Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
IP Adresse aus Indien versucht Zugriff auf meine NAS

IP Adresse aus Indien versucht Zugriff auf meine NAS


Log-Analyse und Auswertung: IP Adresse aus Indien versucht Zugriff auf meine NAS

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 07.01.2014, 18:33   #1
AnDan
 
IP Adresse aus Indien versucht Zugriff auf meine NAS - Standard

IP Adresse aus Indien versucht Zugriff auf meine NAS


Hallo

ich habe versucht meine QNAP NAS über das INet erreichbar zu machen. Scheinbar ist dabei ein böser Finger in mein Netzwerk eingedrungen.
Im SysLog der NAS fand ich eine IP Adresse, der die NAS den Zugang verweigert und auf die Bann Liste gesetzt hat. Die Meldung lautet " [Security] Access violation from 14.139.125.116 with TCP (port=22)".
Dieser Vorfall fand gestern Abend 21:15 statt. Gleichzeitig hatte ich dann Ausfälle im WLAN. An diesem WLAN hängen 3 Notebooks (Win 7 64Bit)und 3 Smart Phones.
Über whois habe ich gesehen, dass die IP (vielleicht) aus Indien kommt. Ich möchte wissen, ob sich der Bösewicht jetzt mein System in ein Bot einverleibt hat.

Ich habe Win 7 64Bit Rechner mit allen Updates und KAS Pure 3.0 auch aktuell. Der Rechner hängt über einen TP Link (reiner) Router an einer Fritz!Box 3030. Die Fritz stellt die Verbindung ins INet her. Die NAS ist mit einem Port an dem TP und mit dem anderen Port an der Fritz.

Malewarebytes hatte ich in einem ersten Anflug von Panik heruntergeladen und installiert, aber noch nicht laufen lassen!

Ist das machbar?

Hier ist defrogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:47 on 07/01/2014 (Andreas)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Dies ist FRST.txt
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-01-2014
Ran by Andreas (administrator) on OFFICEHOME on 07-01-2014 17:48:23
Running from C:\Users\Andreas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\rsyncd\bin\cygrunsrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\rsyncd\bin\rsync.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(QNAP) C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
(QNAP Systems, Inc.) C:\Program Files\QNAP\NetBak\Enclosure.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
(Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\stpass.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Users\Andreas\Desktop\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VX1000] - C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-15] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [Power Manager] - C:\Program Files (x86)\Gembird\Power Manager\pm.exe [10043392 2010-12-09] (Gembird Europe B.V.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [208424 2013-10-08] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [CTxfiHlp] - C:\Windows\\SysWOW64\CTXFIHLP.EXE [25600 2010-05-05] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\Apple\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [HP Officejet 6600 (NET)] - C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF0C7B49204C8CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {B6ED844C-78CC-44DF-96FD-4D629D8AA22E} URL = https://ixquick.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=deutsch
SearchScopes: HKCU - {B6ED844C-78CC-44DF-96FD-4D629D8AA22E} URL = https://ixquick.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=deutsch
SearchScopes: HKCU - {F4EE7045-1ACD-4300-89BD-B3EB4A0E406A} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files (x86)\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
BHO-x32: Ghostery IE - {11111111-1111-1111-1111-110211091100} - C:\Program Files (x86)\Ghostery IE\Ghostery IE.dll (Evidon Inc.)
BHO-x32: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\dk0274w4.default
FF DefaultSearchEngine: Google
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\Apple\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @kaspersky.com/Kaspersky PURE - C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\npkpmAutofill.dll (Kaspersky Lab)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ghostery - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\dk0274w4.default\Extensions\firefox@ghostery.com.xpi
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF HKCU\...\Firefox\Extensions: [{72CA2996-F580-47DF-98FF-0B853D09CEC8}] - C:\Users\Andreas\AppData\Roaming\Kaspersky Lab\Password Manager\kpmAutofill
FF Extension: Password Manager plugin - C:\Users\Andreas\AppData\Roaming\Kaspersky Lab\Password Manager\kpmAutofill

==================== Services (Whitelisted) =================

R2 avp; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-10-15] (Kaspersky Lab ZAO)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040 2012-12-21] (Infowatch)
R2 Lexware_Datenbank_Plus; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2011-06-29] (iAnywhere Solutions, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RsyncServer; C:\rsyncd\bin\cygrunsrv.exe [129550 2012-03-07] ()
S4 LogWatch; "C:\Program Files (x86)\CA\SharedComponents\CA_LIC\LogWatNT.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch)
R1 CSN5PDTS82x64; C:\Windows\System32\Drivers\CSN5PDTS82x64.sys [34840 2012-10-24] (Colasoft Co., Ltd.)
R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch)
S2 DbgMsg; C:\Windows\SysWow64\Drivers\DbgMsg.sys [18240 2008-07-07] ()
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWow64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\SysWow64\EuGdiDrv.sys [9160 2013-03-07] ()
R3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2012-12-27] (Hauppauge Computer Works, Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31136 2013-12-03] (REALiX(tm))
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-10-15] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [626272 2013-10-15] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2013-10-15] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-15] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-15] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-07-15] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-07-15] (Kaspersky Lab ZAO)
S3 Ltn_stk7070P_64; C:\Windows\System32\DRIVERS\Ltn_stk7070P_64.sys [543232 2012-12-27] (LITEON)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 nvrd64; C:\Windows\System32\DRIVERS\nvrd64.sys [175720 2010-04-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 PolarUSB; C:\Windows\SysWow64\DRIVERS\PolarUSB.sys [17343 2001-07-12] (Polar Electro)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-12-03] ()
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-09-06] (Oracle Corporation)
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-15] (Kaspersky Lab ZAO)
S3 MosIrUsb; system32\DRIVERS\MosIrUsb.sys [x]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
S3 NTIOLib_1_0_C; \??\C:\MSI\MSI SUITE\NTIOLib_X64.sys [x]
S3 NTIOLib_1_0_D; \??\C:\MSI\MSI SUITE\ControlCenter\NTIOLib_X64.sys [x]
S3 NTIOLib_1_1_S; \??\C:\MSI\MSI SUITE\Super-Charger\NTIOLib_X64.sys [x]
R3 QDrive; \??\E:\Temp\QDrive.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-07 17:48 - 2014-01-07 17:51 - 00021988 _____ C:\Users\Andreas\Desktop\FRST.txt
2014-01-07 17:48 - 2014-01-07 17:48 - 00000000 ____D C:\FRST
2014-01-07 17:47 - 2014-01-07 17:47 - 00000476 _____ C:\Users\Andreas\Desktop\defogger_disable.log
2014-01-07 17:47 - 2014-01-07 17:47 - 00000000 _____ C:\Users\Andreas\defogger_reenable
2014-01-07 17:47 - 2014-01-07 17:44 - 01931762 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2014-01-07 17:47 - 2014-01-07 17:44 - 00377856 _____ C:\Users\Andreas\Desktop\gmer_2.1.19163.exe
2014-01-07 17:43 - 2014-01-07 17:43 - 00050477 _____ C:\Users\Andreas\Desktop\Defogger.exe
2014-01-07 17:41 - 2014-01-07 17:41 - 00060939 _____ C:\Users\Andreas\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
2014-01-07 17:41 - 2014-01-07 17:41 - 00000000 ____D C:\Users\Andreas\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board-Dateien
2014-01-07 17:38 - 2014-01-07 17:38 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Malwarebytes
2014-01-07 17:37 - 2014-01-07 17:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-07 17:37 - 2014-01-07 17:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-07 17:37 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-05 13:52 - 2014-01-05 13:55 - 00000000 ____D C:\b362a555f29fe2271622fdd1
2014-01-02 16:44 - 2014-01-02 16:45 - 00000000 ____D C:\77a3d41f9eef980970cabd0440a26050
2014-01-02 15:26 - 2014-01-02 16:52 - 00000000 ____D C:\Program Files\OpenVPN
2014-01-02 15:22 - 2014-01-02 15:22 - 00002128 _____ C:\Users\Andreas\Desktop\openvpn.zip
2013-12-30 20:50 - 2013-12-30 20:50 - 00770592 _____ C:\Windows\Minidump\123013-61448-01.dmp
2013-12-30 20:50 - 2013-12-30 20:50 - 00000000 _____ C:\Windows\setuperr.log
2013-12-30 20:50 - 2002-01-01 00:00 - 00000504 _____ C:\Windows\setupact.log
2013-12-30 20:49 - 2013-12-30 20:49 - 519068579 ____N C:\Windows\MEMORY.DMP
2013-12-28 14:12 - 2013-12-28 14:13 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-28 14:12 - 2013-12-28 14:13 - 00000000 ____D C:\Program Files\iTunes
2013-12-28 14:12 - 2013-12-28 14:12 - 00000000 ____D C:\Program Files\iPod
2013-12-28 14:12 - 2013-12-28 14:12 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-12-28 14:12 - 2013-12-28 14:12 - 00000000 ____D C:\Program Files (x86)\Apple
2013-12-28 14:11 - 2013-12-28 14:11 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-28 14:11 - 2013-12-28 14:11 - 00000000 ____D C:\Program Files\Bonjour
2013-12-28 14:11 - 2013-12-28 14:11 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-12-26 20:14 - 2013-12-26 21:22 - 00000040 _____ C:\Users\Andreas\AppData\Roaming\cdr.ini
2013-12-26 20:14 - 2013-12-26 20:14 - 00001017 _____ C:\Users\UpdatusUser\Desktop\Free CD to MP3 Converter.lnk
2013-12-26 20:14 - 2013-12-26 20:14 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2013-12-26 20:14 - 2013-12-26 20:14 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Eusing
2013-12-26 20:14 - 2013-12-26 20:14 - 00000000 ____D C:\Program Files (x86)\CD to MP3 Freeware
2013-12-26 20:14 - 2001-03-23 16:29 - 00880912 _____ (Microsoft Corporation) C:\Windows\WM8EUTIL.exe
2013-12-23 20:50 - 2013-12-23 20:50 - 02552520 _____ C:\Users\Andreas\Documents\Weihnachten Koors Janine.pptx
2013-12-22 13:05 - 2013-12-22 13:05 - 00031392 _____ C:\Users\Andreas\Desktop\TP config.bin
2013-12-13 11:14 - 2013-12-13 11:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-13 10:24 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-13 10:24 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-13 10:24 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-13 10:24 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-13 10:22 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-13 10:22 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-13 10:22 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-13 10:22 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-13 10:22 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-13 10:22 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-13 10:22 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-13 10:22 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-13 10:22 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-13 10:22 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-13 10:22 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-13 10:22 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-13 10:22 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-13 10:22 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-13 10:22 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-13 10:22 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-13 10:22 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-13 10:22 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-13 10:22 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-13 10:22 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-13 10:22 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-13 10:22 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-13 10:22 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-13 10:22 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-13 10:22 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-13 10:22 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-13 10:22 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-13 10:22 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-13 10:22 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-13 10:22 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-13 10:22 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-13 10:17 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-13 10:17 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-13 10:17 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-13 10:17 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-13 10:17 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-13 10:17 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-13 10:17 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-13 10:17 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-13 10:17 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-13 10:17 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-13 10:17 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-13 10:16 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-13 10:16 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-13 10:16 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-13 10:16 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-13 10:16 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-13 10:16 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-13 10:16 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-13 10:16 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-10 18:55 - 2013-12-10 19:05 - 00000000 ____D C:\Program Files (x86)\PDF24
2013-12-10 10:03 - 2013-12-10 10:03 - 00003044 _____ C:\Windows\System32\Tasks\NetBakAutoStartup
2013-12-10 10:02 - 2013-12-10 10:02 - 00000000 ____D C:\Program Files\QNAP

==================== One Month Modified Files and Folders =======

2014-01-07 17:51 - 2014-01-07 17:48 - 00021988 _____ C:\Users\Andreas\Desktop\FRST.txt
2014-01-07 17:48 - 2014-01-07 17:48 - 00000000 ____D C:\FRST
2014-01-07 17:47 - 2014-01-07 17:47 - 00000476 _____ C:\Users\Andreas\Desktop\defogger_disable.log
2014-01-07 17:47 - 2014-01-07 17:47 - 00000000 _____ C:\Users\Andreas\defogger_reenable
2014-01-07 17:47 - 2012-11-21 09:07 - 00000000 ____D C:\Users\Andreas
2014-01-07 17:44 - 2014-01-07 17:47 - 01931762 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2014-01-07 17:44 - 2014-01-07 17:47 - 00377856 _____ C:\Users\Andreas\Desktop\gmer_2.1.19163.exe
2014-01-07 17:43 - 2014-01-07 17:43 - 00050477 _____ C:\Users\Andreas\Desktop\Defogger.exe
2014-01-07 17:41 - 2014-01-07 17:41 - 00060939 _____ C:\Users\Andreas\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
2014-01-07 17:41 - 2014-01-07 17:41 - 00000000 ____D C:\Users\Andreas\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board-Dateien
2014-01-07 17:38 - 2014-01-07 17:38 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Malwarebytes
2014-01-07 17:37 - 2014-01-07 17:37 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-07 17:37 - 2014-01-07 17:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-07 17:28 - 2012-11-22 20:07 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-07 16:37 - 2012-11-21 09:33 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-07 16:19 - 2013-09-03 08:11 - 01187244 _____ C:\Windows\WindowsUpdate.log
2014-01-06 19:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-05 17:45 - 2009-07-14 05:45 - 00030128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-05 17:45 - 2009-07-14 05:45 - 00030128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-05 13:55 - 2014-01-05 13:52 - 00000000 ____D C:\b362a555f29fe2271622fdd1
2014-01-02 16:52 - 2014-01-02 15:26 - 00000000 ____D C:\Program Files\OpenVPN
2014-01-02 16:48 - 2013-07-01 10:31 - 00004158 _____ C:\Users\Andreas\AppData\Roaming\Rim.Desktop.Exception.log
2014-01-02 16:48 - 2013-07-01 10:31 - 00003311 _____ C:\Users\Andreas\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-01-02 16:45 - 2014-01-02 16:44 - 00000000 ____D C:\77a3d41f9eef980970cabd0440a26050
2014-01-02 15:22 - 2014-01-02 15:22 - 00002128 _____ C:\Users\Andreas\Desktop\openvpn.zip
2014-01-02 13:25 - 2011-04-12 08:43 - 00702954 _____ C:\Windows\system32\perfh007.dat
2014-01-02 13:25 - 2011-04-12 08:43 - 00150612 _____ C:\Windows\system32\perfc007.dat
2014-01-02 13:25 - 2009-07-14 06:13 - 01629434 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-30 22:25 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-12-30 20:50 - 2013-12-30 20:50 - 00770592 _____ C:\Windows\Minidump\123013-61448-01.dmp
2013-12-30 20:50 - 2013-12-30 20:50 - 00000000 _____ C:\Windows\setuperr.log
2013-12-30 20:50 - 2013-10-13 11:46 - 00000000 ____D C:\Windows\Minidump
2013-12-30 20:49 - 2013-12-30 20:49 - 519068579 ____N C:\Windows\MEMORY.DMP
2013-12-29 12:50 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Help
2013-12-28 14:13 - 2013-12-28 14:12 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-28 14:13 - 2013-12-28 14:12 - 00000000 ____D C:\Program Files\iTunes
2013-12-28 14:12 - 2013-12-28 14:12 - 00000000 ____D C:\Program Files\iPod
2013-12-28 14:12 - 2013-12-28 14:12 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-12-28 14:12 - 2013-12-28 14:12 - 00000000 ____D C:\Program Files (x86)\Apple
2013-12-28 14:11 - 2013-12-28 14:11 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-12-28 14:11 - 2013-12-28 14:11 - 00000000 ____D C:\Program Files\Bonjour
2013-12-28 14:11 - 2013-12-28 14:11 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-12-28 13:18 - 2013-07-17 15:05 - 00000000 ____D C:\Program Files (x86)\WinMerge
2013-12-26 21:22 - 2013-12-26 20:14 - 00000040 _____ C:\Users\Andreas\AppData\Roaming\cdr.ini
2013-12-26 20:14 - 2013-12-26 20:14 - 00001017 _____ C:\Users\UpdatusUser\Desktop\Free CD to MP3 Converter.lnk
2013-12-26 20:14 - 2013-12-26 20:14 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2013-12-26 20:14 - 2013-12-26 20:14 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Eusing
2013-12-26 20:14 - 2013-12-26 20:14 - 00000000 ____D C:\Program Files (x86)\CD to MP3 Freeware
2013-12-26 19:43 - 2013-07-17 15:35 - 00000000 ____D C:\Program Files\Recuva
2013-12-25 13:06 - 2012-11-22 14:33 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\HpUpdate
2013-12-23 20:50 - 2013-12-23 20:50 - 02552520 _____ C:\Users\Andreas\Documents\Weihnachten Koors Janine.pptx
2013-12-23 08:57 - 2012-11-28 17:36 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-23 08:57 - 2012-11-28 17:35 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-22 19:03 - 2013-08-31 11:56 - 00002918 _____ C:\Windows\System32\Tasks\{E74FE0D5-F7B4-4849-A1C3-97E7EB67CAEC}
2013-12-22 19:03 - 2013-08-16 14:01 - 00003028 _____ C:\Windows\System32\Tasks\{25ECD62A-B1DE-497C-A52E-E5F518B12857}
2013-12-22 19:03 - 2013-07-25 11:32 - 00003350 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1289717490-2504957416-1507100235-1000
2013-12-22 19:03 - 2013-07-25 11:32 - 00003220 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1289717490-2504957416-1507100235-1000
2013-12-22 19:03 - 2012-11-28 17:36 - 00004120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-22 19:03 - 2012-11-28 17:35 - 00003868 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-22 13:05 - 2013-12-22 13:05 - 00031392 _____ C:\Users\Andreas\Desktop\TP config.bin
2013-12-13 12:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-13 12:13 - 2012-11-21 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-13 11:30 - 2012-12-09 14:05 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\FileZilla
2013-12-13 11:14 - 2013-12-13 11:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-13 10:27 - 2009-07-14 05:45 - 00355816 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-13 10:24 - 2012-11-22 09:42 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-13 10:24 - 2009-07-14 03:34 - 00000544 _____ C:\Windows\win.ini
2013-12-13 10:22 - 2013-07-17 09:03 - 00000000 ____D C:\Windows\system32\MRT
2013-12-13 10:19 - 2012-11-21 10:11 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 09:28 - 2012-11-22 20:07 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-13 09:28 - 2012-11-22 13:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-13 09:28 - 2012-11-22 13:13 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-10 19:05 - 2013-12-10 18:55 - 00000000 ____D C:\Program Files (x86)\PDF24
2013-12-10 10:03 - 2013-12-10 10:03 - 00003044 _____ C:\Windows\System32\Tasks\NetBakAutoStartup
2013-12-10 10:02 - 2013-12-10 10:02 - 00000000 ____D C:\Program Files\QNAP

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-02 12:30

==================== End Of Log ============================
Dies ist Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2014
Ran by Andreas at 2014-01-07 17:52:14
Running from C:\Users\Andreas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (x32 Version: 3.5.0.600 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.5.0.600 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.6.147 - Adobe Systems, Inc.)
Any Video Converter 5 5.0.3 (x32 Version:  - Any-Video-Converter.com)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Audiograbber 1.83 SE  (x32 Version: 1.83 SE  - Audiograbber)
AutoUpdate (x32 Version: 1.1 - )
BackupPC RsyncServer (remove only) (x32 Version:  - )
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research in Motion Ltd.) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CALicense (x32 Version: 1.90.05.00 - CA) Hidden
CCleaner (Version: 3.26 - Piriform)
CDBurnerXP (x32 Version: 4.5.2.4214 - CDBurnerXP)
Colasoft Capsa 7 Free (x32 Version: 7.7.2.4050 - Colasoft)
Creative ALchemy (x32 Version: 1.43 - Creative Technology Limited)
Creative Audio-Systemsteuerung (x32 Version: 2.00 - Creative Technology Limited)
Creative Software AutoUpdate (x32 Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (x32 Version:  - )
CrystalDiskInfo 5.6.2 (x32 Version: 5.6.2 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DDBAC (x32 Version: 5.3.21 - DataDesign)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Defraggler (Version: 2.16 - Piriform)
DivX Codec (x32 Version: 6.6.1 - DivX, Inc.)
EaseUS Partition Master 9.2.2 (x32 Version:  - EaseUS)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (x32 Version:  - )
FileZilla Client 3.7.3 (x32 Version: 3.7.3 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free CD to MP3 Converter (x32 Version:  - Eusing Software)
Freemake Video Converter Version 4.0.2 (x32 Version: 4.0.2 - Ellora Assets Corporation)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Ghostery IE (x32 Version: 1.26.153.3 - Evidon Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hauppauge MCE XP/Vista Software Encoder (2.0.25296) (x32 Version: 2.0.25296 - Hauppauge Computer Works, Inc.)
HiJackThis (x32 Version: 1.0.0 - Trend Micro)
HP FWUpdateEDO2 (x32 Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6600 - Grundlegende Software für das Gerät (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (x32 Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (x32 Version: 1.0.0.9572 - HP)
HP Update (x32 Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPOJ6600FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
HWiNFO64 Version 4.26 (Version: 4.26 - Martin Malík - REALiX)
I.R.I.S. OCR (x32 Version: 12.3.4.0 - HP)
IrfanView (remove only) (x32 Version: 4.36 - Irfan Skiljan)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 21 (x32 Version: 6.0.210 - Oracle)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
Lexware Datenbank plus 2012 (x32 Version: 12.00.00.0116 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (x32 Version: 4.00.00.0075 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (x32 Version: 14.00.00.0076 - Haufe-Lexware GmbH & Co.KG)
Lexware reisekosten plus 2012 (x32 Version: 12.01.00.0137 - ) Hidden
Lexware reisekosten plus 2012 (x32 Version: 12.01.00.0137 - Haufe-Lexware GmbH & Co.KG)
Lexware Sepa Check (x32 Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden
LifeScan USB Device Driver vSL2.0 (Driver Removal) (x32 Version:  - LifeScan Inc)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Messgerätetreiber für die OneTouch® Software v1.13.0.0 (x32 Version: 1.13.0.0 - LifeScan)
Meter Drivers for OneTouch(R) Software (x32 Version: 1.13.0.0 - LifeScan) Hidden
Meter Drivers for OneTouch(R) Software (x32 Version: 1.93.3.0 - LifeScan) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Baseline Security Analyzer 2.3 (Version: 2.3.2208 - Microsoft Corporation)
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard Edition 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mindjet MindManager Pro 7 (x32 Version: 7.1.388 - Mindjet LLC)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)
MyTomTom 3.2.0.1220 (x32 Version: 3.2.0.1220 - TomTom)
Need for Speed™ SHIFT Demo (x32 Version: 1.0.0.0 - Electronic Arts)
NVIDIA 3D Vision Controller-Treiber 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA Drivers (Version: 1.7 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.7.1 (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9 - NVIDIA Corporation)
OneTouch-Software (x32 Version:  - )
OpenAL (x32 Version:  - )
Opera 12.16 (x32 Version: 12.16.1860 - Opera Software ASA)
Oracle VM VirtualBox 4.2.18 (Version: 4.2.18 - Oracle Corporation)
PDF Architect (x32 Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (x32 Version: 1.7.0 - pdfforge)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Pinnacle TVCenter Pro (x32 Version:  - )
PL-2303 USB-to-Serial (x32 Version: 1.3.0 - Prolific Technology INC)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Power Manager (x32 Version: 4.0.2.1 - Gembird Electronics Ltd.)
QNAP MyCloudNAS Connect (x32 Version: 1.0.0.213 - QNAP Systems, Inc.)
QNAP NetBak Replicator (x32 Version: 4.2.4.0816 - QNAP Systems, Inc.)
QNAP Qfinder (x32 Version: 4.0.3.1025 - QNAP Systems, Inc.)
Quicken DELUXE 2012 (x32 Version: 19.36.00.0165 - Haufe-Lexware GmbH & Co.KG)
Quicken Import Export Server 2012 (x32 Version: 19.30.00.0134 - Haufe-Lexware GmbH & Co.KG)
QuickSteuer Deluxe 2012 (x32 Version: 18.09.00.0005 - Haufe-Lexware GmbH & Co.KG)
QuickSteuer Deluxe 2013 (x32 Version: 19.06.00.0003 - Haufe-Lexware GmbH & Co.KG)
QuickSteuer Deluxe 2014 (x32 Version: 20.01.00.0005 - Haufe-Lexware GmbH & Co.KG)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6914 - Realtek Semiconductor Corp.)
Recuva (Version: 1.47 - Piriform)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Servicepack Datumsaktualisierung (x32 Version: 1.00.00.0005 - Haufe-Lexware) Hidden
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 8 (x32 Version: 8.0.19045 - TeamViewer)
T-Eumex 820 LAN V1.40 (x32 Version: 1.40.0000 - T-Com)
T-Eumex 820 LAN V1.40 (x32 Version: 1.40.0000 - T-Com) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
USB-Ir Adapter (x32 Version: 1.03.0000 - )
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0 - TomTom International B.V.)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

02-01-2014 14:26:20 Gerätetreiber-Paketinstallation: TAP-Windows Provider V9 Netzwerkadapter
02-01-2014 15:43:59 Windows Update
05-01-2014 16:40:12 Windows Modules Installer

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-09-14 14:56 - 00396768 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.icksor.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups
127.0.0.1 ads.tersecta.com # hosts anti-adware / pups
127.0.0.1 a.dungtank.com # hosts anti-adware / pups
127.0.0.1 adwcleaner.programmesetjeux.com # hosts anti-adware / pups
127.0.0.1 adwcleaner.telecharger.toggle.com # hosts anti-adware / pups
127.0.0.1 aff.foxtab.com # hosts anti-adware / pups 
127.0.0.1 affilibot.eu # hosts anti-adware / pups

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {02CF3D83-D16B-4EA7-8C56-CE37D4A9D954} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {1EA97F7C-A451-43B0-A237-07A61071088F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1289717490-2504957416-1507100235-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {2A3B06AC-23E9-41D4-A97D-47E10894D765} - System32\Tasks\{E74FE0D5-F7B4-4849-A1C3-97E7EB67CAEC} => H:\sw_setup\SETUP.EXE
Task: {2E2D7EEC-6D54-4F80-A002-159B98C57123} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1289717490-2504957416-1507100235-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {3721ADB2-0AE2-41FC-B7F9-E6FF890DD768} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {3B184DC6-095C-4203-B912-C69CECC84C7E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-07] (Adobe Systems Incorporated)
Task: {4FF8BB17-4034-4AEF-A360-5D4F8CDB8A5B} - System32\Tasks\NetBakAutoStartup => C:\Program Files\QNAP\NetBak\Enclosure.exe [2013-08-16] (QNAP Systems, Inc.)
Task: {5A89DEA9-952A-4204-86F6-7959B0032C60} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.)
Task: {6D571811-E1AC-4C7B-BCA6-40282F4AE37E} - System32\Tasks\iSCSIAgentAutoStartup => C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe [2013-10-25] (QNAP)
Task: {73D181A6-0EF2-49CA-AD82-5D4B983AB2D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {758B0087-5290-415C-B17E-02ECA848807F} - System32\Tasks\Microsoft_Hardware_Launch_vVX1000_exe => C:\Windows\vVX1000.exe [2010-05-20] (Microsoft Corporation)
Task: {A7EDBC27-6D99-4BF2-BF4E-DD88149ECC89} - System32\Tasks\{0F70F74A-BC0D-431B-BD82-7EE156638FE8} => H:\sw_setup\SETUP.EXE
Task: {B61314D5-0773-4819-804A-31E34A17FFEF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-28] (Google Inc.)
Task: {CAFB802A-E453-4D24-B845-BD5DBC61FF46} - System32\Tasks\{25ECD62A-B1DE-497C-A52E-E5F518B12857} => F:\download\Telekom\Eumex 820 LAN\Extract\Eumex820LAN\Konfig\V_140\setup.exe [2007-07-11] ()
Task: {FBBAAF31-3334-4D84-8972-27F45C95BC23} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 00093192 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avpapplication.dll
2012-12-25 08:23 - 2013-11-11 11:48 - 00555832 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\sqlite3.dll
2013-12-13 11:14 - 2013-12-13 11:14 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2003-07-11 02:09 - 2003-07-11 02:09 - 00048192 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll
2013-08-07 20:25 - 2013-08-07 20:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Polar USB Interface 
Description: Polar USB Interface 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2014 04:00:40 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 11.0.8326.0, Zeitstempel: 0x4c1c2372
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00952949
ID des fehlerhaften Prozesses: 0x4cc
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3

Error: (01/06/2014 08:11:57 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: NetBak.exe, Version: 4.2.4.816, Zeitstempel: 0x520de52f
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0x1e88
Startzeit der fehlerhaften Anwendung: 0xNetBak.exe0
Pfad der fehlerhaften Anwendung: NetBak.exe1
Pfad des fehlerhaften Moduls: NetBak.exe2
Berichtskennung: NetBak.exe3

Error: (01/02/2014 04:06:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: HPScan.exe, Version: 25.0.619.0, Zeitstempel: 0x4e6a9a06
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x08c1f5d8
ID des fehlerhaften Prozesses: 0xb24
Startzeit der fehlerhaften Anwendung: 0xHPScan.exe0
Pfad der fehlerhaften Anwendung: HPScan.exe1
Pfad des fehlerhaften Moduls: HPScan.exe2
Berichtskennung: HPScan.exe3

Error: (01/02/2014 03:21:24 PM) (Source: RasClient) (User: )
Description: CoID={A6B231FD-F215-4DFD-95CF-F13164EEF20C}: Der Benutzer "OFFICEHOME\Andreas" hat eine Verbindung mit dem Namen "TorQnap" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 868.

Error: (01/02/2014 03:13:29 PM) (Source: RasClient) (User: )
Description: CoID={9E137672-3B96-4C27-B1C3-99D7DA0F6787}: Der Benutzer "OFFICEHOME\Andreas" hat eine Verbindung mit dem Namen "TorQnap" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 868.

Error: (01/02/2014 02:53:50 PM) (Source: RasClient) (User: )
Description: CoID={308C845D-E5E4-4190-9B39-43CC40048184}: Der Benutzer "OFFICEHOME\Andreas" hat eine Verbindung mit dem Namen "TorQnap" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 868.

Error: (01/01/2002 00:02:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2002 00:01:03 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: wiaservc.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ca0f
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000047a6b
ID des fehlerhaften Prozesses: 0x9a8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3

Error: (12/30/2013 09:51:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/30/2013 09:49:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: NetBak.exe, Version: 4.2.4.816, Zeitstempel: 0x520de52f
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521eaf24
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000c4102
ID des fehlerhaften Prozesses: 0xb88
Startzeit der fehlerhaften Anwendung: 0xNetBak.exe0
Pfad der fehlerhaften Anwendung: NetBak.exe1
Pfad des fehlerhaften Moduls: NetBak.exe2
Berichtskennung: NetBak.exe3


System errors:
=============
Error: (01/03/2014 08:45:33 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (01/03/2014 08:44:16 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error: (01/03/2014 08:44:14 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (01/03/2014 08:44:12 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.

Error: (01/03/2014 08:44:10 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (01/03/2014 08:44:07 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (01/02/2014 04:43:49 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error: (01/02/2014 04:43:46 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (01/02/2014 04:43:44 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (01/02/2014 04:43:42 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.


Microsoft Office Sessions:
=========================
Error: (01/07/2014 04:00:40 PM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE11.0.8326.04c1c2372unknown0.0.0.000000000c0000005009529494cc01cf089118331899C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXEunknown78c37ae0-77ac-11e3-9482-001d923221a0

Error: (01/06/2014 08:11:57 PM) (Source: Application Error)(User: )
Description: NetBak.exe4.2.4.816520de52fntdll.dll6.1.7601.18247521eaf24c000037400000000000c41021e8801cf085792199200C:\Program Files\QNAP\NetBak\NetBak.exeC:\Windows\SYSTEM32\ntdll.dll690d0fd3-7706-11e3-9482-001d923221a0

Error: (01/02/2014 04:06:05 PM) (Source: Application Error)(User: )
Description: HPScan.exe25.0.619.04e6a9a06unknown0.0.0.000000000c000000508c1f5d8b2401cf07cb9f89de90C:\Program Files (x86)\HP\HP Officejet 6600\bin\HPScan.exeunknown6635bb40-73bf-11e3-9482-001d923221a0

Error: (01/02/2014 03:21:24 PM) (Source: RasClient)(User: )
Description: {A6B231FD-F215-4DFD-95CF-F13164EEF20C}OFFICEHOME\AndreasTorQnap868

Error: (01/02/2014 03:13:29 PM) (Source: RasClient)(User: )
Description: {9E137672-3B96-4C27-B1C3-99D7DA0F6787}OFFICEHOME\AndreasTorQnap868

Error: (01/02/2014 02:53:50 PM) (Source: RasClient)(User: )
Description: {308C845D-E5E4-4190-9B39-43CC40048184}OFFICEHOME\AndreasTorQnap868

Error: (01/01/2002 00:02:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/01/2002 00:01:03 AM) (Source: Application Error)(User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6b9a801c1924efb2a5b30C:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dll42e675d0-fe42-11d5-9482-001d923221a0

Error: (12/30/2013 09:51:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/30/2013 09:49:36 PM) (Source: Application Error)(User: )
Description: NetBak.exe4.2.4.816520de52fntdll.dll6.1.7601.18247521eaf24c000037400000000000c4102b8801cf05986f8039e0C:\Program Files\QNAP\NetBak\NetBak.exeC:\Windows\SYSTEM32\ntdll.dlle416ceb0-7193-11e3-90d6-001d923221a0


CodeIntegrity Errors:
===================================
  Date: 2013-04-10 08:52:39.032
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-10 08:52:39.032
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-10 08:52:39.017
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-10 08:52:39.001
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-10 08:52:38.986
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-10 08:52:38.986
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-09 09:19:50.705
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-09 09:19:50.689
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-09 09:19:50.689
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-09 09:19:50.674
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 48%
Total physical RAM: 5119.35 MB
Available physical RAM: 2620.12 MB
Total Pagefile: 10236.88 MB
Available Pagefile: 7525.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Dev 0 Win7_Prog) (Fixed) (Total:184.07 GB) (Free:117.11 GB) NTFS
Drive d: (Dev 0 Frei) (Fixed) (Total:144.09 GB) (Free:74.05 GB) NTFS
Drive e: (Dev 0 Temp) (Fixed) (Total:7.09 GB) (Free:2.01 GB) NTFS
Drive f: (Dev 1 Daten 1) (Fixed) (Total:292.31 GB) (Free:84.79 GB) NTFS
Drive g: (Dev 1 Daten 2) (Fixed) (Total:43.03 GB) (Free:24.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 335 GB) (Disk ID: 0010CCEF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=184 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 335 GB) (Disk ID: F3C8CFDF)
Partition 1: (Active) - (Size=292 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=43 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Vielen Dank für die Unterstützung.

Viele Grüße

Alt 08.01.2014, 07:36   #2
schrauber
/// the machine
/// TB-Ausbilder
 
IP Adresse aus Indien versucht Zugriff auf meine NAS - Standard

IP Adresse aus Indien versucht Zugriff auf meine NAS


HI,

Zitat:
C:\rsyncd\bin\cygrunsrv.exe
kennst Du das?
__________________

__________________
Alt 08.01.2014, 08:15   #3
AnDan
 
IP Adresse aus Indien versucht Zugriff auf meine NAS - Standard

IP Adresse aus Indien versucht Zugriff auf meine NAS


Moin,

ja das ist eines der bekanntesten BackUp Programme aus dem OpenSource Bereich. Gute Anleitung ist das hier: hxxp://www.pro-linux.de/artikel/2/1183/backuppc-als-backupserver-im-heimnetzwerk.html

VG
__________________
Alt 08.01.2014, 12:46   #4
schrauber
/// the machine
/// TB-Ausbilder
 
IP Adresse aus Indien versucht Zugriff auf meine NAS - Standard

IP Adresse aus Indien versucht Zugriff auf meine NAS


Ah ok. Also die Logs sind sauber.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.01.2014, 14:46   #5
AnDan
 
IP Adresse aus Indien versucht Zugriff auf meine NAS - Standard

IP Adresse aus Indien versucht Zugriff auf meine NAS


Super,

vielen Dank für Deine Unterstützung. Dann ist der schlimme Finger nicht weiter durchgekommen.
Somit kann das Ganze geschlossen werden.
VG


Alt 09.01.2014, 11:01   #6
schrauber
/// the machine
/// TB-Ausbilder
 
IP Adresse aus Indien versucht Zugriff auf meine NAS - Standard

IP Adresse aus Indien versucht Zugriff auf meine NAS


ok
__________________
--> IP Adresse aus Indien versucht Zugriff auf meine NAS

Antwort

Themen zu IP Adresse aus Indien versucht Zugriff auf meine NAS
bonjour, computer, converter, device driver, ebanking, error, excel, firefox, flash player, hängen, hängt, installation, kaspersky, klelam.sys, minidump, mozilla, mp3, netzwerk, ntdll.dll, officejet, plug-in, port, registry, rundll, scan, security, svchost.exe, system, tcp, updates, usb, virtualbox, win 7 64bit, windows xp


« dishp.dll konnte nicht geladen werden Error 0x80040702 | Windows7 Firewall startet nicht Fehler 0x8007042c »


Ähnliche Themen: IP Adresse aus Indien versucht Zugriff auf meine NAS


  1. Meine WEB.de-Adresse verschickt automatisch Spam
    Plagegeister aller Art und deren Bekämpfung - 15.12.2014 (118)
  2. Jemand benutzt meine Email-Adresse
    Plagegeister aller Art und deren Bekämpfung - 02.07.2014 (4)
  3. Über meine Mail-Adresse wurden massiv Spammails verschickt - Malware unwahrscheinlich - was tun?
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (5)
  4. Windows 7 x64: Malwarebytes verhindert Zugriff von Skype.exe auf potentiell gefährliche IP-Adresse
    Log-Analyse und Auswertung - 25.01.2014 (15)
  5. Spam mails über meine Email Adresse
    Plagegeister aller Art und deren Bekämpfung - 06.05.2013 (12)
  6. 1.Trojan.Gen.2 in C:\windows 2. Remote-System versucht Zugriff
    Log-Analyse und Auswertung - 30.03.2013 (9)
  7. BkA Trojaner eingefangen - Meine IP-Adresse wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (10)
  8. Dritter erstellt Account über meine E-mail Adresse
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (8)
  9. Spam-Mails über meine Mail-Adresse auf meine Kontakte geschickt!
    Log-Analyse und Auswertung - 28.11.2010 (1)
  10. Über meine email-Adresse wurde Spam an Kontakte versendet! Malware gefunden!
    Log-Analyse und Auswertung - 16.11.2010 (12)
  11. Spam über meine email Adresse versendet
    Log-Analyse und Auswertung - 17.10.2010 (1)
  12. Falsche Dateneingabe - kann meine e-Mail-Adresse herausgefunden werden?
    Netzwerk und Hardware - 11.10.2010 (2)
  13. Fehlermeldung: Sie haben versucht, auf eine unzulässige Adresse zuzugreifen.
    Plagegeister aller Art und deren Bekämpfung - 23.01.2010 (9)
  14. Kein Ip-adresse Zugriff, ipconfig stürzt ab...
    Mülltonne - 13.12.2008 (2)
  15. Ein Wurm nutzt meine E-Mail-Adresse!
    Plagegeister aller Art und deren Bekämpfung - 18.07.2005 (1)
  16. MSlti.exe versucht auf Internet Zugriff zu erhalten
    Plagegeister aller Art und deren Bekämpfung - 04.08.2004 (15)
  17. Remote system versucht Zugriff! Hilfe!!!
    Plagegeister aller Art und deren Bekämpfung - 30.05.2004 (18)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema IP Adresse aus Indien versucht Zugriff auf meine NAS - Hallo ich habe versucht meine QNAP NAS über das INet erreichbar zu machen. Scheinbar ist dabei ein böser Finger in mein Netzwerk eingedrungen. Im SysLog der NAS fand ich eine - IP Adresse aus Indien versucht Zugriff auf meine NAS...
Archiv
Du betrachtest: IP Adresse aus Indien versucht Zugriff auf meine NAS auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58