtCtG0FtAtByEtG0EtDtA0EtG0Bzz0DyDtGtC0F0AtC0E0F0DyB0BtCtBtD2Q&cr=1872811687&ir=");), Removal Failed,[1e97fcc9f6856ec8a8110bf136ced12f] Physical Sectors: 0 (No malicious items detected) (end) Geändert von donscholzo (13.08.2014 um 12:28 Uhr) Grund: QUOTE durch CODE ersetzt |
Themen zu Windows 7: Proxy-Server reagiert nicht |
administrator, bonjour, explorer, fehlermeldung, flash player, homepage, lightning, nationzoom, nationzoom entfernen, newtab, proxy-server, pup.optional.delta.a, pup.optional.mysearchdial.a, pup.optional.quickstart.a, security, services.exe, software, spotify web helper, svchost.exe, system, windows, winlogon.exe |