Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7: Proxy-Server reagiert nicht

Windows 7: Proxy-Server reagiert nicht


Log-Analyse und Auswertung: Windows 7: Proxy-Server reagiert nicht

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 13.08.2014, 12:23   #1
donscholzo
 
Windows 7: Proxy-Server reagiert nicht - Standard

Windows 7: Proxy-Server reagiert nicht


Hallo Zusammen,

seit einiger Zeit habe ich öfters den Fehler, dass bei Firefox immer wieder die Fehlermeldung "Proxyserver reagiert nicht" kommt. Der Fehler kommt nicht immer und auch nicht bei bestimmten Websites vor. Hier die logfiles:

Vielen Dank für die Hilfe!

Defogger:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 05:31 on 13/08/2014 (HP)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-08-2014
Ran by HP (administrator) on HP-PC on 13-08-2014 05:34:47
Running from C:\Users\HP\Desktop\TrojanerBoard
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc2.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
() C:\Program Files (x86)\iSafe\ipcdl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\HP\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPL.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Tlapia) C:\Program Files (x86)\sysTPL\sysTPLService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6960864 2012-12-25] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1436224 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-12-11] (Intel Corporation)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sysTPL] => C:\Program Files (x86)\sysTPL\sysTPL.exe [1244440 2014-03-13] (Tlapia)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3555238676-2185496674-898315862-1000\...\Run: [Spotify] => C:\Users\HP\AppData\Roaming\Spotify\Spotify.exe [5955072 2013-11-17] (Spotify Ltd)
HKU\S-1-5-21-3555238676-2185496674-898315862-1000\...\Run: [Spotify Web Helper] => C:\Users\HP\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-11-17] (Spotify Ltd)
HKU\S-1-5-21-3555238676-2185496674-898315862-1000\...\Run: [SSync] => C:\Users\HP\AppData\Roaming\SSync\SSync.exe [36864 2013-04-09] ()
HKU\S-1-5-21-3555238676-2185496674-898315862-1000\...\Run: [SCheck] => C:\Users\HP\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-3555238676-2185496674-898315862-1000\...\Run: [Snoozer] => C:\Users\HP\AppData\Roaming\Snz\Snz.exe [1209625 2013-12-24] ()
HKU\S-1-5-21-3555238676-2185496674-898315862-1000\...\Run: [Intermediate] => C:\Users\HP\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-3555238676-2185496674-898315862-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3555238676-2185496674-898315862-1000\...\MountPoints2: {40a8a29e-6d66-11e3-b10b-f4b7e2ace1d4} - E:\SISetup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8877
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1386680568&from=tugs&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFF0185A20D73CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1386680568&from=tugs&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1262.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: hxxp://www.bild.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\searchplugins\fbdownloader_search.xml
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\searchplugins\search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: shortcut - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\Extensions\shortcutff@gmail.com [2014-07-30]
FF Extension: Simple New Tab - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\Extensions\snt@dotlabs.co.xpi [2013-12-16]
FF Extension: Adblock Plus - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-11]
FF HKLM-x32\...\Firefox\Extensions: [shortcutff@gmail.com] - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\extensions\shortcutff@gmail.com
FF HKCU\...\Firefox\Extensions: [{4d14b136-5d8b-4df3-8d9c-86b41de6c32d}] - C:\Program Files (x86)\Re-markit\136.xpi
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: http:\/\/search.fbdownloader.com\/?channel=sfde203fbdgy21
CHR RestoreOnStartup: "http:\/\/search.fbdownloader.com\/?channel=sfde203fbdgy21"
CHR NewTab: "chrome-extension:\/\/pmgkeimkiojpjcoiiipekfjaopchhjga\/snt.html",
				"chrome-extension:\/\/ifohbjbgfchkkfhphahclmkpgejiplfo\/index.html"
CHR DefaultSearchKeyword: Search
CHR DefaultSearchProvider: Search
CHR DefaultSearchURL: http:\/\/search.fbdownloader.com\/search.php?channel=sfde203fbdgy21&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-10]
CHR Extension: (Lightning Newtab) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2014-02-26]
CHR Extension: (Google Wallet) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-10]
CHR Extension: (Extended Protection) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo [2014-06-12]
CHR HKLM-x32\...\Chrome\Extension: [ainbkicbloikcngphmjfpjdemblcojdd] - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\slidebar.crx [2014-06-12]
CHR HKLM-x32\...\Chrome\Extension: [ogfjmhfnldnajmfaofeiaepghjenbgjo] - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx [2014-02-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [118048 2014-07-16] (Elex do Brasil Participações Ltda)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
R2 sysTPLMonitor.exe; C:\Program Files (x86)\sysTPL\sysTPLMonitor.exe [399640 2014-03-13] (Tlapia)
R2 sysTPLService.exe; C:\Program Files (x86)\sysTPL\sysTPLService.exe [400664 2014-03-13] (Tlapia)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [425104 2014-02-26] (Taiwan Shui Mu Chih Ching Technology Limited.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-12-11] (Intel Corporation)
R1 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [247488 2014-07-16] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [78016 2014-07-16] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [65216 2014-07-16] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [48640 2014-07-09] (Elex do Brasil Participações Ltda)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 MOSUMAC; C:\Windows\System32\DRIVERS\M7830A64.SYS [48128 2008-07-25] (--)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [273040 2012-09-06] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 iSafeKrnlBoot; \??\system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 05:34 - 2014-08-13 05:35 - 00000000 ____D () C:\FRST
2014-08-13 05:31 - 2014-08-13 05:31 - 00000000 _____ () C:\Users\HP\defogger_reenable
2014-08-13 05:30 - 2014-08-13 05:30 - 00050477 _____ () C:\Users\HP\Downloads\Defogger(1).exe
2014-08-13 05:29 - 2014-08-13 05:29 - 00000466 _____ () C:\Users\HP\Downloads\defogger_disable.log
2014-08-13 05:29 - 2014-08-13 05:29 - 00000238 _____ () C:\Users\HP\Downloads\defogger_enable.log
2014-08-13 05:27 - 2014-08-13 05:34 - 00000000 ____D () C:\Users\HP\Desktop\TrojanerBoard
2014-08-13 05:26 - 2014-08-13 05:26 - 00050477 _____ () C:\Users\HP\Downloads\Defogger.exe
2014-08-09 02:44 - 2014-08-09 02:44 - 00000000 ____D () C:\Users\HP\Documents\UNI ERLANGEN
2014-08-06 14:49 - 2014-08-06 14:49 - 00000000 __SHD () C:\Users\HP\AppData\Local\EmieUserList
2014-08-06 14:49 - 2014-08-06 14:49 - 00000000 __SHD () C:\Users\HP\AppData\Local\EmieSiteList
2014-07-31 17:58 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-31 17:58 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-31 17:58 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-31 17:58 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-31 17:57 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-31 17:57 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-31 17:57 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-31 17:57 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-31 17:57 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-31 17:57 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-31 17:57 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-31 17:57 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-31 17:57 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-31 17:57 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-31 11:09 - 2014-07-31 11:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 05:35 - 2014-08-13 05:34 - 00000000 ____D () C:\FRST
2014-08-13 05:34 - 2014-08-13 05:27 - 00000000 ____D () C:\Users\HP\Desktop\TrojanerBoard
2014-08-13 05:32 - 2013-12-10 08:05 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-13 05:31 - 2014-08-13 05:31 - 00000000 _____ () C:\Users\HP\defogger_reenable
2014-08-13 05:31 - 2013-02-22 07:59 - 00000000 ____D () C:\Users\HP
2014-08-13 05:30 - 2014-08-13 05:30 - 00050477 _____ () C:\Users\HP\Downloads\Defogger(1).exe
2014-08-13 05:29 - 2014-08-13 05:29 - 00000466 _____ () C:\Users\HP\Downloads\defogger_disable.log
2014-08-13 05:29 - 2014-08-13 05:29 - 00000238 _____ () C:\Users\HP\Downloads\defogger_enable.log
2014-08-13 05:28 - 2013-06-30 14:04 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Skype
2014-08-13 05:26 - 2014-08-13 05:26 - 00050477 _____ () C:\Users\HP\Downloads\Defogger.exe
2014-08-13 05:17 - 2013-02-22 07:56 - 02015699 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 05:05 - 2012-09-26 02:53 - 00000950 _____ () C:\Windows\SysWOW64\bscs.ini
2014-08-13 05:02 - 2013-06-27 04:42 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-08-13 05:02 - 2013-06-27 04:42 - 00000088 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-08-13 05:01 - 2013-12-10 08:03 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-08-13 04:59 - 2013-06-30 14:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-13 04:57 - 2013-11-11 20:51 - 00000093 _____ () C:\Windows\SysWOW64\REMOTEDEVICE.INI
2014-08-12 09:46 - 2014-06-22 08:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 09:45 - 2014-04-06 11:40 - 00000000 ___RD () C:\Users\HP\Dropbox
2014-08-12 09:45 - 2014-04-06 11:30 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Dropbox
2014-08-12 09:45 - 2013-07-27 10:20 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Spotify
2014-08-12 09:44 - 2013-12-10 08:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-12 09:43 - 2009-07-13 23:45 - 00021264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-12 09:43 - 2009-07-13 23:45 - 00021264 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-12 09:38 - 2014-02-26 09:52 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2014-08-12 09:35 - 2014-06-18 08:00 - 00004827 _____ () C:\Windows\setupact.log
2014-08-12 09:35 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-09 15:13 - 2013-07-06 10:52 - 00000000 ____D () C:\Users\HP\Documents\Youcam
2014-08-09 09:15 - 2013-06-30 16:33 - 00026112 _____ () C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-09 02:44 - 2014-08-09 02:44 - 00000000 ____D () C:\Users\HP\Documents\UNI ERLANGEN
2014-08-07 11:40 - 2010-11-21 01:50 - 00702820 _____ () C:\Windows\system32\perfh007.dat
2014-08-07 11:40 - 2010-11-21 01:50 - 00151326 _____ () C:\Windows\system32\perfc007.dat
2014-08-07 11:40 - 2009-07-14 00:13 - 01630698 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-06 14:49 - 2014-08-06 14:49 - 00000000 __SHD () C:\Users\HP\AppData\Local\EmieUserList
2014-08-06 14:49 - 2014-08-06 14:49 - 00000000 __SHD () C:\Users\HP\AppData\Local\EmieSiteList
2014-08-06 14:38 - 2014-05-04 09:25 - 00000000 ____D () C:\Users\HP\Documents\Studium
2014-07-31 22:47 - 2013-07-27 07:15 - 00000000 ____D () C:\Program Files (x86)\sysTPL
2014-07-31 17:38 - 2014-06-18 08:00 - 00126094 _____ () C:\Windows\PFRO.log
2014-07-31 17:38 - 2013-06-30 11:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-31 11:59 - 2013-12-10 08:04 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-07-31 11:31 - 2014-06-12 07:38 - 00000000 ____D () C:\Users\HP\AppData\Roaming\337Games
2014-07-31 11:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Branding
2014-07-31 11:26 - 2013-06-30 14:10 - 00000000 ____D () C:\Users\HP\AppData\Roaming\DataMgr
2014-07-31 11:10 - 2014-07-31 11:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-28 17:52 - 2013-07-12 07:26 - 00000000 ____D () C:\Users\HP\Documents\MEXICO
2014-07-25 16:31 - 2014-04-06 11:40 - 00000970 _____ () C:\Users\HP\Desktop\Dropbox.lnk
2014-07-25 16:31 - 2014-04-06 11:38 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 08:47 - 2013-07-06 11:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 08:47 - 2013-07-06 11:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 07:26 - 2013-07-06 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-22 00:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-20 16:46 - 2013-12-10 08:03 - 00000000 ____D () C:\Users\HP\AppData\Roaming\iSafe
2014-07-16 04:39 - 2014-04-22 20:12 - 00045248 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys

Some content of TEMP:
====================
C:\Users\HP\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmz4_5a.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-12 06:15

==================== End Of Log ============================
--- --- ---


GMER:

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-13 06:08:00
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000063 ATA_____ rev.AC90 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\HP\AppData\Local\Temp\pxldipoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                             fffff80003007000 59 bytes [8B, 47, 10, 89, 0C, D0, 85, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 588                                                                                                                                             fffff8000300703c 81 bytes {IN AL, DX; XOR EBP, EBP; JMP 0x57264}

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\iSafe\ipcdl.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                           00000000753b1465 2 bytes [3B, 75]
.text     C:\Program Files (x86)\iSafe\ipcdl.exe[3524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                          00000000753b14bb 2 bytes [3B, 75]
.text     ...                                                                                                                                                                                                            * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\SysWOW64\ntdll.dll [848:872]                                                                                                                                                                        00000000002b13fe
---- Processes - GMER 2.1 ----

Library   C:\Users\HP\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe [4220](2014-07-21 20:53:38)                                                0000000003c50000
Library   c:\users\hp\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmz4_5a.dll (*** suspicious ***) @ C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe [4220](2014-08-12 14:45:17)  0000000004090000
Library   C:\Users\HP\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe [4220](2013-10-18 23:55:02)                                                      000000005aec0000
Library   C:\Users\HP\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe [4220] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00)                        000000005a530000

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2acb05a                                                                                                                                    
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2ace1d4                                                                                                                                    
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2ace1d4@2847aa2bbb93                                                                                                                       0xD8 0x1A 0xA0 0x45 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2acb05a (not active ControlSet)                                                                                                                
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2ace1d4 (not active ControlSet)                                                                                                                
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2ace1d4@2847aa2bbb93                                                                                                                           0xD8 0x1A 0xA0 0x45 ...

---- EOF - GMER 2.1 ----
Malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 12.08.2014
Scan Time: 09:54:04
Logfile: Malwarebytes.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.12.05
Rootkit Database: v2014.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: HP

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 336253
Time Elapsed: 15 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 5
PUP.Optional.Delta.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX, Good: (www.google.com), Bad: (hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX),Delete-on-Reboot,[b5008342d6a5d56187528c40d82c40c0]
PUP.Optional.Delta.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX, Good: (www.google.com), Bad: (hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX),Delete-on-Reboot,[bcf9bd08d3a856e0eaf305c7bd47bb45]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX, Good: (www.google.com), Bad: (hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX),Delete-on-Reboot,[dcd9cff64536cf674b8e12baae569c64]
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX, Good: (www.google.com), Bad: (hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX),Delete-on-Reboot,[3b7a6c59bdbeb4829d40725a58acac54]
PUP.Optional.Delta.A, HKU\S-1-5-21-3555238676-2185496674-898315862-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX, Good: (www.google.com), Bad: (hxxp://www.delta-homes.com/?type=hp&ts=1402576632&from=wpm0612&uid=HGSTXHTS545050A7E380_TW8513L90AAWXP0AAWXPX),Replaced,[c5f08f36b6c5bd7936a46d5fde26dd23]

Folders: 0
(No malicious items detected)

Files: 9
PUP.Optional.QuickStart.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Removal Failed,[773ed1f4dba02a0c63d87586996bd030]
PUP.Optional.MySearchDial.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.cntry", "MX");), Removal Failed,[bbfa3f86f9828aacc6be30cc62a2e11f]
PUP.Optional.MySearchDial.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,1828564131,3396905322,2787570089,1850357963,3855095921,1516386922,3836221436,2015489896,270173904,3729539987,424611005,965674394,609003582,2041931190,3874294282,2774755777,931959409,398575749,3999997753,1104451911,1233863968,4280856088,1554076246,1949401179,1770772786,3253391265,3778438159,1649478750,2848156272,2476712966,3103989719,475488147,1715867073,3594694113,3774606882,4036647035,1593922001,4110151693,2941033654,3206511613");), Removal Failed,[8233c6ff92e93105156f41bbee1602fe]
PUP.Optional.MySearchDial.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.hdrMd5", "");), Removal Failed,[4f66c0054e2d86b0176d51abe61efe02]
PUP.Optional.MySearchDial.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.lastB", "chrome://branding/locale/browserconfig.properties");), Removal Failed,[08ad14b194e7270f671d51abc440728e]
PUP.Optional.MySearchDial.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.lastVrsnTs", "");), Removal Failed,[6055f7ce1962f93dd1b3a359729222de]
PUP.Optional.MySearchDial.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"96\",\"lastVrsn\":\"96\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");), Removal Failed,[4273269f5526082e236129d3cf35c53b]
PUP.Optional.MySearchDial.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8h2jagw8.default\prefs.js, Good: (), Bad: (user_pref("extensions.mysearchdial.sg", "{smplGrp}");), Removal Failed,[edc8a81ddd9ee1554f35718b52b29e62]
PUP.Optional.MySearchDial.A, C:\Users\Party\AppData\Roaming\Mozilla\Firefox\Profiles\yrb97ks2.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=ir_14_15_ff&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtB0A0C0EtC0DyEtDtCyC0CtN0D0Tzu0SzztBzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StCtA0F0F0BtB0D0CtGyC0EtAyBtGtB0D0D0BtGzytD0FzztGyCtByCtCzztD0AtCzyyCzy0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0D0B0F0ByD0EtCtG0FtAtByEtG0EtDtA0EtG0Bzz0DyDtGtC0F0AtC0E0F0DyB0BtCtBtD2Q&cr=1872811687&ir=");), Removal Failed,[1e97fcc9f6856ec8a8110bf136ced12f]

Physical Sectors: 0
(No malicious items detected)


(end)
Geändert von donscholzo (13.08.2014 um 12:28 Uhr) Grund: QUOTE durch CODE ersetzt

 

Themen zu Windows 7: Proxy-Server reagiert nicht
administrator, bonjour, explorer, fehlermeldung, flash player, homepage, lightning, nationzoom, nationzoom entfernen, newtab, proxy-server, pup.optional.delta.a, pup.optional.mysearchdial.a, pup.optional.quickstart.a, security, services.exe, software, spotify web helper, svchost.exe, system, windows, winlogon.exe


« Windows 7: unregelmäßige Tasterturverzögerungen + unregelmäßiges Freeze | PC friert ein Windows 8.1 »


Ähnliche Themen: Windows 7: Proxy-Server reagiert nicht


  1. Problem mit Proxy-Server
    Log-Analyse und Auswertung - 12.02.2015 (22)
  2. Windows 7 - Fehler Proxy Server
    Plagegeister aller Art und deren Bekämpfung - 15.01.2015 (11)
  3. Proxy server Problem: Einige Seiten lassen sich nicht öffnen
    Netzwerk und Hardware - 09.01.2015 (1)
  4. Windows 7: Internet: Proxy-Server verweigert die Verbindung
    Log-Analyse und Auswertung - 19.09.2014 (15)
  5. Proxy Server Einstellungen geändert
    Plagegeister aller Art und deren Bekämpfung - 28.08.2014 (9)
  6. Proxy-Server verweigert die Verbindung
    Plagegeister aller Art und deren Bekämpfung - 19.08.2014 (15)
  7. Proxy Server Einstellung 127.0.0.1
    Plagegeister aller Art und deren Bekämpfung - 08.07.2014 (13)
  8. Verbindung zum Proxy Server kann nicht hergestellt werden
    Log-Analyse und Auswertung - 06.07.2014 (3)
  9. Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung
    Log-Analyse und Auswertung - 22.04.2014 (23)
  10. proxy server verweigert die verbindung
    Log-Analyse und Auswertung - 14.04.2014 (12)
  11. Windows 7: Trojaner Proxy-Server 127.0.0.1 Port: 8877
    Log-Analyse und Auswertung - 09.04.2014 (19)
  12. Firefox: Verbindung zum Proxy Server kann nicht hergestellt werden
    Plagegeister aller Art und deren Bekämpfung - 20.02.2014 (3)
  13. Proxy Server verweigert die Verbindung
    Mülltonne - 27.10.2013 (3)
  14. Proxy-Server Problem
    Log-Analyse und Auswertung - 20.04.2013 (30)
  15. Was loggt ein Proxy Server?
    Überwachung, Datenschutz und Spam - 26.12.2009 (21)
  16. Trojaner durch Proxy-Server?
    Plagegeister aller Art und deren Bekämpfung - 25.11.2009 (1)
  17. proxy server
    Antiviren-, Firewall- und andere Schutzprogramme - 31.05.2008 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7: Proxy-Server reagiert nicht - Hallo Zusammen, seit einiger Zeit habe ich öfters den Fehler, dass bei Firefox immer wieder die Fehlermeldung "Proxyserver reagiert nicht" kommt. Der Fehler kommt nicht immer und auch nicht bei - Windows 7: Proxy-Server reagiert nicht...
Archiv
Du betrachtest: Windows 7: Proxy-Server reagiert nicht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131