LenovoRetten | 13.03.2015 21:22 | Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by 187 at 2015-03-13 20:52:28
Running from D:\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
ABBYY FineReader 10 Corporate Edition (HKLM-x32\...\{F1000000-0001-0000-0000-074957833700}) (Version: 10.501.154.7211 - ABBYY)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe PDF iFilter 9 for 64-bit platforms (HKLM\...\{5EA12CF3-8162-47F6-ACAF-45AD03EFB08F}) (Version: 9.0.0 - Adobe)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.8.42.71502 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.8.42.71502 - Alcor Micro Corp.) Hidden
Amazon Cloud Player (HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Amazon Amazon Cloud Player) (Version: 2.3.0.422 - Amazon Services LLC)
Amazon MP3-Downloader 1.0.18 (HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.)
Bing HRS Toolbar (HKLM-x32\...\{3E2C0025-D900-40F2-A819-D97CE1D48C43}) (Version: 3.15.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.20 - Broadcom Corporation)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.68.1077 - AB Team, d.o.o.)
calibre 64bit (HKLM\...\{022ED169-3871-4D3E-963E-322226C5F455}) (Version: 2.13.0 - Kovid Goyal)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.2.0.11 - Swiss Academic Software)
Copy (HKLM\...\{92AA1305-04A1-4931-9B08-52FF52B171AE}) (Version: 1.37.546.0 - Barracuda Networks, Inc.)
CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version: - CyberGhost S.R.L.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
doubleTwist Sync (HKLM-x32\...\doubleTwist) (Version: 4.0.2.18828 - doubleTwist Corporation)
Dropbox (HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Easy Phone Sync (HKLM-x32\...\{5BBBFC75-8C26-4F4B-A483-B1D5D347D7D2}) (Version: 64 - Media Mushroom Limited)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)
Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-X64 11.4.8.1_WHQL (HKLM\...\Elantech) (Version: 11.4.8.1 - ELAN Microelectronic Corp.)
Evernote v. 5.1.2 (HKLM-x32\...\{12FB6296-8840-11E3-86D7-00163E98E7D0}) (Version: 5.1.2.2387 - Evernote Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FUSSBALL MANAGER 13 (HKLM-x32\...\{80AF0300-866F-400F-A350-D53E3C3E34E0}) (Version: 1.0.4.0 - Electronic Arts)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hotspot Shield 3.20 (HKLM-x32\...\HotspotShield) (Version: 3.20 - AnchorFree Inc.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Hilfe (HKLM-x32\...\{640A03B3-4E6B-4440-A350-E6A8D6348F12}) (Version: 27.0.0 - Hewlett Packard)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.1800 - Broadcom Corporation)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6418 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6418 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo Rescue System (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Unifying-Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Media Go (HKLM-x32\...\{8D92969D-A6A3-44C8-9D63-D377E94F44B5}) (Version: 2.6.205 - Sony)
Media Go Video Playback Engine 2.0.112.09020 (HKLM-x32\...\{49D9CE9D-C8B7-B941-90E1-608044A0FC8D}) (Version: 2.0.112.09020 - Sony)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mindjet (HKLM-x32\...\{EAFBFF2D-5553-474A-85FA-863A82F00900}) (Version: 11.3.305 - Mindjet)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.0.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.0.1 (x86 de)) (Version: 24.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NewsLeecher v3.9 Final (HKLM-x32\...\NewsLeecher_is1) (Version: - )
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 3 (HKLM-x32\...\{BC12793B-1F89-4950-BB6C-63467B76B2D9}) (Version: 1.2.0 - OLYMPUS IMAGING CORP.)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.4001 - ooVoo LLC.)
OpenVPN 2.3.3-I002 (HKLM\...\OpenVPN) (Version: 2.3.3-I002 - )
Opera Stable 16.0.1196.80 (HKLM-x32\...\Opera 16.0.1196.80) (Version: 16.0.1196.80 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4643 - Electronic Arts, Inc.)
PDF-XChange 2012 (HKLM\...\{504022CD-6A58-42D5-ACC9-966F695AAD93}_is1) (Version: 5.0.266.0 - Tracker Software Products Ltd)
PDF-XChange Editor (HKLM-x32\...\{e6c66f24-ae75-4cce-8afc-8ed58d732f6a}) (Version: 3.0.307.0 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 3.0.307.0 - Tracker Software Products (Canada) Ltd.) Hidden
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayStation(R)Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.18.0.15698 - Sony Computer Entertainment Inc.)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Reader for PC (HKLM-x32\...\{7FAEB610-D6B1-42CE-9EEA-6A5001C2E732}) (Version: 2.1.00.06250 - Sony Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6675 - Realtek Semiconductor Corp.)
RUBICon (HKLM-x32\...\{438134D3-0BD4-4C52-8575-5B2B63AD01C2}) (Version: 2.0.25 - RUB)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version: - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sony PC Companion 2.10.197 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
SopCast 3.8.3 (HKLM-x32\...\SopCast) (Version: 3.8.3 - www.sopcast.com)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.12 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.1.0.273 - Sophos Limited)
SpiderOak x64 (HKLM\...\{5E61A03E-9E9E-40FD-8483-C85655BC67BB}) (Version: 5.0.3.10067 - SpiderOak)
Spotify (HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\Spotify) (Version: 1.0.1.1060.gc75ebdfd - Spotify AB)
Spotydl 0.9.37.0 (HKLM-x32\...\Spotydl_is1) (Version: 0.9.37.0 - spotydl.com)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4017697916-1499371932-692838387-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
23-12-2014 13:28:55 Secure Download Manager wird installiert
28-02-2015 00:24:55 Geplanter Prüfpunkt
11-03-2015 10:44:39 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-10-30 10:04 - 00001323 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {104329C9-D58B-4A1A-BB02-5B60FA23A08C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {1E5F27A1-E89A-47BF-9675-D07BDF353334} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {262E16B0-B237-4F4D-AB8C-B52E39F20353} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3453A56B-28FC-475E-BB86-057A74FA0D80} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.)
Task: {3D4EE033-A38D-460F-BFCB-F0753900FADB} - System32\Tasks\{15B6FE22-B8E2-4581-ACB5-A9E7A5AB4B90} => pcalua.exe -a D:\Downloads\SophosEndpointFirewall_extern.exe -d D:\Downloads
Task: {59759263-58B1-4B2D-A2E9-C7054ACF9049} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-26] (Microsoft Corporation)
Task: {9D297D22-0E50-4275-A20C-4C0DE4DA0AB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.)
Task: {9D349847-DA66-4D8F-B1E4-47D69B8FFBA8} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-27] (Adobe Systems Incorporated)
Task: {BC55B42B-5BFF-4AAF-A365-FA6D9CCB05EB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4017697916-1499371932-692838387-1001Core => C:\Users\187\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-28] (Facebook Inc.)
Task: {C3C20377-9751-4A2C-89EA-8E6451A48CB2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4017697916-1499371932-692838387-1001UA => C:\Users\187\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-28] (Facebook Inc.)
Task: {D066EE1C-DE51-46FB-8255-92E6E4E971E7} - System32\Tasks\{208A5D52-5B8D-43AE-B6F8-1A095B769BB9} => pcalua.exe -a "G:\INSTALL\Adobe\APRO23_Win_ESD1_WWEFG_Acrobat 8.exe" -d G:\INSTALL\Adobe
Task: {D5DB8ECD-4A2B-4093-83DB-60CA5F16DAF9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {E8A22B58-A412-465D-8F92-241FC0FFF869} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4017697916-1499371932-692838387-1001Core.job => C:\Users\187\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-4017697916-1499371932-692838387-1001UA.job => C:\Users\187\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2007-07-30 07:05 - 2007-07-30 07:05 - 00050688 _____ () C:\WINDOWS\System32\LFXPJL2K.DLL
2012-07-29 23:37 - 2012-07-29 23:37 - 00044408 _____ () c:\Program Files\Lenovo\Bluetooth Software\BtwLeAPI.dll
2010-10-08 06:18 - 2010-10-08 06:18 - 00056592 _____ () C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
2010-09-02 08:24 - 2010-09-02 08:24 - 00017920 _____ () C:\Program Files\ShrewSoft\VPN Client\libith.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00019456 _____ () C:\Program Files\ShrewSoft\VPN Client\libdtp.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00035328 _____ () C:\Program Files\ShrewSoft\VPN Client\libvflt.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00013312 _____ () C:\Program Files\ShrewSoft\VPN Client\liblog.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00119296 _____ () C:\Program Files\ShrewSoft\VPN Client\libip.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00026624 _____ () C:\Program Files\ShrewSoft\VPN Client\libidb.dll
2013-11-27 01:39 - 2013-11-27 01:39 - 00555304 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2010-10-08 06:18 - 2010-10-08 06:18 - 00957712 _____ () C:\Program Files\ShrewSoft\VPN Client\iked.exe
2010-09-02 08:24 - 2010-09-02 08:24 - 00028160 _____ () C:\Program Files\ShrewSoft\VPN Client\libike.dll
2010-09-02 08:25 - 2010-09-02 08:25 - 00040448 _____ () C:\Program Files\ShrewSoft\VPN Client\libvnet.dll
2010-09-02 08:24 - 2010-09-02 08:24 - 00030720 _____ () C:\Program Files\ShrewSoft\VPN Client\libpfk.dll
2010-10-08 06:18 - 2010-10-08 06:18 - 00697616 _____ () C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
2013-11-26 16:56 - 2013-12-12 18:14 - 08160256 _____ () C:\Users\187\AppData\Roaming\Copy\overlay\Brt.dll
2013-02-05 10:19 - 2013-02-05 10:19 - 00128512 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32api.pyd
2013-02-05 10:17 - 2013-02-05 10:17 - 00138240 _____ () C:\Program Files\SpiderOak\shell_extension_lib\pywintypes27.dll
2013-02-05 10:22 - 2013-02-05 10:22 - 00547328 _____ () C:\Program Files\SpiderOak\shell_extension_lib\pythoncom27.dll
2013-02-05 10:18 - 2013-02-05 10:18 - 00017920 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32trace.pyd
2013-02-05 10:18 - 2013-02-05 10:18 - 00136192 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32security.pyd
2013-02-05 10:30 - 2013-02-05 10:30 - 00520192 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32com.shell.shell.pyd
2013-02-05 10:19 - 2013-02-05 10:19 - 00043008 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32evtlog.pyd
2012-04-10 22:25 - 2012-04-10 22:25 - 00111616 _____ () C:\Program Files\SpiderOak\shell_extension_lib\_ctypes.pyd
2013-02-05 10:18 - 2013-02-05 10:18 - 00149504 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32file.pyd
2013-02-05 10:18 - 2013-02-05 10:18 - 00027648 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32pipe.pyd
2013-02-05 10:18 - 2013-02-05 10:18 - 00023040 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32event.pyd
2012-04-10 22:30 - 2012-04-10 22:30 - 00471552 _____ () C:\Program Files\SpiderOak\shell_extension_lib\_hashlib.pyd
2013-02-05 10:18 - 2013-02-05 10:18 - 00044032 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32process.pyd
2013-02-05 10:19 - 2013-02-05 10:19 - 00223232 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32gui.pyd
2013-02-05 10:31 - 2013-02-05 10:31 - 00125952 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32com.propsys.propsys.pyd
2013-09-19 15:39 - 2015-02-27 23:17 - 02092544 _____ () C:\Users\187\AppData\Roaming\Copy\Gui.dll
2013-09-19 15:55 - 2015-02-27 23:17 - 08212480 _____ () C:\Users\187\AppData\Roaming\Copy\Brt.dll
2013-12-12 18:14 - 2015-02-27 23:17 - 09276928 _____ () C:\Users\187\AppData\Roaming\Copy\AgentSync.dll
2013-09-19 15:41 - 2015-02-27 23:17 - 05327872 _____ () C:\Users\187\AppData\Roaming\Copy\CloudSync.dll
2014-03-04 11:40 - 2014-01-14 20:46 - 03140608 _____ () C:\Users\187\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2013-05-22 19:50 - 2013-05-22 19:50 - 00400704 _____ () C:\Users\187\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2013-11-27 01:35 - 2013-11-27 01:35 - 00903464 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2013-10-30 10:27 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-10-30 10:27 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-10-30 10:27 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-10-30 10:27 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-10-30 10:27 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-07-16 10:15 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\187\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-12 23:08 - 2015-03-12 23:08 - 00043008 _____ () c:\users\187\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjbeqog.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\187\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\187\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\187\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-12 08:57 - 2015-03-12 08:57 - 40506936 _____ () C:\Users\187\AppData\Roaming\Spotify\libcef.dll
2015-03-12 08:57 - 2015-03-12 08:57 - 01365560 _____ () C:\Users\187\AppData\Roaming\Spotify\libglesv2.dll
2015-03-12 08:57 - 2015-03-12 08:57 - 00219192 _____ () C:\Users\187\AppData\Roaming\Spotify\libegl.dll
2015-03-12 08:57 - 2015-03-12 08:57 - 09305656 _____ () C:\Users\187\AppData\Roaming\Spotify\pdf.dll
2015-03-12 08:57 - 2015-03-12 08:57 - 00990776 _____ () C:\Users\187\AppData\Roaming\Spotify\ffmpegsumo.dll
2015-03-11 10:22 - 2015-03-07 07:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-11 10:22 - 2015-03-07 07:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-11 10:22 - 2015-03-07 07:13 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.89\pdf.dll
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\Control Panel\Desktop\\Wallpaper -> D:\Dropbox\POSTER\ENTWICKLUNG\P1100208.JPG
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Reader Application Helper"
HKLM\...\StartupApproved\Run32: => "OV3_Monitor"
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\StartupApproved\Run: => "Windows Defender"
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-4017697916-1499371932-692838387-1001\...\StartupApproved\Run: => "OV3_Monitor"
==================== Accounts: =============================
187 (S-1-5-21-4017697916-1499371932-692838387-1001 - Administrator - Enabled) => C:\Users\187
Administrator (S-1-5-21-4017697916-1499371932-692838387-500 - Administrator - Disabled)
Gast (S-1-5-21-4017697916-1499371932-692838387-501 - Limited - Disabled)
SophosSAU187-G5800 (S-1-5-21-4017697916-1499371932-692838387-1008 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/13/2015 06:08:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WWAHost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f64
Startzeit: 01d05db03375d5d5
Endzeit: 4294967295
Anwendungspfad: C:\Windows\System32\WWAHost.exe
Berichts-ID: 8434d8eb-c9a3-11e4-befa-3c970e5ca325
Vollständiger Name des fehlerhaften Pakets: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Windows.Store
Error: (03/13/2015 06:08:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: 187-G580)
Description: Das Paket „winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store“ wurde beendet, da das Anhalten zu lange dauerte.
Error: (03/12/2015 11:04:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "ProtectionManagement" wurde versucht, die Abfrage "select * from MSFT_MpEvent" zu registrieren, deren Zielklasse "MSFT_MpEvent" im Namespace "//./root/microsoft/protectionManagement" nicht vorhanden ist. Die Abfrage wird ignoriert.
Error: (03/12/2015 11:04:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: Vom Ereignisanbieter "" wurde versucht, die Abfrage "select * from MSFT_MpEvent" zu registrieren, deren Zielklasse "MSFT_MpEvent" im Namespace "//./root/microsoft/protectionManagement" nicht vorhanden ist. Die Abfrage wird ignoriert.
Error: (03/12/2015 09:00:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm spotydl.exe, Version 0.9.37.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: d6c
Startzeit: 01d05c9a4126d946
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\Spotydl\spotydl.exe
Berichts-ID: e60b2b75-c88d-11e4-bef9-3c970e5ca325
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/12/2015 00:16:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SpotifyWebHelper.exe, Version: 0.9.15.27, Zeitstempel: 0x54803b75
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f0a3
ID des fehlerhaften Prozesses: 0x1b04
Startzeit der fehlerhaften Anwendung: 0xSpotifyWebHelper.exe0
Pfad der fehlerhaften Anwendung: SpotifyWebHelper.exe1
Pfad des fehlerhaften Moduls: SpotifyWebHelper.exe2
Berichtskennung: SpotifyWebHelper.exe3
Vollständiger Name des fehlerhaften Pakets: SpotifyWebHelper.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SpotifyWebHelper.exe5
Error: (03/11/2015 10:04:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SpotifyWebHelper.exe, Version: 0.9.15.27, Zeitstempel: 0x54803b75
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f0a3
ID des fehlerhaften Prozesses: 0x16d4
Startzeit der fehlerhaften Anwendung: 0xSpotifyWebHelper.exe0
Pfad der fehlerhaften Anwendung: SpotifyWebHelper.exe1
Pfad des fehlerhaften Moduls: SpotifyWebHelper.exe2
Berichtskennung: SpotifyWebHelper.exe3
Vollständiger Name des fehlerhaften Pakets: SpotifyWebHelper.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SpotifyWebHelper.exe5
Error: (03/11/2015 09:02:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SpotifyWebHelper.exe, Version: 0.9.15.27, Zeitstempel: 0x54803b75
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f0a3
ID des fehlerhaften Prozesses: 0x17cc
Startzeit der fehlerhaften Anwendung: 0xSpotifyWebHelper.exe0
Pfad der fehlerhaften Anwendung: SpotifyWebHelper.exe1
Pfad des fehlerhaften Moduls: SpotifyWebHelper.exe2
Berichtskennung: SpotifyWebHelper.exe3
Vollständiger Name des fehlerhaften Pakets: SpotifyWebHelper.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SpotifyWebHelper.exe5
Error: (03/11/2015 07:01:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm spotydl.exe, Version 0.9.37.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1e94
Startzeit: 01d05c134123f888
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\Spotydl\spotydl.exe
Berichts-ID: a7a9276c-c818-11e4-bef7-3c970e5ca325
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/11/2015 04:51:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm spotydl.exe, Version 0.9.37.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 145c
Startzeit: 01d05c12747eec15
Endzeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\Spotydl\spotydl.exe
Berichts-ID: 7a0209db-c806-11e4-bef7-3c970e5ca325
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
System errors:
=============
Error: (03/13/2015 06:14:41 PM) (Source: DCOM) (EventID: 10010) (User: 187-G580)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (03/13/2015 06:14:10 PM) (Source: DCOM) (EventID: 10010) (User: 187-G580)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (03/12/2015 11:06:05 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005
Error: (03/12/2015 11:06:05 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (03/12/2015 08:34:19 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246013 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework 4.5.1 und 4.5.2 unter Windows 8.1 und Windows Server 2012 R2 für x64-basierte Systeme (KB2977765)
Error: (03/12/2015 09:02:21 AM) (Source: Schannel) (EventID: 4114) (User: 187-G580)
Description: Das vom Remoteserver erhaltene Zertifikat wurde von einer nicht vertrauenswürdigen Zertifizierungsstelle ausgestellt. Aus diesem Grund können keine der im Zertifikat enthalten Daten verifiziert werden. Fehler bei der SSL-Verbindungsanforderung. Die angehängten Daten enthalten das Serverzertifikat.
Error: (03/12/2015 09:02:21 AM) (Source: Schannel) (EventID: 4120) (User: 187-G580)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 48. Der Windows-SChannel-Fehlerstatus lautet: 552.
Error: (03/12/2015 09:02:01 AM) (Source: Schannel) (EventID: 4114) (User: 187-G580)
Description: Das vom Remoteserver erhaltene Zertifikat wurde von einer nicht vertrauenswürdigen Zertifizierungsstelle ausgestellt. Aus diesem Grund können keine der im Zertifikat enthalten Daten verifiziert werden. Fehler bei der SSL-Verbindungsanforderung. Die angehängten Daten enthalten das Serverzertifikat.
Error: (03/12/2015 09:02:01 AM) (Source: Schannel) (EventID: 4120) (User: 187-G580)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 48. Der Windows-SChannel-Fehlerstatus lautet: 552.
Error: (03/12/2015 09:01:44 AM) (Source: Schannel) (EventID: 4114) (User: 187-G580)
Description: Das vom Remoteserver erhaltene Zertifikat wurde von einer nicht vertrauenswürdigen Zertifizierungsstelle ausgestellt. Aus diesem Grund können keine der im Zertifikat enthalten Daten verifiziert werden. Fehler bei der SSL-Verbindungsanforderung. Die angehängten Daten enthalten das Serverzertifikat.
Microsoft Office Sessions:
=========================
Error: (03/13/2015 06:08:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WWAHost.exe6.3.9600.17031f6401d05db03375d5d54294967295C:\Windows\System32\WWAHost.exe8434d8eb-c9a3-11e4-befa-3c970e5ca325winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewyWindows.Store
Error: (03/13/2015 06:08:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: 187-G580)
Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy+Windows.Store
Error: (03/12/2015 11:04:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: ProtectionManagementselect * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement
Error: (03/12/2015 11:04:44 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT-AUTORITÄT)
Description: select * from MSFT_MpEventMSFT_MpEvent//./root/microsoft/protectionManagement
Error: (03/12/2015 09:00:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: spotydl.exe0.9.37.0d6c01d05c9a4126d9464294967295C:\Program Files (x86)\Spotydl\spotydl.exee60b2b75-c88d-11e4-bef9-3c970e5ca325
Error: (03/12/2015 00:16:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SpotifyWebHelper.exe0.9.15.2754803b75ntdll.dll6.3.9600.170315308893dc00000050001f0a31b0401d05c3f952e9f97C:\Users\187\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\WINDOWS\SYSTEM32\ntdll.dll9c6f1e34-c844-11e4-bef9-3c970e5ca325
Error: (03/11/2015 10:04:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SpotifyWebHelper.exe0.9.15.2754803b75ntdll.dll6.3.9600.170315308893dc00000050001f0a316d401d05c36487d3c10C:\Users\187\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\WINDOWS\SYSTEM32\ntdll.dll371eb173-c832-11e4-bef9-3c970e5ca325
Error: (03/11/2015 09:02:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SpotifyWebHelper.exe0.9.15.2754803b75ntdll.dll6.3.9600.170315308893dc00000050001f0a317cc01d05c2fbfc0dbd7C:\Users\187\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\WINDOWS\SYSTEM32\ntdll.dll7aa02674-c829-11e4-bef9-3c970e5ca325
Error: (03/11/2015 07:01:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: spotydl.exe0.9.37.01e9401d05c134123f8884294967295C:\Program Files (x86)\Spotydl\spotydl.exea7a9276c-c818-11e4-bef7-3c970e5ca325
Error: (03/11/2015 04:51:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: spotydl.exe0.9.37.0145c01d05c12747eec154294967295C:\Program Files (x86)\Spotydl\spotydl.exe7a0209db-c806-11e4-bef7-3c970e5ca325
CodeIntegrity Errors:
===================================
Date: 2014-09-29 19:51:13.260
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-09-29 19:51:13.232
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-09-29 19:51:11.014
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-09-29 19:51:10.954
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LMouFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-09-29 19:51:09.676
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-09-29 19:51:09.659
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-09-29 19:51:09.645
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-09-29 19:51:09.626
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-09-29 19:51:09.611
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-09-29 19:51:09.595
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 48%
Total physical RAM: 5991.41 MB
Available physical RAM: 3113.71 MB
Total Pagefile: 8039.41 MB
Available Pagefile: 4527.82 MB
Total Virtual: 131072 MB
Available Virtual: 131071.77 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:199.65 GB) (Free:124.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:709.18 GB) (Free:138.4 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: DEF66BCF)
Partition: GPT Partition Type.
==================== End Of Log ============================ GMER
[CODE]
GMER Logfile: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-13 21:01:16
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003d ST1000LM024_HN-M101MBB rev.2AR10001 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\187\AppData\Local\Temp\kfliqpow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff96000095a00 15 bytes [00, 2E, F4, 01, 80, A0, 6E, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 17 fffff96000095a11 10 bytes [5E, FC, FF, 00, BB, C7, 00, ...]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [644:676] fffff96000817b90
---- Processes - GMER 2.1 ----
Library C:\Users\187\AppData\Roaming\Copy\overlay\CopyShExt.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [3460] (Copy Shell Extensions/Barracuda Networks, Inc.)(2013-11-26 15:56:15) 00007ffbf8ed0000
Library C:\Users\187\AppData\Roaming\Copy\overlay\Brt.dll (*** suspicious ***) @ C:\WINDOWS\Explorer.EXE [3460](2013-11-26 15:56:15) 00007ffbf43c0000
Library C:\Users\187\AppData\Roaming\Copy\Gui.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe [4828](2013-09-19 14:39:56) 00007ffbeffc0000
Library C:\Users\187\AppData\Roaming\Copy\Brt.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe [4828](2013-09-19 14:55:48) 00007ffbee340000
Library C:\Users\187\AppData\Roaming\Copy\AgentSync.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe [4828](2013-12-1 00007ffbeda50000
Library C:\Users\187\AppData\Roaming\Copy\QtCore4.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe [4828] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2013-06-19 14:35:36) 000000006c100000
Library C:\Users\187\AppData\Roaming\Copy\QtGui4.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe [4828] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2013-06-19 14:35:38) 000000006b780000
Library C:\Users\187\AppData\Roaming\Copy\CloudSync.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe [4828](2013-09-1 00007ffbed320000
Library C:\Users\187\AppData\Roaming\Copy\imageformats\qjpeg4.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Copy\CopyAgent.exe [4828] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2013-06-19 14:36:22) 00007ffc02f40000
Process C:\Users\187\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (*** suspicious ***) @ C:\Users\187\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [4856](2014-03-04 10:40:49) 00000000009d0000
Process C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (FILE NOT FOUND) 0000000000400000
Library C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:28) 000000006af20000
Library C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006ac10000
Library C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006a820000
Library C:\Users\187\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024](2015-02-10 21:00:30) 000000006a760000
Library C:\Users\187\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (ICU I18N DLL/The ICU Project)(2015-02-10 21:00:30) 000000004a900000
Library C:\Users\187\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (ICU Common DLL/The ICU Project)(2015-02-10 21:00:30) 0000000004990000
Library C:\Users\187\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (ICU Data DLL/The ICU Project)(2015-02-10 21:00:30) 000000004ad00000
Library c:\users\187\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjbeqog.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024](2015-03-12 22:08:04) 0000000004260000
Library C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006a580000
Library C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 0000000069590000
Library C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000069370000
Library C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000069110000
Library C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006c370000
Library C:\Users\187\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024](2015-02-10 21:00:30) 000000006c1d0000
Library C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 000000006c1a0000
Library C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006c160000
Library C:\Users\187\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000006c110000
Library C:\Users\187\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024](2015-02-10 21:00:28) 000000006b380000
Library C:\Users\187\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\187\AppData\Roaming\Dropbox\bin\Dropbox.exe [5024](2015-02-10 21:00:28) 000000006c5c0000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ---- --- --- --- |