Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.01.2014, 16:01   #1
monchi96
 
Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist - Standard

Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist



Hi,

ich habe vor ein paar Tagen versucht Skype zu installieren. Die installation ist immer mit einem Bluescreen abgebrochen.

Durch Zufall habe ich dann gesehen das mein Taskmanager mir eine Skype.exe unter den laufenden Prozessen auflistet. Wenn ich diesen beende, bekomme ich den gleichen Bluescreen wie bei der Installation.

Als Virenscanner habe ich Symantecs Endpoint Protection laufen. Dieser meldet aber nix!

Wie kann ich herausfinden was das für ein Programm ist?

Viele Grüße?

Alt 28.01.2014, 16:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist - Standard

Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 28.01.2014, 16:27   #3
monchi96
 
Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist - Standard

Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist



also der Virenscanner hat auch in letzter Zeit nix gefunden. Zumindest Quarantäne und das "Sicherheitsprotokoll" listen keine Einträge.

FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014 02
Ran by ich (administrator) on NOTEBOOK on 28-01-2014 16:12:05
Running from C:\
Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

() C:\Windows\System32\DTS.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AuthenTec, Inc.) C:\Windows\System32\ATService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe
(Acronis) C:\Program Files (x86)\Acronis\ARSM\arsm.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_monitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.VEEAMSQL2008R2\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\nProbe-Win32\nprobe.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Flexera Software, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\lmgrd.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansyslmd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Acronis) C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe
() C:\Program Files (x86)\Seafile\bin\seafile-applet.exe
( ) C:\Program Files (x86)\BitMeter\BitMeter2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
() C:\Program Files (x86)\Seafile\bin\ccnet.exe
() C:\Program Files (x86)\Seafile\bin\seaf-daemon.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
() C:\Users\ich\AppData\Roaming\Skype\Skype.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Ghisler Software GmbH) C:\Programme\totalcmd\TOTALCMD64.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\SymCorpUI.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\SmcGui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [FingerPrintSoftware] - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [1582400 2010-02-05] (AuthenTec)
HKLM\...\Run: [FingerPrintSoftwareSplashScreen] - C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [107520 2010-02-05] (AuthenTec, Inc.)
HKLM\...\Run: [picon] - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe [111640 2010-02-04] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [Default] - C:\Users\ich\AppData\Roaming\zNXHG\insidminer.exe [9216 2013-04-04] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [396176 2013-04-23] (Acronis)
HKLM\...\Run: [TrayMonitor.exe] - C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe [1490528 2013-04-23] (Acronis)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1937920 2013-02-03] (Dominik Reichl)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102184 2013-01-22] (Acronis)
HKLM-x32\...\Run: [BackupAndRecoveryMonitor.exe] - C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe [1531400 2013-04-23] (Acronis)
HKLM-x32\...\Run: [vmware-tray.exe] - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [111696 2013-08-27] (VMware, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\MIT_KFW: C:\Windows\system32\kfwlogon.dll (Massachusetts Institute of Technology.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [Skype.exe] - C:\Users\ich\AppData\Roaming\Skype\Skype.exe
HKCU\...\Run: [8cd98f00b] - C:\Users\ich\AppData\Roaming\8cd98f00b.exe [1941504 2014-01-28] (Skype Technologies S.A.)
HKCU\...\Run: [1DFAGX] - C:\Users\ich\AppData\Local\Temp\08f9b1df.exe <===== ATTENTION
HKCU\...\Run: [SugarSync] - C:\Program Files (x86)\SugarSync\SugarSync.exe [13116256 2013-10-11] (SugarSync, Inc.)
HKCU\...\Run: [Seafile] - C:\Program Files (x86)\Seafile\bin\seafile-applet.exe [2265584 2014-01-10] ()
HKCU\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKCU\...\Policies\Explorer: [DisallowCpl] 1
HKCU\...\Policies\Explorer: [NoSetActiveDesktop] 0
MountPoints2: {ea8e4183-98c9-11e2-aecb-806e6f6e6963} - D:\Autorun\Autorun.exe
MountPoints2: {fe17ec36-9897-11e2-9520-001c25a25c88} - F:\setup.exe
AppInit_DLLs-x32: hplun.dll => File Not Found
Startup: C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDADBC059A32CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\g9oa1pca.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @vmware.com/vmrc,version=5.1.0.00000 - C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 - C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: KeeFox - C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\g9oa1pca.default\Extensions\keefox@chris.tomlinson [2013-10-21]
FF Extension: Dict.cc Translation - C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\g9oa1pca.default\Extensions\searchdictcc@roughael.xpi [2013-04-01]
FF Extension: Adblock Plus - C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\g9oa1pca.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-29]
FF Extension: DownThemAll! - C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\g9oa1pca.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-03-29]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-18]
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013-04-21]

==================== Services (Whitelisted) =================

R2 AcronisAgent; C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [2046968 2012-12-29] (Acronis)
S2 AcronisOSSReinstallSvc; C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2217416 2007-02-22] ()
S3 ADMonitor; C:\Windows\system32\ADMonitor.exe [130048 2010-02-05] ()
R2 ANSYS, Inc. License Manager; C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [5457920 2012-09-24] (ANSYS, Inc.)
R2 ARSM; C:\Program Files (x86)\Acronis\ARSM\arsm.exe [5842040 2013-04-23] (Acronis)
R2 ATService; C:\Windows\system32\ATService.exe [2713920 2010-02-05] (AuthenTec, Inc.)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [11776 2012-05-19] ()
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2013-01-10] (Lenovo.)
R2 dtsvc; C:\Windows\system32\DTS.exe [117760 2010-02-05] ()
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093872 2008-09-18] (Symantec Corporation)
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2010-02-04] (Intel Corporation)
R2 MMS; C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [10339520 2013-04-23] (Acronis)
R2 MSSQL$VEEAMSQL2008R2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.VEEAMSQL2008R2\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
S3 NimbusScheduler; C:\Program Files (x86)\Quorum Software\Alike\\BackupScheduler.exe [3092480 2012-08-02] ()
S3 NimbusVaulter; C:\Program Files (x86)\Quorum Software\Alike\\DataVaulter.exe [659456 2012-08-02] ()
R2 nProbe; C:\Program Files (x86)\nProbe-Win32\nprobe.exe [1135616 2013-03-27] ()
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [34528 2013-03-28] (The OpenVPN Project)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
S2 PSE License Manager; C:\Program Files (x86)\FLEXlm\bin\lmgrd.exe [1500424 2009-11-27] (Acresso Software Inc.)
S2 redis; C:\Program Files (x86)\Redis\redis-service.exe [65550 2012-02-11] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [144368 2013-05-25] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe [2316184 2013-05-25] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe [334736 2013-05-25] (Symantec Corporation)
S4 SQLAgent$VEEAMSQL2008R2; C:\Program Files\Microsoft SQL Server\MSSQL10_50.VEEAMSQL2008R2\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22888 2013-09-17] ()
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2010-02-04] (Intel Corporation)
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2013-04-30] ()
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14401104 2013-08-27] ()

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20140115.011\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
R1 ccSettings_{98738D8E-2623-4C7C-8986-652A6C70CBA3}; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\ccSetx64.sys [169048 2013-05-25] (Symantec Corporation)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [106888 2012-05-19] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-29] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20140127.002\ENG64.SYS [126040 2013-12-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\VirusDefs\20140127.002\EX64.SYS [2099288 2013-12-27] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-17] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSP64.SYS [796760 2013-05-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SRTSPX64.SYS [36952 2013-05-25] (Symantec Corporation)
R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMDS64.SYS [493656 2013-05-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMEFA64.SYS [1139800 2013-05-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\Ironx64.SYS [224416 2013-05-25] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010BB9\00A5.105\x64\SYMNETS.SYS [433752 2013-05-25] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1119672 2013-08-03] (Acronis)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2013-08-03] (Acronis)
R3 VPPP; C:\Windows\System32\DRIVERS\VPPP.sys [38992 2010-03-31] (DrayTek, Corp.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-08-15] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [35344 2013-08-13] ()
S1 bcbus; system32\DRIVERS\bcbus.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-28 16:10 - 2014-01-28 16:12 - 00023465 _____ C:\FRST.txt
2014-01-28 15:59 - 2014-01-28 15:53 - 02079232 _____ (Farbar) C:\FRST64.exe
2014-01-28 15:53 - 2014-01-28 15:53 - 00000000 ____D C:\FRST
2014-01-28 15:38 - 2014-01-28 15:38 - 00001225 _____ C:\Users\Public\Desktop\Samsung Magician.lnk
2014-01-28 15:38 - 2014-01-28 15:38 - 00000000 ____D C:\ProgramData\Samsung
2014-01-28 15:38 - 2014-01-28 15:38 - 00000000 ____D C:\Program Files (x86)\Samsung
2014-01-22 19:28 - 2014-01-22 19:28 - 00001162 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-01-21 21:05 - 2014-01-21 21:07 - 00000000 _____ C:\Users\ich\AppData\Local\Temptable.xml
2014-01-15 23:27 - 2014-01-15 23:27 - 00000000 ____D C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-01-15 15:10 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 15:10 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 15:10 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 15:10 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 15:10 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 15:10 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 15:10 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 15:10 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 15:09 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-14 19:53 - 2014-01-14 19:53 - 00002186 _____ C:\Users\ich\Desktop\TitanEditor.lnk
2014-01-14 19:52 - 2014-01-14 19:52 - 00002225 _____ C:\Users\Public\Desktop\MediaPortal Extension Installer.lnk
2014-01-14 19:52 - 2014-01-14 19:52 - 00000000 ____D C:\Program Files (x86)\LAV Filters
2014-01-14 18:05 - 2014-01-14 18:05 - 00001796 _____ C:\Users\RedisService\Desktop\Alike Manager.lnk
2014-01-14 18:05 - 2014-01-14 18:05 - 00001796 _____ C:\Users\ich\Desktop\Alike Manager.lnk
2014-01-12 14:26 - 2014-01-12 14:26 - 00001324 _____ C:\Users\Public\Desktop\Acronis*Disk Director Suite.lnk
2014-01-11 12:14 - 2014-01-11 12:14 - 00000000 ____D C:\Program Files (x86)\Seafile
2014-01-10 17:54 - 2014-01-10 17:54 - 00000000 ____D C:\Program Files (x86)\Dokan
2014-01-10 17:50 - 2014-01-10 17:50 - 00000002 _____ C:\Windows\MP2-Setup.log
2014-01-04 17:31 - 2014-01-04 17:31 - 00001334 _____ C:\Users\ich\Desktop\backup_dokumente.lnk
2014-01-04 16:11 - 2014-01-11 12:14 - 00001048 _____ C:\Users\Public\Desktop\Seafile.lnk

==================== One Month Modified Files and Folders =======

2014-01-28 16:12 - 2014-01-28 16:10 - 00023465 _____ C:\FRST.txt
2014-01-28 16:12 - 2013-03-29 23:21 - 00000000 ____D C:\ProgramData\Bitmeter2
2014-01-28 16:04 - 2013-05-31 15:19 - 00000000 ____D C:\ProgramData\VMware
2014-01-28 16:04 - 2013-05-31 15:17 - 00000000 ____D C:\Program Files (x86)\VMware
2014-01-28 16:01 - 2013-09-27 10:58 - 00000000 ____D C:\Program Files\Common Files\VMware
2014-01-28 15:59 - 2013-03-29 18:22 - 01545301 _____ C:\Windows\WindowsUpdate.log
2014-01-28 15:53 - 2014-01-28 15:59 - 02079232 _____ (Farbar) C:\FRST64.exe
2014-01-28 15:53 - 2014-01-28 15:53 - 00000000 ____D C:\FRST
2014-01-28 15:50 - 2013-03-29 23:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-28 15:38 - 2014-01-28 15:38 - 00001225 _____ C:\Users\Public\Desktop\Samsung Magician.lnk
2014-01-28 15:38 - 2014-01-28 15:38 - 00000000 ____D C:\ProgramData\Samsung
2014-01-28 15:38 - 2014-01-28 15:38 - 00000000 ____D C:\Program Files (x86)\Samsung
2014-01-28 15:38 - 2013-03-29 18:23 - 00000000 ___RD C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-28 15:33 - 2013-06-30 17:59 - 00000000 ____D C:\Users\ich\Documents\Citavi 4
2014-01-28 14:31 - 2009-07-14 05:45 - 00027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-28 14:31 - 2009-07-14 05:45 - 00027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-28 14:26 - 2013-04-28 13:43 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2014-01-28 14:26 - 2013-04-28 13:43 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2014-01-28 14:25 - 2010-11-21 07:22 - 00772070 _____ C:\Windows\system32\perfh007.dat
2014-01-28 14:25 - 2010-11-21 07:22 - 00177614 _____ C:\Windows\system32\perfc007.dat
2014-01-28 14:25 - 2009-07-14 06:13 - 01825000 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-28 14:22 - 2013-04-02 15:54 - 01941504 ___SH (Skype Technologies S.A.) C:\Users\ich\AppData\Roaming\8cd98f00b.exe
2014-01-28 14:22 - 2013-04-02 15:54 - 00000000 ____D C:\Users\ich\AppData\Roaming\Skype
2014-01-28 14:20 - 2010-11-21 04:47 - 00274840 _____ C:\Windows\PFRO.log
2014-01-28 14:20 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-28 14:20 - 2009-07-14 05:51 - 00080223 _____ C:\Windows\setupact.log
2014-01-28 13:25 - 2013-03-30 08:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-28 13:25 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2014-01-28 13:24 - 2013-09-24 10:10 - 00000039 _____ C:\Windows\vbaddin.ini
2014-01-28 11:03 - 2013-03-31 19:35 - 00000000 ____D C:\Users\ich\AppData\Local\Adobe
2014-01-28 01:04 - 2013-03-29 23:47 - 00000000 ____D C:\Users\ich\AppData\Roaming\KeePass
2014-01-27 22:03 - 2013-09-11 13:17 - 00000000 ____D C:\Users\ich\AppData\Local\LogMeIn Hamachi
2014-01-27 20:09 - 2013-03-29 18:31 - 00000000 ____D C:\ProgramData\Symantec
2014-01-26 10:19 - 2013-03-31 10:37 - 00000600 _____ C:\Users\ich\AppData\Local\PUTTY.RND
2014-01-25 16:01 - 2013-05-31 18:42 - 00002234 ____H C:\Users\ich\Documents\Default.rdp
2014-01-24 21:52 - 2013-04-20 14:11 - 00000000 ____D C:\Users\ich\.cfx
2014-01-24 21:00 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2014-01-24 17:41 - 2013-04-20 10:07 - 00000000 ____D C:\Users\ich\AppData\Roaming\Ansys
2014-01-24 00:55 - 2013-04-20 10:17 - 00000000 ____D C:\Users\ich\AppData\Roaming\SolidWorks
2014-01-23 17:04 - 2013-03-30 00:47 - 00000000 ____D C:\Program Files portable
2014-01-23 16:44 - 2009-07-14 05:45 - 05137328 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-22 20:00 - 2013-03-29 23:17 - 00125944 _____ C:\Users\ich\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-22 19:28 - 2014-01-22 19:28 - 00001162 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-01-22 19:28 - 2013-04-18 11:21 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2014-01-22 07:58 - 2013-04-10 14:40 - 00000000 ____D C:\Users\ich\AppData\Roaming\vlc
2014-01-21 21:40 - 2013-04-20 10:36 - 00000000 ____D C:\Users\ich\AppData\Local\TempSWSicherungsverzeichnis
2014-01-21 21:07 - 2014-01-21 21:05 - 00000000 _____ C:\Users\ich\AppData\Local\Temptable.xml
2014-01-16 11:08 - 2013-06-30 17:58 - 00042712 _____ C:\QcOSD.txt
2014-01-15 23:27 - 2014-01-15 23:27 - 00000000 ____D C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-01-15 23:24 - 2013-07-24 18:05 - 00000600 _____ C:\Users\ich\AppData\Roaming\winscp.rnd
2014-01-15 16:22 - 2013-07-14 22:43 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 16:19 - 2011-12-03 21:05 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 19:53 - 2014-01-14 19:53 - 00002186 _____ C:\Users\ich\Desktop\TitanEditor.lnk
2014-01-14 19:52 - 2014-01-14 19:52 - 00002225 _____ C:\Users\Public\Desktop\MediaPortal Extension Installer.lnk
2014-01-14 19:52 - 2014-01-14 19:52 - 00000000 ____D C:\Program Files (x86)\LAV Filters
2014-01-14 19:52 - 2013-10-02 12:25 - 00002220 _____ C:\Users\Public\Desktop\MediaPortal Configuration.lnk
2014-01-14 19:52 - 2013-09-15 11:40 - 00002178 _____ C:\Users\Public\Desktop\MediaPortal.lnk
2014-01-14 19:52 - 2013-09-15 11:39 - 00000000 ____D C:\Program Files (x86)\Team MediaPortal
2014-01-14 18:05 - 2014-01-14 18:05 - 00001796 _____ C:\Users\RedisService\Desktop\Alike Manager.lnk
2014-01-14 18:05 - 2014-01-14 18:05 - 00001796 _____ C:\Users\ich\Desktop\Alike Manager.lnk
2014-01-14 18:05 - 2013-08-09 07:17 - 00001796 _____ C:\Users\Acronis Agent User\Desktop\Alike Manager.lnk
2014-01-13 14:03 - 2013-08-20 13:45 - 00000000 ____D C:\Users\ich\AppData\Roaming\HLSW
2014-01-12 14:26 - 2014-01-12 14:26 - 00001324 _____ C:\Users\Public\Desktop\Acronis*Disk Director Suite.lnk
2014-01-12 14:26 - 2013-08-03 08:27 - 00198944 _____ (Acronis) C:\Windows\system32\Drivers\snapman.sys
2014-01-12 14:26 - 2013-08-03 08:26 - 00000000 ____D C:\Program Files (x86)\Acronis
2014-01-11 12:14 - 2014-01-11 12:14 - 00000000 ____D C:\Program Files (x86)\Seafile
2014-01-11 12:14 - 2014-01-04 16:11 - 00001048 _____ C:\Users\Public\Desktop\Seafile.lnk
2014-01-10 18:14 - 2013-09-15 11:39 - 00000000 ____D C:\ProgramData\Team MediaPortal
2014-01-10 17:54 - 2014-01-10 17:54 - 00000000 ____D C:\Program Files (x86)\Dokan
2014-01-10 17:50 - 2014-01-10 17:50 - 00000002 _____ C:\Windows\MP2-Setup.log
2014-01-05 12:27 - 2013-04-01 18:42 - 00000000 ____D C:\ProgramData\CrashPlan
2014-01-04 17:31 - 2014-01-04 17:31 - 00001334 _____ C:\Users\ich\Desktop\backup_dokumente.lnk

Some content of TEMP:
====================
C:\Users\ich\AppData\Local\Temp\jna3739224625466413942.dll
C:\Users\ich\AppData\Local\Temp\moving-pictures-setup.exe
C:\Users\ich\AppData\Local\Temp\q9yyl0r8.dll
C:\Users\ich\AppData\Local\Temp\uninstall-temp.exe
C:\Users\ich\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 02:05

==================== End Of Log ============================
         
--- --- ---


Addition.txt
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2014 02
Ran by ich at 2014-01-28 16:12:44
Running from C:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

==================== Installed Programs ======================

µTorrent (x32 Version: 3.3.0.29625 - BitTorrent Inc.)
Acronis Backup & Recovery 11.5 Agent Core (x32 Version: 11.5.37613 - Acronis)
Acronis Backup & Recovery 11.5 Command-Line Tool (x32 Version: 11.5.37613 - Acronis)
Acronis Backup & Recovery 11.5 Tray Monitor (x32 Version: 11.5.37613 - Acronis)
Acronis Backup & Recovery 11.5*Agent for Windows (x32 Version: 11.5.37613 - Acronis)
Acronis Backup & Recovery 11.5*Bootable Media Builder (x32 Version: 11.5.37613 - Acronis)
Acronis Backup & Recovery 11.5*Management*Console (x32 Version: 11.5.37613 - Acronis)
Acronis*Disk Director Suite (x32 Version: 10.0.2160 - Acronis)
ActivePerl 5.14.4 Build 1405 (64-bit) (Version: 5.14.1405 - ActiveState)
Advanced PDF Password Recovery (HKCU Version: 5.0 - ElcomSoft Co. Ltd.)
Anzeige am Bildschirm (Version: 6.67.10 - )
Avidemux 2.6 (32-bit) (x32 Version: 2.6.4.8696 - )
BitMeter (x32 Version:  - )
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Cisco Systems VPN Client 5.0.07.0440 (Version: 5.0.7 - Cisco Systems, Inc.)
Citavi (x32 Version: 3.4.0.2 - Swiss Academic Software)
Citavi 4 (x32 Version: 4.1.0.3 - Swiss Academic Software)
Citrix XenCenter (x32 Version: 6.2.2 - Citrix Systems, Inc.)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden
Conexant 20561 SmartAudio HD (Version: 4.92.12.0 - Conexant)
DAEMON Tools Lite (x32 Version: 4.47.1.0333 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
DeltaCopy (x32 Version: 1.40.0000 - Synametrics Technologies)
Dienstprogramm "ThinkPad UltraNav" (x32 Version: 2.13.0 - Lenovo)
Dokan Library 0.5.3 (x32 Version:  - )
DrayTek Smart VPN Client (x32 Version:  - )
EMS Data Import 2007 for MySQL (x32 Version: 3.2.0.4 - EMS)
Energie-Manager (x32 Version: 6.45 - )
FlashFXP (x32 Version: 4.3.0.1947 - OpenSight Software LLC)
Flashtool (x32 Version: 0.9.10.2beta6 - Androxyde)
FLEXlm for PSE 11.6.1.10 (x32 Version: 11.6.1.10 - Process Systems Enterprise)
GIMP 2.8.6 (Version: 2.8.6 - The GIMP Team)
GPL Ghostscript (Version: 9.10 - Artifex Software Inc.)
GTA2 (x32 Version: 1.00.001 - )
Gtk# for .Net 2.12.10 (x32 Version: 2.12.10 - Novell, Inc.)
HLSW v1.4.0.2 (x32 Version:  - Stripf Software)
ImageJ 1.47v (Version:  - NIH)
ImgBurn (x32 Version: 2.5.7.0 - LIGHTNING UK!)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2555 - Intel Corporation)
Intel(R) Management Engine Interface (Version:  - Intel Corporation)
Intel(R) Network Connections Drivers (Version: 16.1 - Intel)
Intel® Active-Management-Technologie (Version:  - Intel Corporation)
IPMIView (x32 Version: 2.3.0.0 - SUPERMICRO)
Java 7 Update 25 (64-bit) (Version: 7.0.250 - Oracle)
Java(TM) 6 Update 45 (64-bit) (Version: 6.0.450 - Oracle)
JDownloader 2 (x32 Version: 2 - AppWork GmbH)
KeePass Password Safe 2.21 (x32 Version:  - Dominik Reichl)
LAV Filters 0.59.1 (x32 Version: 0.59.1 - Hendrik Leppkes)
Lenovo Fingerprint Software (Version: 3.3.2.27 - AuthenTec, Inc.)
Lenovo Patch Utility (x32 Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Power Management Driver (Version: 1.66.00.22 - )
Lenovo System Interface Driver (Version: 1.05 - )
Lenovo System Update (x32 Version: 5.03.0005 - Lenovo)
LinuxLive USB Creator (x32 Version: 2.8 - Thibaut Lauziere)
LiveUpdate 3.3 (Symantec Corporation) (x32 Version: 3.3.0.73 - Symantec Corporation)
LogMeIn Hamachi (x32 Version: 2.2.0.58 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.58 - LogMeIn, Inc.) Hidden
MATLAB R2012a (Version: 7.14 - The MathWorks, Inc.)
MediaPortal (x32 Version: 1.6.0 - Team MediaPortal)
MediaPortal TV Server / Client (x32 Version: 1.6.0 - Team MediaPortal)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (x32 Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 (64-bit) (Version:  - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Native Client (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Browser (x32 Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visio Premium 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) German (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (Version: 2.0.50728 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MiKTeX 2.9 (x32 Version: 2.9 - MiKTeX.org)
MIT Kerberos for Windows (64-bit) 4.0.0 Wed 06/19/2013 13:36:27.34 (Version: 4.0.0 - Massachusetts Institute of Technology) Hidden
MOBackup - Datensicherung für Outlook (Testversion) (x32 Version: 7.0 - Heiko Schröder)
ModelBuilder 3.5.1.54826 (x32 Version: 3.5.1.54826 - Process Systems Enterprise Ltd)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Connector/ODBC 5.2 32bit (community edition) (x32 Version: 5.2.5 - Oracle Corporation)
MySQL Connector/ODBC 5.2 64bit (community edition) (Version: 5.2.5 - Oracle Corporation)
nProbe for Win32 6.12.130327 (x32 Version: 6.12.130327 - Luca Deri <deri@ntop.org>)
OpenVPN 2.3.1-I001  (Version: 2.3.1-I001 - )
Origin90 (x32 Version: 9.00.00 - OriginLab Corporation)
PDF Architect (x32 Version: 1.0.52.8917 - pdfforge)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (x32 Version: 1.6.2 - pdfforge)
PEAK DVB-T BDA Drivers (x32 Version:  - )
phpDesigner 8 version 8.1.1 (x32 Version:  - MPSOFTWARE)
PS3 Media Server (x32 Version: 1.90.1 - PS3 Media Server)
Python 3.3 pip-1.4.1 (64-bit) (Version:  - )
Python 3.3.2 (64-bit) (Version: 3.3.2150 - Python Software Foundation)
Quake 3 Arena Demo (x32 Version:  - )
QuickPar 0.9 (x32 Version: 0.9 - Peter B. Clements)
Redis version 2.4.6.0 (x32 Version: 2.4.6.0 - rgl)
Samsung Magician (x32 Version: 4.3.0 - Samsung Electronics)
Seafile 2.1.1 (x32 Version: 2.1.1 - HaiWenHuZhi ltd.)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (Version: 10.51.2500.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SolidWorks 2013 x64 Edition SP0 (Version: 21.100.5024 - SolidWorks) Hidden
SolidWorks 2013 x64 Edition SP0 (x32 Version: 21.0.0.5024 - SolidWorks Corporation)
SolidWorks 2013 x64 German Resources (Version: 21.100.5024 - SolidWorks Corporation) Hidden
SolidWorks eDrawings 2013 x64 Edition SP0 (Version: 13.0.5016 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden
Sony Mobile Update Service (x32 Version: 2.13.4.20 - Sony Mobile Communications AB)
SopCast 3.8.2 (x32 Version: 3.8.2 - www.sopcast.com)
SpeechRedist (x32 Version: 1.0.0 - Epic Games Inc.)
Spraytec version 3.03 (x32 Version: 3.03.004 - Malvern Instruments Ltd)
Spraytec version 3.03 (x32 Version: 3.03.004 - Malvern Instruments Ltd) Hidden
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQLyog 9.10  (x32 Version: 9.10  - Webyog Softworks Pvt. Ltd.)
SugarSync (x32 Version: 2.0.34.118720 - SugarSync, Inc.)
SumatraPDF (x32 Version: 2.3.2 - Krzysztof Kowalczyk)
Symantec Endpoint Protection (Version: 12.1.3001.165 - Symantec Corporation)
Synology Assistant (remove only) (x32 Version:  - )
TAP-Windows 9.9.2 (Version: 9.9.2 - )
TeamSpeak 3 Client (x32 Version: 3.0.11 - TeamSpeak Systems GmbH)
TeamViewer 9 (x32 Version: 9.0.24951 - TeamViewer)
TeXnicCenter Version 2.0 Beta 1 (Version: 2.0 Beta 1 - The TeXnicCenter Team)
ThinkPad FullScreen Magnifier (Version: 2.40 - )
ThinkPad Modem Adapter (Version: 7.80.5.0 - Conexant Systems)
ThinkPad UltraNav Driver (Version: 16.2.19.7 - )
tools-freebsd (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-linux (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-netware (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-solaris (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-windows (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
tools-winPre2k (x32 Version: 9.6.0.1295980 - VMware, Inc.) Hidden
Total Commander 64-bit (Remove or Repair) (Version: 8.01 - Ghisler Software GmbH)
TrueCrypt (x32 Version: 7.1a - TrueCrypt Foundation)
Unreal Tournament (x32 Version:  - )
Unreal Tournament 2003 (x32 Version:  - )
Unreal Tournament 2004 (x32 Version:  - )
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
VLC media player 2.0.5 (Version: 2.0.5 - VideoLAN)
VLC media player 2.0.8 (x32 Version: 2.0.8 - VideoLAN)
VMware Virtual Disk Development Kit (x32 Version: 5.1.0.774844 - VMware, Inc.)
VMware vSphere Client 5.1 (x32 Version: 5.1.0.2669 - VMware, Inc.)
VMware vSphere Client 5.5 (x32 Version: 5.5.0.3165 - VMware, Inc.)
VMware Workstation (Version: 10.0.0 - VMware, Inc.) Hidden
VMware Workstation (x32 Version: 10.0.0 - VMware, Inc)
VMware-OpenSSL (Version: 6.0.0.196 - VMware, Inc.) Hidden
VMware-python (Version: 6.0.0.731 - VMware, Inc.) Hidden
VNC Viewer 5.0.6 (Version: 5.0.6 - RealVNC Ltd)
Windows 7 USB/DVD Download Tool (x32 Version: 1.0.30 - Microsoft Corporation)
Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric  (01/14/2010 8.6.0.13) (Version: 01/14/2010 8.6.0.13 - AuthenTec Inc.)
WinISO 5.3 (x32 Version:  - WinISO Computing Inc.)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-Bit) (Version: 4.20.0 - win.rar GmbH)
XBMC (HKCU Version:  - Team XBMC)
XG (x32 Version: 1.00.0000 - XG)

==================== Restore Points  =========================

15-01-2014 15:19:37 Windows Update
15-01-2014 22:27:20 Installed Citrix XenCenter
28-01-2014 12:17:19 Windows Update
28-01-2014 15:00:34 Removed VMware vCenter Server - Java Components.
28-01-2014 15:01:47 Removed VMware vSphere CLI.
28-01-2014 15:04:18 Removed VMware vCenter Converter Standalone.
28-01-2014 15:05:18 Entfernt Paragon Partition Manager™ 2013 Free.

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-12-04 15:07 - 00001318 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (whitelisted) =============


Task: {2AC1EA1E-E12F-4926-B3C3-2A20FCF286C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {7D9DACC2-1046-4A66-949E-13DC1A3CB621} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-09-17] ()
Task: {E145AC0C-8482-4563-9536-ED5C542456A8} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-04-28] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\OMV.job => ?

==================== Loaded Modules (whitelisted) =============

2012-12-05 14:45 - 2012-12-05 14:45 - 01547776 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\RCDCD130.DLL
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2013-10-11 06:31 - 2013-10-11 06:31 - 00246624 _____ () C:\Program Files (x86)\SugarSync\x64\SugarSyncVFSNamespace64.dll
2013-03-30 00:36 - 2013-01-10 06:45 - 00104960 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2012-09-28 04:50 - 2012-09-28 04:50 - 00272488 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
2013-04-23 21:33 - 2013-04-23 21:33 - 00283456 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\fnls.dll
2013-04-23 21:33 - 2013-04-23 21:33 - 00324424 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\events_trace.dll
2013-04-23 21:34 - 2013-04-23 21:34 - 00436776 _____ () C:\Program Files (x86)\Common Files\Acronis\BackupAndRecovery\Common\FileTrace.dll
2011-03-04 11:49 - 2011-03-04 11:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2013-08-17 16:05 - 2008-01-30 13:30 - 02121728 _____ () C:\Program Files (x86)\nProbe-Win32\libmysql.dll
2013-04-23 22:29 - 2013-04-23 22:29 - 00915400 _____ () C:\Program Files (x86)\Acronis\BackupAndRecovery\human_resolving_mms.dll
2013-08-27 11:42 - 2013-08-27 11:42 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2014-01-10 15:16 - 2014-01-10 15:16 - 00188309 _____ () C:\Program Files (x86)\Seafile\bin\libjansson-4.dll
2014-01-10 15:16 - 2014-01-10 15:16 - 01663157 _____ () C:\Program Files (x86)\Seafile\bin\libsqlite3-0.dll
2014-01-10 15:16 - 2014-01-10 15:16 - 00043008 _____ () C:\Program Files (x86)\Seafile\bin\libgcc_s_dw2-1.dll
2014-01-10 15:16 - 2014-01-10 15:16 - 00011362 _____ () C:\Program Files (x86)\Seafile\bin\mingwm10.dll
2014-01-10 15:16 - 2014-01-10 15:16 - 00428434 _____ () C:\Program Files (x86)\Seafile\bin\libccnet-0.dll
2014-01-10 15:16 - 2014-01-10 15:16 - 00878761 _____ () C:\Program Files (x86)\Seafile\bin\libevent-2-0-5.dll
2014-01-10 15:16 - 2014-01-10 15:16 - 00124329 _____ () C:\Program Files (x86)\Seafile\bin\libsearpc-1.dll
2014-01-10 15:16 - 2014-01-10 15:16 - 00351301 _____ () C:\Program Files (x86)\Seafile\bin\libseafile-0.dll
2013-12-20 18:03 - 2013-12-20 18:03 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-06-30 17:59 - 2013-05-23 06:17 - 00428032 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\FirefoxPickerCommunication.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-01-28 15:38 - 2013-11-28 12:14 - 00013824 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-01-28 15:38 - 2013-11-28 18:59 - 00098816 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\PAL.dll
2014-01-28 15:38 - 2013-11-28 18:59 - 00034304 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SATA.dll
2014-01-28 15:38 - 2013-11-28 18:59 - 00032768 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAT.dll
2014-01-28 15:38 - 2013-11-28 19:00 - 00031232 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SMINI.dll
2014-01-28 15:38 - 2013-11-28 18:59 - 00029696 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAS.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Microsoft:BS5u4pbjBsHDz115Tk6VjT
AlternateDataStreams: C:\ProgramData\Microsoft:L6jMUTEcAdPttIu2iuxizkKiVt
AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 28.01.2014, 17:01   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist - Standard

Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist



Zitat:
Windows 7 Enterprise Service Pack 1 (X64) OS Language: German Standard
Warum bitte ne Enterprise Edition? Woher hast du die? Oder ist das ein gewerblich genutzter Rechner?

Zitat:
System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Sag nicht, dass du ein gecracktes Office gewerblich verwendest
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.01.2014, 17:42   #5
monchi96
 
Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist - Standard

Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist



Windows Version ist von der Uni, wieso das ne Enterprise Version ist kann ich dir nicht sagen.

Lizenz stammt aus dem "dreamspark Programm"

EDIT:
ich habe die kiste mit ner Linux boot cd gestartet und die datei einfach gelöscht. Nachdem Neustart in Windows war sie nicht wieder da und ich konnte skype regulär installieren.

Thread kann also gelöscht werden!


Antwort

Themen zu Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist
ausgeführt, bluescreen, herausfinden, installation, installier, installiere, installiert, laufe, laufenden, melde, meldet, nicht installiert, programm, protection, prozesse, prozessen, scan, scanner, skype, tagen, taskma, taskmanager, versuch, versucht, virenscan, virenscanner




Ähnliche Themen: Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist


  1. Skype Virus "Your skype does not support extended icons"
    Log-Analyse und Auswertung - 10.10.2014 (15)
  2. Windows 7 - Skype Update - Umleitung auf skype.gmw.cn
    Alles rund um Windows - 12.08.2014 (9)
  3. Skype Zertifikat Problem a248.e.akamai.net wegen Werbung in Skype?
    Plagegeister aller Art und deren Bekämpfung - 05.03.2014 (3)
  4. "Skype" und "Minianwendungen" werden nicht mehr ausgeführt (Windows 7)
    Log-Analyse und Auswertung - 21.05.2013 (3)
  5. Avira Meldet "C:\WINDOWS\system32\Skype.scr\Skype.exe" und kommt immer wieder
    Plagegeister aller Art und deren Bekämpfung - 14.05.2013 (11)
  6. Probleme mit Skype, Dev-C ++ und Internet, z.B. friert der Bildschirm während der Benutzung von Skype ein
    Plagegeister aller Art und deren Bekämpfung - 21.03.2013 (17)
  7. TR/Crypt.ZPACK.Gen2 Virus in Program Files (x86)/Skype/Phone/Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (1)
  8. TR/Crypt.ZPACK.Gen 2 in C:\Programm Files (x86)\Skype\Phone\Skype.exe
    Log-Analyse und Auswertung - 27.02.2013 (15)
  9. Avira meldet: 'TR/Crypt.ZPACK.Gen2' [trojan] in der Datei 'C:\Program Files\Skype\Phone\Skype.exe'
    Plagegeister aller Art und deren Bekämpfung - 08.12.2012 (2)
  10. Skype Virus angeklickt aber nicht ausgeführt wurde nun gerne wissen ob mein PC sicher ist
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (1)
  11. TR/Crypt.ZPACK.Gen2 in C:\Program Files\Skype\Phone\Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (2)
  12. Skype-Trojaner obwohl ich nicht auf Link geklickt habe
    Log-Analyse und Auswertung - 11.02.2012 (2)
  13. TR/Crypt.ZPACK.Gen2 - in Programme/Skype/Phone/Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 12.10.2011 (9)
  14. Nach dem "Windows diagnostic" virus- alle programme wird nicht angezeigt+ skype funzt. nicht
    Plagegeister aller Art und deren Bekämpfung - 24.04.2011 (6)
  15. TR/Crypt.XPACK.Gen in C:\Programme\Skype\Phone\Skype.exe
    Plagegeister aller Art und deren Bekämpfung - 24.10.2010 (2)
  16. Skype geht nicht mehr
    Alles rund um Windows - 02.09.2010 (1)
  17. Skype/skype me modus
    Überwachung, Datenschutz und Spam - 03.09.2006 (2)

Zum Thema Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist - Hi, ich habe vor ein paar Tagen versucht Skype zu installieren. Die installation ist immer mit einem Bluescreen abgebrochen. Durch Zufall habe ich dann gesehen das mein Taskmanager mir eine - Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist...
Archiv
Du betrachtest: Skype.exe wird ausgeführt obwohl Skype gar nicht installiert ist auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.