|
Plagegeister aller Art und deren Bekämpfung: Skype.exe wird ausgeführt obwohl Skype gar nicht installiert istWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.01.2014, 16:01 | #1 |
| Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist Hi, ich habe vor ein paar Tagen versucht Skype zu installieren. Die installation ist immer mit einem Bluescreen abgebrochen. Durch Zufall habe ich dann gesehen das mein Taskmanager mir eine Skype.exe unter den laufenden Prozessen auflistet. Wenn ich diesen beende, bekomme ich den gleichen Bluescreen wie bei der Installation. Als Virenscanner habe ich Symantecs Endpoint Protection laufen. Dieser meldet aber nix! Wie kann ich herausfinden was das für ein Programm ist? Viele Grüße? |
28.01.2014, 16:03 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist Hallo und
__________________Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
28.01.2014, 16:27 | #3 |
| Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist also der Virenscanner hat auch in letzter Zeit nix gefunden. Zumindest Quarantäne und das "Sicherheitsprotokoll" listen keine Einträge.
__________________FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014 02 Ran by ich (administrator) on NOTEBOOK on 28-01-2014 16:12:05 Running from C:\ Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= () C:\Windows\System32\DTS.exe (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (AuthenTec, Inc.) C:\Windows\System32\ATService.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe (Acronis) C:\Program Files (x86)\Acronis\ARSM\arsm.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_monitor.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.VEEAMSQL2008R2\MSSQL\Binn\sqlservr.exe () C:\Program Files (x86)\nProbe-Win32\nprobe.exe (pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (Flexera Software, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\lmgrd.exe (ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansyslmd.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Acronis) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe () C:\Program Files (x86)\Seafile\bin\seafile-applet.exe ( ) C:\Program Files (x86)\BitMeter\BitMeter2.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe () C:\Program Files (x86)\Seafile\bin\ccnet.exe () C:\Program Files (x86)\Seafile\bin\seaf-daemon.exe (Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE () C:\Users\ich\AppData\Roaming\Skype\Skype.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Ghisler Software GmbH) C:\Programme\totalcmd\TOTALCMD64.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\SymCorpUI.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\SmcGui.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [FingerPrintSoftware] - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582400 2010-02-05] (AuthenTec) HKLM\...\Run: [FingerPrintSoftwareSplashScreen] - C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2010-02-05] (AuthenTec, Inc.) HKLM\...\Run: [picon] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-02-04] () HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] () HKLM\...\Run: [Default] - C:\Users\ich\AppData\Roaming\zNXHG\insidminer.exe [9216 2013-04-04] () HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [396176 2013-04-23] (Acronis) HKLM\...\Run: [TrayMonitor.exe] - C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe [1490528 2013-04-23] (Acronis) HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1937920 2013-02-03] (Dominik Reichl) HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102184 2013-01-22] (Acronis) HKLM-x32\...\Run: [BackupAndRecoveryMonitor.exe] - C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe [1531400 2013-04-23] (Acronis) HKLM-x32\...\Run: [vmware-tray.exe] - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [111696 2013-08-27] (VMware, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\MIT_KFW: C:\Windows\system32\kfwlogon.dll (Massachusetts Institute of Technology.) HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKCU\...\Run: [Skype.exe] - C:\Users\ich\AppData\Roaming\Skype\Skype.exe HKCU\...\Run: [8cd98f00b] - C:\Users\ich\AppData\Roaming\8cd98f00b.exe [1941504 2014-01-28] (Skype Technologies S.A.) HKCU\...\Run: [1DFAGX] - C:\Users\ich\AppData\Local\Temp\08f9b1df.exe <===== ATTENTION HKCU\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSync.exe [13116256 2013-10-11] (SugarSync, Inc.) HKCU\...\Run: [Seafile] - C:\Program Files (x86)\Seafile\bin\seafile-applet.exe [2265584 2014-01-10] () HKCU\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION HKCU\...\Policies\Explorer: [DisallowCpl] 1 HKCU\...\Policies\Explorer: [NoSetActiveDesktop] 0 MountPoints2: {ea8e4183-98c9-11e2-aecb-806e6f6e6963} - D:\Autorun\Autorun.exe MountPoints2: {fe17ec36-9897-11e2-9520-001c25a25c88} - F:\setup.exe AppInit_DLLs-x32: hplun.dll => File Not Found Startup: C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.) SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDADBC059A32CCE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt FireFox: ======== FF ProfilePath: C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\g9oa1pca.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @vmware.com/vmrc,version=5.1.0.00000 - C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll (VMware, Inc.) FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 - C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll (VMware, Inc.) FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: KeeFox - C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\g9oa1pca.default\Extensions\keefox@chris.tomlinson [2013-10-21] FF Extension: Dict.cc Translation - C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\g9oa1pca.default\Extensions\searchdictcc@roughael.xpi [2013-04-01] FF Extension: Adblock Plus - C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\g9oa1pca.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-29] FF Extension: DownThemAll! - C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\g9oa1pca.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-03-29] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-01] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-18] FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-04-21] ==================== Services (Whitelisted) ================= R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [2046968 2012-12-29] (Acronis) S2 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2217416 2007-02-22] () S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2010-02-05] () R2 ANSYS, Inc. License Manager; C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [5457920 2012-09-24] (ANSYS, Inc.) R2 ARSM; C:\Program Files (x86)\Acronis\ARSM\arsm.exe [5842040 2013-04-23] (Acronis) R2 ATService; C:\Windows\system32\ATService.exe [2713920 2010-02-05] (AuthenTec, Inc.) R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [11776 2012-05-19] () S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-01-10] (Lenovo.) R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2010-02-05] () S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093872 2008-09-18] (Symantec Corporation) R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2010-02-04] (Intel Corporation) R2 MMS; C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [10339520 2013-04-23] (Acronis) R2 MSSQL$VEEAMSQL2008R2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.VEEAMSQL2008R2\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation) S3 NimbusScheduler; C:\Program Files (x86)\Quorum Software\Alike\\BackupScheduler.exe [3092480 2012-08-02] () S3 NimbusVaulter; C:\Program Files (x86)\Quorum Software\Alike\\DataVaulter.exe [659456 2012-08-02] () R2 nProbe; C:\Program Files (x86)\nProbe-Win32\nprobe.exe [1135616 2013-03-27] () S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-03-28] (The OpenVPN Project) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR) S2 PSE License Manager; C:\Program Files (x86)\FLEXlm\bin\lmgrd.exe [1500424 2009-11-27] (Acresso Software Inc.) S2 redis; C:\Program Files (x86)\Redis\redis-service.exe [65550 2012-02-11] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.) R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [144368 2013-05-25] (Symantec Corporation) R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe [2316184 2013-05-25] (Symantec Corporation) S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe [334736 2013-05-25] (Symantec Corporation) S4 SQLAgent$VEEAMSQL2008R2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.VEEAMSQL2008R2\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] () R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation) R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2013-04-30] () R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14401104 2013-08-27] () ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20140115.011\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation) R1 ccSettings_{98738D8E-2623-4C7C-8986-652A6C70CBA3}; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys [169048 2013-05-25] (Symantec Corporation) R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] () R2 Dokan; C:\Windows\system32\drivers\dokan.sys [106888 2012-05-19] (Windows (R) Win 7 DDK provider) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-29] (DT Soft Ltd) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation) R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20140127.002\ENG64.SYS [126040 2013-12-27] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20140127.002\EX64.SYS [2099288 2013-12-27] (Symantec Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-17] (Synaptics Incorporated) R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSP64.SYS [796760 2013-05-25] (Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSPX64.SYS [36952 2013-05-25] (Symantec Corporation) R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation) R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMDS64.SYS [493656 2013-05-25] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMEFA64.SYS [1139800 2013-05-25] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-27] (Symantec Corporation) R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\Ironx64.SYS [224416 2013-05-25] (Symantec Corporation) R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMNETS.SYS [433752 2013-05-25] (Symantec Corporation) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1119672 2013-08-03] (Acronis) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-08-03] (Acronis) R3 VPPP; C:\Windows\System32\DRIVERS\VPPP.sys [38992 2010-03-31] (DrayTek, Corp.) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-08-15] (VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.) S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [35344 2013-08-13] () S1 bcbus; system32\DRIVERS\bcbus.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-28 16:10 - 2014-01-28 16:12 - 00023465 _____ C:\FRST.txt 2014-01-28 15:59 - 2014-01-28 15:53 - 02079232 _____ (Farbar) C:\FRST64.exe 2014-01-28 15:53 - 2014-01-28 15:53 - 00000000 ____D C:\FRST 2014-01-28 15:38 - 2014-01-28 15:38 - 00001225 _____ C:\Users\Public\Desktop\Samsung Magician.lnk 2014-01-28 15:38 - 2014-01-28 15:38 - 00000000 ____D C:\ProgramData\Samsung 2014-01-28 15:38 - 2014-01-28 15:38 - 00000000 ____D C:\Program Files (x86)\Samsung 2014-01-22 19:28 - 2014-01-22 19:28 - 00001162 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-01-21 21:05 - 2014-01-21 21:07 - 00000000 _____ C:\Users\ich\AppData\Local\Temptable.xml 2014-01-15 23:27 - 2014-01-15 23:27 - 00000000 ____D C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix 2014-01-15 15:10 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 15:10 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 15:10 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 15:10 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 15:10 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 15:10 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 15:10 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 15:10 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-15 15:09 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-14 19:53 - 2014-01-14 19:53 - 00002186 _____ C:\Users\ich\Desktop\TitanEditor.lnk 2014-01-14 19:52 - 2014-01-14 19:52 - 00002225 _____ C:\Users\Public\Desktop\MediaPortal Extension Installer.lnk 2014-01-14 19:52 - 2014-01-14 19:52 - 00000000 ____D C:\Program Files (x86)\LAV Filters 2014-01-14 18:05 - 2014-01-14 18:05 - 00001796 _____ C:\Users\RedisService\Desktop\Alike Manager.lnk 2014-01-14 18:05 - 2014-01-14 18:05 - 00001796 _____ C:\Users\ich\Desktop\Alike Manager.lnk 2014-01-12 14:26 - 2014-01-12 14:26 - 00001324 _____ C:\Users\Public\Desktop\Acronis*Disk Director Suite.lnk 2014-01-11 12:14 - 2014-01-11 12:14 - 00000000 ____D C:\Program Files (x86)\Seafile 2014-01-10 17:54 - 2014-01-10 17:54 - 00000000 ____D C:\Program Files (x86)\Dokan 2014-01-10 17:50 - 2014-01-10 17:50 - 00000002 _____ C:\Windows\MP2-Setup.log 2014-01-04 17:31 - 2014-01-04 17:31 - 00001334 _____ C:\Users\ich\Desktop\backup_dokumente.lnk 2014-01-04 16:11 - 2014-01-11 12:14 - 00001048 _____ C:\Users\Public\Desktop\Seafile.lnk ==================== One Month Modified Files and Folders ======= 2014-01-28 16:12 - 2014-01-28 16:10 - 00023465 _____ C:\FRST.txt 2014-01-28 16:12 - 2013-03-29 23:21 - 00000000 ____D C:\ProgramData\Bitmeter2 2014-01-28 16:04 - 2013-05-31 15:19 - 00000000 ____D C:\ProgramData\VMware 2014-01-28 16:04 - 2013-05-31 15:17 - 00000000 ____D C:\Program Files (x86)\VMware 2014-01-28 16:01 - 2013-09-27 10:58 - 00000000 ____D C:\Program Files\Common Files\VMware 2014-01-28 15:59 - 2013-03-29 18:22 - 01545301 _____ C:\Windows\WindowsUpdate.log 2014-01-28 15:53 - 2014-01-28 15:59 - 02079232 _____ (Farbar) C:\FRST64.exe 2014-01-28 15:53 - 2014-01-28 15:53 - 00000000 ____D C:\FRST 2014-01-28 15:50 - 2013-03-29 23:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-28 15:38 - 2014-01-28 15:38 - 00001225 _____ C:\Users\Public\Desktop\Samsung Magician.lnk 2014-01-28 15:38 - 2014-01-28 15:38 - 00000000 ____D C:\ProgramData\Samsung 2014-01-28 15:38 - 2014-01-28 15:38 - 00000000 ____D C:\Program Files (x86)\Samsung 2014-01-28 15:38 - 2013-03-29 18:23 - 00000000 ___RD C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-01-28 15:33 - 2013-06-30 17:59 - 00000000 ____D C:\Users\ich\Documents\Citavi 4 2014-01-28 14:31 - 2009-07-14 05:45 - 00027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-28 14:31 - 2009-07-14 05:45 - 00027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-28 14:26 - 2013-04-28 13:43 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS 2014-01-28 14:26 - 2013-04-28 13:43 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job 2014-01-28 14:25 - 2010-11-21 07:22 - 00772070 _____ C:\Windows\system32\perfh007.dat 2014-01-28 14:25 - 2010-11-21 07:22 - 00177614 _____ C:\Windows\system32\perfc007.dat 2014-01-28 14:25 - 2009-07-14 06:13 - 01825000 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-28 14:22 - 2013-04-02 15:54 - 01941504 ___SH (Skype Technologies S.A.) C:\Users\ich\AppData\Roaming\8cd98f00b.exe 2014-01-28 14:22 - 2013-04-02 15:54 - 00000000 ____D C:\Users\ich\AppData\Roaming\Skype 2014-01-28 14:20 - 2010-11-21 04:47 - 00274840 _____ C:\Windows\PFRO.log 2014-01-28 14:20 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-28 14:20 - 2009-07-14 05:51 - 00080223 _____ C:\Windows\setupact.log 2014-01-28 13:25 - 2013-03-30 08:31 - 00000000 ____D C:\ProgramData\Microsoft Help 2014-01-28 13:25 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini 2014-01-28 13:24 - 2013-09-24 10:10 - 00000039 _____ C:\Windows\vbaddin.ini 2014-01-28 11:03 - 2013-03-31 19:35 - 00000000 ____D C:\Users\ich\AppData\Local\Adobe 2014-01-28 01:04 - 2013-03-29 23:47 - 00000000 ____D C:\Users\ich\AppData\Roaming\KeePass 2014-01-27 22:03 - 2013-09-11 13:17 - 00000000 ____D C:\Users\ich\AppData\Local\LogMeIn Hamachi 2014-01-27 20:09 - 2013-03-29 18:31 - 00000000 ____D C:\ProgramData\Symantec 2014-01-26 10:19 - 2013-03-31 10:37 - 00000600 _____ C:\Users\ich\AppData\Local\PUTTY.RND 2014-01-25 16:01 - 2013-05-31 18:42 - 00002234 ____H C:\Users\ich\Documents\Default.rdp 2014-01-24 21:52 - 2013-04-20 14:11 - 00000000 ____D C:\Users\ich\.cfx 2014-01-24 21:00 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2014-01-24 17:41 - 2013-04-20 10:07 - 00000000 ____D C:\Users\ich\AppData\Roaming\Ansys 2014-01-24 00:55 - 2013-04-20 10:17 - 00000000 ____D C:\Users\ich\AppData\Roaming\SolidWorks 2014-01-23 17:04 - 2013-03-30 00:47 - 00000000 ____D C:\Program Files portable 2014-01-23 16:44 - 2009-07-14 05:45 - 05137328 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-22 20:00 - 2013-03-29 23:17 - 00125944 _____ C:\Users\ich\AppData\Local\GDIPFONTCACHEV1.DAT 2014-01-22 19:28 - 2014-01-22 19:28 - 00001162 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-01-22 19:28 - 2013-04-18 11:21 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2014-01-22 07:58 - 2013-04-10 14:40 - 00000000 ____D C:\Users\ich\AppData\Roaming\vlc 2014-01-21 21:40 - 2013-04-20 10:36 - 00000000 ____D C:\Users\ich\AppData\Local\TempSWSicherungsverzeichnis 2014-01-21 21:07 - 2014-01-21 21:05 - 00000000 _____ C:\Users\ich\AppData\Local\Temptable.xml 2014-01-16 11:08 - 2013-06-30 17:58 - 00042712 _____ C:\QcOSD.txt 2014-01-15 23:27 - 2014-01-15 23:27 - 00000000 ____D C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix 2014-01-15 23:24 - 2013-07-24 18:05 - 00000600 _____ C:\Users\ich\AppData\Roaming\winscp.rnd 2014-01-15 16:22 - 2013-07-14 22:43 - 00000000 ____D C:\Windows\system32\MRT 2014-01-15 16:19 - 2011-12-03 21:05 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-14 19:53 - 2014-01-14 19:53 - 00002186 _____ C:\Users\ich\Desktop\TitanEditor.lnk 2014-01-14 19:52 - 2014-01-14 19:52 - 00002225 _____ C:\Users\Public\Desktop\MediaPortal Extension Installer.lnk 2014-01-14 19:52 - 2014-01-14 19:52 - 00000000 ____D C:\Program Files (x86)\LAV Filters 2014-01-14 19:52 - 2013-10-02 12:25 - 00002220 _____ C:\Users\Public\Desktop\MediaPortal Configuration.lnk 2014-01-14 19:52 - 2013-09-15 11:40 - 00002178 _____ C:\Users\Public\Desktop\MediaPortal.lnk 2014-01-14 19:52 - 2013-09-15 11:39 - 00000000 ____D C:\Program Files (x86)\Team MediaPortal 2014-01-14 18:05 - 2014-01-14 18:05 - 00001796 _____ C:\Users\RedisService\Desktop\Alike Manager.lnk 2014-01-14 18:05 - 2014-01-14 18:05 - 00001796 _____ C:\Users\ich\Desktop\Alike Manager.lnk 2014-01-14 18:05 - 2013-08-09 07:17 - 00001796 _____ C:\Users\Acronis Agent User\Desktop\Alike Manager.lnk 2014-01-13 14:03 - 2013-08-20 13:45 - 00000000 ____D C:\Users\ich\AppData\Roaming\HLSW 2014-01-12 14:26 - 2014-01-12 14:26 - 00001324 _____ C:\Users\Public\Desktop\Acronis*Disk Director Suite.lnk 2014-01-12 14:26 - 2013-08-03 08:27 - 00198944 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys 2014-01-12 14:26 - 2013-08-03 08:26 - 00000000 ____D C:\Program Files (x86)\Acronis 2014-01-11 12:14 - 2014-01-11 12:14 - 00000000 ____D C:\Program Files (x86)\Seafile 2014-01-11 12:14 - 2014-01-04 16:11 - 00001048 _____ C:\Users\Public\Desktop\Seafile.lnk 2014-01-10 18:14 - 2013-09-15 11:39 - 00000000 ____D C:\ProgramData\Team MediaPortal 2014-01-10 17:54 - 2014-01-10 17:54 - 00000000 ____D C:\Program Files (x86)\Dokan 2014-01-10 17:50 - 2014-01-10 17:50 - 00000002 _____ C:\Windows\MP2-Setup.log 2014-01-05 12:27 - 2013-04-01 18:42 - 00000000 ____D C:\ProgramData\CrashPlan 2014-01-04 17:31 - 2014-01-04 17:31 - 00001334 _____ C:\Users\ich\Desktop\backup_dokumente.lnk Some content of TEMP: ==================== C:\Users\ich\AppData\Local\Temp\jna3739224625466413942.dll C:\Users\ich\AppData\Local\Temp\moving-pictures-setup.exe C:\Users\ich\AppData\Local\Temp\q9yyl0r8.dll C:\Users\ich\AppData\Local\Temp\uninstall-temp.exe C:\Users\ich\AppData\Local\Temp\vcredist_x86.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-19 02:05 ==================== End Of Log ============================ Addition.txt FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2014 02 Ran by ich at 2014-01-28 16:12:44 Running from C:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202} ==================== Installed Programs ====================== µTorrent (x32 Version: 3.3.0.29625 - BitTorrent Inc.) Acronis Backup & Recovery 11.5 Agent Core (x32 Version: 11.5.37613 - Acronis) Acronis Backup & Recovery 11.5 Command-Line Tool (x32 Version: 11.5.37613 - Acronis) Acronis Backup & Recovery 11.5 Tray Monitor (x32 Version: 11.5.37613 - Acronis) Acronis Backup & Recovery 11.5*Agent for Windows (x32 Version: 11.5.37613 - Acronis) Acronis Backup & Recovery 11.5*Bootable Media Builder (x32 Version: 11.5.37613 - Acronis) Acronis Backup & Recovery 11.5*Management*Console (x32 Version: 11.5.37613 - Acronis) Acronis*Disk Director Suite (x32 Version: 10.0.2160 - Acronis) ActivePerl 5.14.4 Build 1405 (64-bit) (Version: 5.14.1405 - ActiveState) Advanced PDF Password Recovery (HKCU Version: 5.0 - ElcomSoft Co. Ltd.) Anzeige am Bildschirm (Version: 6.67.10 - ) Avidemux 2.6 (32-bit) (x32 Version: 2.6.4.8696 - ) BitMeter (x32 Version: - ) Bonjour (Version: 3.0.0.10 - Apple Inc.) Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7 - Cisco Systems, Inc.) Citavi (x32 Version: 3.4.0.2 - Swiss Academic Software) Citavi 4 (x32 Version: 4.1.0.3 - Swiss Academic Software) Citrix XenCenter (x32 Version: 6.2.2 - Citrix Systems, Inc.) Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden Conexant 20561 SmartAudio HD (Version: 4.92.12.0 - Conexant) DAEMON Tools Lite (x32 Version: 4.47.1.0333 - Disc Soft Ltd) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft) DeltaCopy (x32 Version: 1.40.0000 - Synametrics Technologies) Dienstprogramm "ThinkPad UltraNav" (x32 Version: 2.13.0 - Lenovo) Dokan Library 0.5.3 (x32 Version: - ) DrayTek Smart VPN Client (x32 Version: - ) EMS Data Import 2007 for MySQL (x32 Version: 3.2.0.4 - EMS) Energie-Manager (x32 Version: 6.45 - ) FlashFXP (x32 Version: 4.3.0.1947 - OpenSight Software LLC) Flashtool (x32 Version: 0.9.10.2beta6 - Androxyde) FLEXlm for PSE 11.6.1.10 (x32 Version: 11.6.1.10 - Process Systems Enterprise) GIMP 2.8.6 (Version: 2.8.6 - The GIMP Team) GPL Ghostscript (Version: 9.10 - Artifex Software Inc.) GTA2 (x32 Version: 1.00.001 - ) Gtk# for .Net 2.12.10 (x32 Version: 2.12.10 - Novell, Inc.) HLSW v1.4.0.2 (x32 Version: - Stripf Software) ImageJ 1.47v (Version: - NIH) ImgBurn (x32 Version: 2.5.7.0 - LIGHTNING UK!) Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation) Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2555 - Intel Corporation) Intel(R) Management Engine Interface (Version: - Intel Corporation) Intel(R) Network Connections Drivers (Version: 16.1 - Intel) Intel® Active-Management-Technologie (Version: - Intel Corporation) IPMIView (x32 Version: 2.3.0.0 - SUPERMICRO) Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle) Java(TM) 6 Update 45 (64-bit) (Version: 6.0.450 - Oracle) JDownloader 2 (x32 Version: 2 - AppWork GmbH) KeePass Password Safe 2.21 (x32 Version: - Dominik Reichl) LAV Filters 0.59.1 (x32 Version: 0.59.1 - Hendrik Leppkes) Lenovo Fingerprint Software (Version: 3.3.2.27 - AuthenTec, Inc.) Lenovo Patch Utility (x32 Version: 1.3.0.9 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (Version: 1.3.0.9 - Lenovo Group Limited) Lenovo Power Management Driver (Version: 1.66.00.22 - ) Lenovo System Interface Driver (Version: 1.05 - ) Lenovo System Update (x32 Version: 5.03.0005 - Lenovo) LinuxLive USB Creator (x32 Version: 2.8 - Thibaut Lauziere) LiveUpdate 3.3 (Symantec Corporation) (x32 Version: 3.3.0.73 - Symantec Corporation) LogMeIn Hamachi (x32 Version: 2.2.0.58 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.58 - LogMeIn, Inc.) Hidden MATLAB R2012a (Version: 7.14 - The MathWorks, Inc.) MediaPortal (x32 Version: 1.6.0 - Team MediaPortal) MediaPortal TV Server / Client (x32 Version: 1.6.0 - Team MediaPortal) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2003 Web Components (x32 Version: 12.0.6213.1000 - Microsoft Corporation) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Visio 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Visio MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 R2 (64-bit) (Version: - Microsoft Corporation) Hidden Microsoft SQL Server 2008 R2 Native Client (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0 - Microsoft Corporation) Hidden Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server Browser (x32 Version: 10.51.2500.0 - Microsoft Corporation) Microsoft SQL Server VSS Writer (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visio Premium 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden Microsoft Visual Basic for Applications 7.1 (x64) German (Version: 7.1.0.0 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (Version: - Microsoft Corporation) Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (Version: 2.0.50728 - Microsoft Corporation) Hidden Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden MiKTeX 2.9 (x32 Version: 2.9 - MiKTeX.org) MIT Kerberos for Windows (64-bit) 4.0.0 Wed 06/19/2013 13:36:27.34 (Version: 4.0.0 - Massachusetts Institute of Technology) Hidden MOBackup - Datensicherung für Outlook (Testversion) (x32 Version: 7.0 - Heiko Schröder) ModelBuilder 3.5.1.54826 (x32 Version: 3.5.1.54826 - Process Systems Enterprise Ltd) Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation) MySQL Connector/ODBC 5.2 32bit (community edition) (x32 Version: 5.2.5 - Oracle Corporation) MySQL Connector/ODBC 5.2 64bit (community edition) (Version: 5.2.5 - Oracle Corporation) nProbe for Win32 6.12.130327 (x32 Version: 6.12.130327 - Luca Deri <deri@ntop.org>) OpenVPN 2.3.1-I001 (Version: 2.3.1-I001 - ) Origin90 (x32 Version: 9.00.00 - OriginLab Corporation) PDF Architect (x32 Version: 1.0.52.8917 - pdfforge) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden PDFCreator (x32 Version: 1.6.2 - pdfforge) PEAK DVB-T BDA Drivers (x32 Version: - ) phpDesigner 8 version 8.1.1 (x32 Version: - MPSOFTWARE) PS3 Media Server (x32 Version: 1.90.1 - PS3 Media Server) Python 3.3 pip-1.4.1 (64-bit) (Version: - ) Python 3.3.2 (64-bit) (Version: 3.3.2150 - Python Software Foundation) Quake 3 Arena Demo (x32 Version: - ) QuickPar 0.9 (x32 Version: 0.9 - Peter B. Clements) Redis version 2.4.6.0 (x32 Version: 2.4.6.0 - rgl) Samsung Magician (x32 Version: 4.3.0 - Samsung Electronics) Seafile 2.1.1 (x32 Version: 2.1.1 - HaiWenHuZhi ltd.) Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (Version: 10.51.2500.0 - Microsoft Corporation) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden SolidWorks 2013 x64 Edition SP0 (Version: 21.100.5024 - SolidWorks) Hidden SolidWorks 2013 x64 Edition SP0 (x32 Version: 21.0.0.5024 - SolidWorks Corporation) SolidWorks 2013 x64 German Resources (Version: 21.100.5024 - SolidWorks Corporation) Hidden SolidWorks eDrawings 2013 x64 Edition SP0 (Version: 13.0.5016 - Dassault Systèmes SolidWorks Corp) Hidden SolidWorks Explorer 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden SolidWorks Plastics 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden Sony Mobile Update Service (x32 Version: 2.13.4.20 - Sony Mobile Communications AB) SopCast 3.8.2 (x32 Version: 3.8.2 - www.sopcast.com) SpeechRedist (x32 Version: 1.0.0 - Epic Games Inc.) Spraytec version 3.03 (x32 Version: 3.03.004 - Malvern Instruments Ltd) Spraytec version 3.03 (x32 Version: 3.03.004 - Malvern Instruments Ltd) Hidden SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden SQLyog 9.10 (x32 Version: 9.10 - Webyog Softworks Pvt. Ltd.) SugarSync (x32 Version: 2.0.34.118720 - SugarSync, Inc.) SumatraPDF (x32 Version: 2.3.2 - Krzysztof Kowalczyk) Symantec Endpoint Protection (Version: 12.1.3001.165 - Symantec Corporation) Synology Assistant (remove only) (x32 Version: - ) TAP-Windows 9.9.2 (Version: 9.9.2 - ) TeamSpeak 3 Client (x32 Version: 3.0.11 - TeamSpeak Systems GmbH) TeamViewer 9 (x32 Version: 9.0.24951 - TeamViewer) TeXnicCenter Version 2.0 Beta 1 (Version: 2.0 Beta 1 - The TeXnicCenter Team) ThinkPad FullScreen Magnifier (Version: 2.40 - ) ThinkPad Modem Adapter (Version: 7.80.5.0 - Conexant Systems) ThinkPad UltraNav Driver (Version: 16.2.19.7 - ) tools-freebsd (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden tools-linux (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden tools-netware (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden tools-solaris (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden tools-windows (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden tools-winPre2k (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden Total Commander 64-bit (Remove or Repair) (Version: 8.01 - Ghisler Software GmbH) TrueCrypt (x32 Version: 7.1a - TrueCrypt Foundation) Unreal Tournament (x32 Version: - ) Unreal Tournament 2003 (x32 Version: - ) Unreal Tournament 2004 (x32 Version: - ) Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft) VLC media player 2.0.5 (Version: 2.0.5 - VideoLAN) VLC media player 2.0.8 (x32 Version: 2.0.8 - VideoLAN) VMware Virtual Disk Development Kit (x32 Version: 5.1.0.774844 - VMware, Inc.) VMware vSphere Client 5.1 (x32 Version: 5.1.0.2669 - VMware, Inc.) VMware vSphere Client 5.5 (x32 Version: 5.5.0.3165 - VMware, Inc.) VMware Workstation (Version: 10.0.0 - VMware, Inc.) Hidden VMware Workstation (x32 Version: 10.0.0 - VMware, Inc) VMware-OpenSSL (Version: 6.0.0.196 - VMware, Inc.) Hidden VMware-python (Version: 6.0.0.731 - VMware, Inc.) Hidden VNC Viewer 5.0.6 (Version: 5.0.6 - RealVNC Ltd) Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30 - Microsoft Corporation) Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (01/14/2010 8.6.0.13) (Version: 01/14/2010 8.6.0.13 - AuthenTec Inc.) WinISO 5.3 (x32 Version: - WinISO Computing Inc.) WinPcap 4.1.2 (x32 Version: 4.1.0.2001 - CACE Technologies) WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH) XBMC (HKCU Version: - Team XBMC) XG (x32 Version: 1.00.0000 - XG) ==================== Restore Points ========================= 15-01-2014 15:19:37 Windows Update 15-01-2014 22:27:20 Installed Citrix XenCenter 28-01-2014 12:17:19 Windows Update 28-01-2014 15:00:34 Removed VMware vCenter Server - Java Components. 28-01-2014 15:01:47 Removed VMware vSphere CLI. 28-01-2014 15:04:18 Removed VMware vCenter Converter Standalone. 28-01-2014 15:05:18 Entfernt Paragon Partition Manager™ 2013 Free. ==================== Hosts content: ========================== 2009-07-14 03:34 - 2013-12-04 15:07 - 00001318 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {2AC1EA1E-E12F-4926-B3C3-2A20FCF286C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated) Task: {7D9DACC2-1046-4A66-949E-13DC1A3CB621} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-09-17] () Task: {E145AC0C-8482-4563-9536-ED5C542456A8} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-04-28] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe Task: C:\Windows\Tasks\OMV.job => ? ==================== Loaded Modules (whitelisted) ============= 2012-12-05 14:45 - 2012-12-05 14:45 - 01547776 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\RCDCD130.DLL 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2013-10-11 06:31 - 2013-10-11 06:31 - 00246624 _____ () C:\Program Files (x86)\SugarSync\x64\SugarSyncVFSNamespace64.dll 2013-03-30 00:36 - 2013-01-10 06:45 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL 2012-09-28 04:50 - 2012-09-28 04:50 - 00272488 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll 2013-04-23 21:33 - 2013-04-23 21:33 - 00283456 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\fnls.dll 2013-04-23 21:33 - 2013-04-23 21:33 - 00324424 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\events_trace.dll 2013-04-23 21:34 - 2013-04-23 21:34 - 00436776 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\FileTrace.dll 2011-03-04 11:49 - 2011-03-04 11:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll 2013-08-17 16:05 - 2008-01-30 13:30 - 02121728 _____ () C:\Program Files (x86)\nProbe-Win32\libmysql.dll 2013-04-23 22:29 - 2013-04-23 22:29 - 00915400 _____ () C:\Program Files (x86)\Acronis\BackupAndRecovery\human_resolving_mms.dll 2013-08-27 11:42 - 2013-08-27 11:42 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll 2014-01-10 15:16 - 2014-01-10 15:16 - 00188309 _____ () C:\Program Files (x86)\Seafile\bin\libjansson-4.dll 2014-01-10 15:16 - 2014-01-10 15:16 - 01663157 _____ () C:\Program Files (x86)\Seafile\bin\libsqlite3-0.dll 2014-01-10 15:16 - 2014-01-10 15:16 - 00043008 _____ () C:\Program Files (x86)\Seafile\bin\libgcc_s_dw2-1.dll 2014-01-10 15:16 - 2014-01-10 15:16 - 00011362 _____ () C:\Program Files (x86)\Seafile\bin\mingwm10.dll 2014-01-10 15:16 - 2014-01-10 15:16 - 00428434 _____ () C:\Program Files (x86)\Seafile\bin\libccnet-0.dll 2014-01-10 15:16 - 2014-01-10 15:16 - 00878761 _____ () C:\Program Files (x86)\Seafile\bin\libevent-2-0-5.dll 2014-01-10 15:16 - 2014-01-10 15:16 - 00124329 _____ () C:\Program Files (x86)\Seafile\bin\libsearpc-1.dll 2014-01-10 15:16 - 2014-01-10 15:16 - 00351301 _____ () C:\Program Files (x86)\Seafile\bin\libseafile-0.dll 2013-12-20 18:03 - 2013-12-20 18:03 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-06-30 17:59 - 2013-05-23 06:17 - 00428032 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\FirefoxPickerCommunication.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2014-01-28 15:38 - 2013-11-28 12:14 - 00013824 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll 2014-01-28 15:38 - 2013-11-28 18:59 - 00098816 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\PAL.dll 2014-01-28 15:38 - 2013-11-28 18:59 - 00034304 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SATA.dll 2014-01-28 15:38 - 2013-11-28 18:59 - 00032768 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAT.dll 2014-01-28 15:38 - 2013-11-28 19:00 - 00031232 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SMINI.dll 2014-01-28 15:38 - 2013-11-28 18:59 - 00029696 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAS.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Microsoft:BS5u4pbjBsHDz115Tk6VjT AlternateDataStreams: C:\ProgramData\Microsoft:L6jMUTEcAdPttIu2iuxizkKiVt AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service" ==================== Faulty Device Manager Devices ============= Name: Basissystemgerät Description: Basissystemgerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Basissystemgerät Description: Basissystemgerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Cisco Systems VPN Adapter for 64-bit Windows Description: Cisco Systems VPN Adapter for 64-bit Windows Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== End Of Log ============================ |
28.01.2014, 17:01 | #4 | ||
/// Winkelfunktion /// TB-Süch-Tiger™ | Skype.exe wird ausgeführt obwohl Skype gar nicht installiert istZitat:
Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
28.01.2014, 17:42 | #5 |
| Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist Windows Version ist von der Uni, wieso das ne Enterprise Version ist kann ich dir nicht sagen. Lizenz stammt aus dem "dreamspark Programm" EDIT: ich habe die kiste mit ner Linux boot cd gestartet und die datei einfach gelöscht. Nachdem Neustart in Windows war sie nicht wieder da und ich konnte skype regulär installieren. Thread kann also gelöscht werden! |
Themen zu Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist |
ausgeführt, bluescreen, herausfinden, installation, installier, installiere, installiert, laufe, laufenden, melde, meldet, nicht installiert, programm, protection, prozesse, prozessen, scan, scanner, skype, tagen, taskma, taskmanager, versuch, versucht, virenscan, virenscanner |