Computer neu --> sehr langsam

kirbydancer

New member
Guten Tag liebe Community,

da ich leider das Problem nicht kenne, weiß ich nicht, wo ich es reinposten soll, falls ich hier falsch bin tut es mir jetzt schon leid 🙂

Also,
zu meinem Computer:
Informationsliste Wert
Computer
Computertyp ACPI x64-based PC
Betriebssystem Microsoft Windows 7 Home Premium
OS Service Pack -
Internet Explorer 8.0.7600.16385
DirectX DirectX 11.0
Computername xxx-PC
Benutzername xxx
Domainanmeldung xxx-PC
Datum / Uhrzeit 2010-12-18 / 16:16

Motherboard
CPU Typ QuadCore Intel Core 2 Quad Q8300, 2500 MHz (7.5 x 333)
Motherboard Name Packard Bell iMedia S3712
Motherboard Chipsatz Intel Eaglelake G43
Arbeitsspeicher 6144 MB (DDR2-800 DDR2 SDRAM)
DIMM1: Transcend JM800QLU-2G 2 GB DDR2-800 DDR2 SDRAM (6-6-6-18 @ 400 MHz) (5-5-5-15 @ 333 MHz) (4-4-4-12 @ 266 MHz)
DIMM2: Transcend JM800QLU-1G 1 GB DDR2-800 DDR2 SDRAM (6-6-6-18 @ 400 MHz) (5-5-5-15 @ 333 MHz) (4-4-4-12 @ 266 MHz)
DIMM3: Transcend JM800QLU-2G 2 GB DDR2-800 DDR2 SDRAM (6-6-6-18 @ 400 MHz) (5-5-5-15 @ 333 MHz) (4-4-4-12 @ 266 MHz)
DIMM4: Transcend JM800QLU-1G 1 GB DDR2-800 DDR2 SDRAM (6-6-6-18 @ 400 MHz) (5-5-5-15 @ 333 MHz) (4-4-4-12 @ 266 MHz)
BIOS Typ AMI (09/30/09)

Anzeige
Grafikkarte ATI Radeon HD 4650 (1024 MB)
Grafikkarte ATI Radeon HD 4650 (1024 MB)
3D-Beschleuniger ATI Radeon HD 4650 (RV730)
Monitor Acer AL1916W [19" LCD] (ETL5209126)

Multimedia
Soundkarte ATI Radeon HDMI @ ATI RV710/730/740 - High Definition Audio Controller
Soundkarte Realtek ALC888 @ Intel 82801JB ICH10 - High Definition Audio Controller

Datenträger
IDE Controller Intel(R) ICH10R SATA AHCI Controller
Festplatte Generic- MS/MS-Pro USB Device
Festplatte Generic- SD/MMC USB Device
Festplatte Generic- SM/xD Picture USB Device
Festplatte WDC WD10EADS-00M2B0 (931 GB, IDE)
Festplatte Generic- Compact Flash USB Device
Optisches Laufwerk ATAPI DVD A DH16AASH
S.M.A.R.T. Festplatten-Status OK

Partitionen
C: (NTFS) 458.0 GB (372.2 GB frei)
D: (NTFS) 458.5 GB (380.7 GB frei)
Speicherkapazität 916.4 GB (752.9 GB frei)

Eingabegeräte
Tastatur Standardtastatur (PS/2)
Maus HID-konforme Maus
Maus Microsoft PS/2-Maus

Netzwerk
Primäre IP-Adresse xxxxxx
Primäre MAC-Adresse xxxx
Netzwerkkarte Intel(R) 82567V-2-Gigabit-Netzwerkverbindung
Netzwerkkarte Sitecom Wireless-N Network USB Card WL-182 (192.168.178.37)

Peripheriegeräte
Drucker An OneNote 2010 senden
Drucker Canon MP560 series Printer
Drucker Fax
Drucker Microsoft XPS Document Writer
USB1 Controller Intel 82801JB ICH10 - USB Universal Host Controller
USB1 Controller Intel 82801JB ICH10 - USB Universal Host Controller
USB1 Controller Intel 82801JB ICH10 - USB Universal Host Controller
USB1 Controller Intel 82801JB ICH10 - USB Universal Host Controller
USB1 Controller Intel 82801JB ICH10 - USB Universal Host Controller
USB1 Controller Intel 82801JB ICH10 - USB Universal Host Controller
USB2 Controller Intel 82801JB ICH10 - USB2 Enhanced Host Controller
USB2 Controller Intel 82801JB ICH10 - USB2 Enhanced Host Controller
USB-Geräte Sitecom Wireless-N Network USB Card WL-182
USB-Geräte USB PC Camera-168
USB-Geräte USB-Eingabegerät
USB-Geräte USB-Massenspeichergerät

DMI
DMI BIOS Anbieter AMI
DMI BIOS Version P01-A1
DMI Systemhersteller Packard Bell
DMI Systemprodukt imedia S3712
DMI Systemversion
DMI Systemseriennummer PTU4102019944161312701
DMI System UUID 001F16FC-F1FC2009-10291750-33000000
DMI Motherboardhersteller Packard Bell
DMI Motherboardprodukt imedia S3712
DMI Motherboardversion
DMI Motherboardseriennummer
DMI Gehäusehersteller Packard Bell
DMI Gehäuseversion
DMI Gehäuseseriennummer
DMI Gehäusekennzeichnung
DMI Gehäusetyp Desktop Case





Problem:
Alle par mal wird mein Computer extrem langsam, mal sofort nachm Hochfahren, mal nachdem der Computer ca. 30 Minuten an ist mal nach 2 Stunden und mal garnicht.
Der physikalischer Speicher steigt auf über 33%.
Lieder lassen sich nur noch gebrochen anhören,also auch verzerrt.
Und es lässt nicht nach, bis ich den Computer neu starte.
Hoffe ihr könnt mir helfen.


Hier noch ein Hijackthis Ausschnitt,falls es hilft:

Hijack Hunter 1.8.4.0

Log created on 14.12.2010 at 19:22:09

[+] Generic system info

Operating System: Windows 7 Home Premium 64-bit
Build Version: 7600.win7_gdr.100618-1621
Internet Explorer: 8.0.7600.16385
System Folder: C:\Windows\system32

[+] Running processes

C:\Windows\System32\atiesrxx.exe (0 bytes) (AMD) () (HSAR) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\System32\atieclxx.exe (0 bytes) (AMD) () (HSAR) (d41d8cd98f00b204e9800998ecf8427e)
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (135336 bytes) (Avira GmbH) (22.09.2010 18:28:06) (--A-) (d0438db784d7bd2f07f5b9c7fb698049)
c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (169312 bytes) (Adobe Systems Incorporated) (08.12.2008 15:16:56) (--A-) (6d9fc1e7ea3c548f4d3455f0c3feef8c)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (267944 bytes) (Avira GmbH) (22.09.2010 18:28:06) (--A-) (55c34ff96dbf02a39523cf48503bf8d1)
C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (1150496 bytes) (Acer Incorporated) (04.06.2009 14:04:50) (--A-) (816fd5a6f3c2f3d600900096632fc60e)
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (260776 bytes) (Avira GmbH) (22.09.2010 18:28:06) (--A-) (e99612344fdd564d5671289e2ea7f44c)
C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (66048 bytes) (PostgreSQL Global Development Group) (30.04.2010 03:26:17) (--A-) (afdf4bb9b45ea47bbb06c4ba57dfa1d5)
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (185632 bytes) (Protexis Inc.) (24.07.2007 11:15:14) (--A-) (a6a7ad767bf5141665f5c675f671b3e1)
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (4513792 bytes) (PostgreSQL Global Development Group) (30.04.2010 03:26:17) (--A-) (356d6b7e1932917fc89fd143690a1011)
C:\Program Files (x86)\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe (40960 bytes) (Realtek) (17.02.2010 05:18:12) (--A-) (bbfcac1c23b867ae5d7ef96df40680c5)
C:\Program Files (x86)\ThreatFire\TFService.exe (70928 bytes) (PC Tools) (22.09.2010 18:28:48) (--A-) (2a5578a33baf46afef748ace0f973ae7)
C:\Program Files (x86)\Realtek\RTL8187B Wireless LAN Utility\RtWlan.exe (1118208 bytes) (Realtek Semiconductor Corp.) (17.02.2010 05:18:13) (--A-) (66f39eb030f69731fd2731d83d6a3dbd)
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (1403200 bytes) (TuneUp Software) (30.09.2010 17:03:04) (--A-) (48e96687af5fd4a622466fe3bcd09e67)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (186904 bytes) (Intel Corporation) (15.08.2009 09:00:30) (--A-) (5af1e9600e3ff841e522703a4993ed0c)
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (240160 bytes) (Acer) (15.08.2009 09:22:15) (--A-) (70dde3a86dbeb1d6c3c30ad687b1877a)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (7981088 bytes) (Realtek Semiconductor) (15.08.2009 09:03:09) (--A-) (02c60c606b17d7797377f1ac837ea070)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2291568 bytes) (Microsoft Corporation) (18.08.2009 11:48:02) (--A-) (98f138897ef4246381d197cb81846d62)
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (2184520 bytes) (CANON INC.) (13.03.2010 21:12:27) (--A-) (338318e3cdd3989fae15f85bf5b3ef6b)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (354840 bytes) (Intel Corporation) (15.08.2009 09:00:30) (--A-) (7548066df68a8a1a56b043359f915f37)
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe (834880 bytes) (TuneUp Software) (30.09.2010 17:03:08) (--A-) (3439d80e230b610ed6fbbe4487e00cce)
C:\Windows\vsnpstd3.exe (831488 bytes) (Unknown) (13.03.2010 22:04:30) (--A-) (db77bcd2d4e6e3058c0d9bdb9765228e)
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (281768 bytes) (Avira GmbH) (22.09.2010 18:28:06) (--A-) (61941d4566c3b09f377e0e1a97bd0d9a)
C:\Program Files (x86)\ThreatFire\TFTray.exe (378128 bytes) (PC Tools) (22.09.2010 18:28:49) (--A-) (6a52a7525aa33c7df2867bf3a7876e1c)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (65536 bytes) (Advanced Micro Devices Inc.) (22.04.2009 17:38:50) (--A-) (e7704cbf568815c1caa6e513387bd3f2)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (221040 bytes) (Microsoft Corporation) (18.08.2009 11:48:02) (--A-) (499147f015e87ac2c2ebaa368f6bfe96)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (65536 bytes) (ATI Technologies Inc.) (22.04.2009 17:37:16) (--A-) (74ef310fac89341ce2897b7f2c4a7b0f)
C:\Users\Ufuk\AppData\Local\Google\Chrome\Application\chrome.exe (991800 bytes) (Google Inc.) (11.07.2010 14:20:10) (--A-) (cd2529845b83b5d952d91fdc0143a266)
C:\Program Files (x86)\NoVirusThanks\Hijack Hunter\HijackHunter.exe (630784 bytes) (NoVirusThanks Company Srl) (11.12.2010 15:31:14) (--A-) (9f3044c2b3f27132a9dae449235fbaec)

[+] Loaded Modules

C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCP90.dll (569664 bytes) (Microsoft Corporation) (13.07.2009 22:10:23) (--A-) (105319e3d66d6e1bad22aadec1e9e0da)
C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll (652608 bytes) (Microsoft Corporation) (13.07.2009 22:10:23) (--A-) (93f0ffd46ba1ee3aeecd07678dd8e510)
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCP80.dll (554816 bytes) (Microsoft Corporation) (13.07.2009 21:46:11) (--A-) (cfc54225d1870fdbf6e9e75fb83a27cb)
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll (632656 bytes) (Microsoft Corporation) (13.07.2009 21:46:13) (--A-) (c4e9e285e1730d864dd4b35b73cdafdb)
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll (530432 bytes) (Microsoft Corporation) (13.10.2010 13:54:49) (--A-) (d3ead1cf16ba729a7f7c9a5d94aa7c05)
C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.DLL (97280 bytes) (Microsoft Corporation) (15.08.2009 09:25:28) (--A-) (3e9a33113d663d8bd5ed38858e669652)
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (1624576 bytes) (Microsoft Corporation) (14.07.2009 00:26:25) (--A-) (edb57065790b62ef83be117ad3edfde2)
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (1680896 bytes) (Microsoft Corporation) (13.10.2010 13:54:49) (--A-) (4b8dd8541c0e26602005dd0137333615)
C:\Windows\system32\OLEPRO32.DLL (90112 bytes) (Microsoft Corporation) (14.07.2009 00:43:54) (--A-) (c10459dbdc2099c5a8428cb7d87db85f)
C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll (3780424 bytes) (Microsoft Corporation) (22.09.2010 18:27:49) (--A-) (423069307fb726e51e2a66f1c3f738fe)
C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90DEU.DLL (63296 bytes) (Microsoft Corporation) (22.09.2010 18:27:50) (--A-) (255742e72e7a4c331620f9601c29344e)
C:\Windows\system32\atiumdag.dll (3105280 bytes) (ATI Technologies Inc.) (18.08.2009 02:20:38) (--A-) (912aaadb198854104d747aa617458fe3)
C:\Windows\system32\atiumdva.dll (2868736 bytes) (ATI Technologies Inc.) (18.08.2009 02:05:32) (--A-) (dd53819a94889702b4ae20365dc7efb7)

[+] Registry startups

Value: StartCCC
Data: "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: tsnpstd3
Data: C:\Windows\tsnpstd3.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: avgnt
Data: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: ThreatFire
Data: C:\Program Files (x86)\ThreatFire\TFTray.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: msnmsgr
Data: "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
Data: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

Value: {3049C3E9-B461-4BC5-8870-4C09146192CA}
Data: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}

Value: {9030D464-4C02-4ABF-8ECC-5164760863C6}
Data: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

Value: {bf00e119-21a3-4fd1-b178-3b8537e75c92}
Data: C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}

Value: {CB0D163C-E9F4-4236-9496-0597E24B23A5}
Data: C:\Program Files (x86)\GamesBar\2.0.1.55\oberontb.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}

Value: {DBC80044-A445-435b-BC74-9C25C1C588A9}
Data: C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}


[+] Other Startups Methods


[+] Startup folders


[+] TCPIP nameservers


[+] Internet Explorer settings

Value: Start Page
Data:
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

Value: Start Page
Data:
Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Value: Default_Page_URL
Data:
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

Value: ProxyOverride
Data: local
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings


[+] Internet Explorer Trusted Sites


[+] Windows Firewall allowed programs


[+] Windows Firewall allowed ports


[+] System Hijack

Value: Hidden
Data: 2
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Value: EnableDCOM
Data: Y
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Ole

Value: Wallpaper
Data: C:\Users\Ufuk\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
Key: HKEY_CURRENT_USER\Control Panel\Desktop


[+] Executables in Temp folders


[+] Executables in suspicious folders

C:\ProgramData\FullRemove.exe (36136 bytes) (Oberon Media) (15.08.2009 09:09:28) (--A-) (62b7c506b092d460898f3296da94b728)

[+] Autorun.ini


[+] Unknown .SYS files

C:\Windows\system32\drivers\avgntdd.sys (51992 bytes) (AVIRA GmbH) (22.09.2010 18:28:06) (--A-) (323860ec84bb332b613530d904380a4d)
C:\Windows\system32\drivers\avgntmgr.sys (17016 bytes) (AVIRA GmbH) (22.09.2010 18:28:06) (--A-) (7f8283ea8284dfde226e3262bed8c92a)
C:\Windows\system32\drivers\snpstd3.sys (10252672 bytes) (Sonix Co. Ltd.) (13.03.2010 22:04:29) (--A-) (3708efbaa0c3899430565e1d700f07c6)
C:\Windows\system32\drivers\StarOpen.sys (5632 bytes) (Unknown) (25.10.2007 16:26:10) (--A-) (306521935042fc0a6988d528643619b3)
C:\Windows\system32\drivers\TFsExDisk.Sys (16392 bytes) (Teruten Inc) (07.05.2010 07:43:32) (--A-) (ce4b6956e4e12492715a53076e58761f)

[+] Non accessible files


[+] Executables in Internet Explorer Folder


[+] Files created/modified 15 days ago

C:\Program Files (x86)\Avira\AntiVir Desktop\aecore.dll (196984 bytes) (Avira GmbH) (05.12.2010 16:00:27) (--A-) (6fa9b5c81a2144ff816d19c8a0c0e67e) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\aegen.dll (397685 bytes) (Avira GmbH) (05.12.2010 16:00:27) (--A-) (8c7eaaf14505bd51475968db20fae592) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\aehelp.dll (246136 bytes) (Avira GmbH) (05.12.2010 16:00:28) (--A-) (ea75b506f1f9b76f86f7dc5a986a9fd2) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\aeheur.dll (3113335 bytes) (Avira GmbH) (08.12.2010 16:10:27) (--A-) (483687233e0ecd5564113c2aa933907d) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\aepack.dll (512375 bytes) (Avira GmbH) (05.12.2010 16:00:30) (--A-) (962eb73f3c0dc86b8ba316ef4ed0a8e6) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\aescript.dll (1286524 bytes) (Avira GmbH) (05.12.2010 16:00:31) (--A-) (b66bf3704d614fb0f0cf183176b9cf57) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\avarkt.dll (231784 bytes) (Avira GmbH) (08.12.2010 16:10:28) (--A-) (9d56d808efff44645801c4fa9699cc9e) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (267944 bytes) (Avira GmbH) (08.12.2010 16:10:30) (--A-) (55c34ff96dbf02a39523cf48503bf8d1) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (435368 bytes) (Avira GmbH) (08.12.2010 16:10:35) (--A-) (f12a7815a071dee00cd4aa7a3fffdade) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\avscplr.dll (84328 bytes) (Avira GmbH) (08.12.2010 16:10:35) (--A-) (509e3090ec3d291c2626384eead5ffb6) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\luke.dll (104296 bytes) (Avira GmbH) (08.12.2010 16:10:36) (--A-) (06da96b54ef94dee0bfa8912e0da7427) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe (666280 bytes) (Avira GmbH) (08.12.2010 16:10:39) (--A-) (ab6a087198d4b1716cc13b08951d8e69) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\FAILSAFE\aecore.dll (196984 bytes) (Avira GmbH) (05.12.2010 16:00:27) (--A-) (6fa9b5c81a2144ff816d19c8a0c0e67e) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\FAILSAFE\aegen.dll (397685 bytes) (Avira GmbH) (05.12.2010 16:00:27) (--A-) (8c7eaaf14505bd51475968db20fae592) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\FAILSAFE\aehelp.dll (246136 bytes) (Avira GmbH) (05.12.2010 16:00:28) (--A-) (ea75b506f1f9b76f86f7dc5a986a9fd2) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\FAILSAFE\aeheur.dll (3113335 bytes) (Avira GmbH) (08.12.2010 16:10:27) (--A-) (483687233e0ecd5564113c2aa933907d) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\FAILSAFE\aepack.dll (512375 bytes) (Avira GmbH) (05.12.2010 16:00:30) (--A-) (962eb73f3c0dc86b8ba316ef4ed0a8e6) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\FAILSAFE\aescript.dll (1286524 bytes) (Avira GmbH) (05.12.2010 16:00:31) (--A-) (b66bf3704d614fb0f0cf183176b9cf57) (Modified)
C:\Program Files (x86)\Cheat Engine\dbghelp.dll (1213200 bytes) (Microsoft Corporation) (11.12.2010 01:28:45) (--A-) (4003e34416ebd25e4c115d49dc15e1a7) (Created)
C:\Program Files (x86)\Cheat Engine\unins001.exe (710490 bytes) (Unknown) (11.12.2010 01:28:45) (--A-) (f292769a769443cb7e5665e0086c032f) (Created)
C:\Program Files (x86)\Common Files\Akamai\AdminTool.exe (967752 bytes) (Unknown) (09.12.2010 00:56:48) (--A-) (317a34106c339307e525006c8b482445) (Modified)
C:\Program Files (x86)\Common Files\Akamai\netsession_win_aeec0f0.dll (3020888 bytes) (Unknown) (09.12.2010 00:56:38) (--A-) (aeec0f0c30480703ec797f848fe645a6) (Created)
C:\Program Files (x86)\Common Files\Akamai\rswinui.exe (1150024 bytes) (Unknown) (09.12.2010 00:56:48) (--A-) (7e703f2f90210d13ff83b648dc3932e7) (Modified)
C:\Program Files (x86)\Common Files\Akamai\uninstall.exe (432208 bytes) (Unknown) (09.12.2010 00:56:46) (--A-) (728299d10ed5de4eed6a800a349d0da6) (Modified)
C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll (19416 bytes) (Mozilla Foundation) (11.12.2010 01:29:38) (--A-) (3ca3de162bfcf43fdcdade3cd586320a) (Modified)
C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe (122328 bytes) (Mozilla Foundation) (11.12.2010 01:29:41) (--A-) (6a4f596a2431dc1ce241d2f12d9eb71b) (Modified)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (910296 bytes) (Mozilla Corporation) (11.12.2010 01:29:41) (--A-) (5261202c54ad1f993d92b33457b87af6) (Modified)
C:\Program Files (x86)\Mozilla Firefox\freebl3.dll (249856 bytes) (Mozilla Foundation) (11.12.2010 01:29:41) (--A-) (7bc33d1ff3e2512eb7d0ef5095a01cf1) (Modified)
C:\Program Files (x86)\Mozilla Firefox\js3250.dll (922584 bytes) (Netscape Communications Corporation) (11.12.2010 01:29:41) (--A-) (02810813bb77cedf7c69bddb6b1286f4) (Modified)
C:\Program Files (x86)\Mozilla Firefox\mozcrt19.dll (715736 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (9a2adfbd8f5b254e9f3a83bc95f2b940) (Modified)
C:\Program Files (x86)\Mozilla Firefox\nspr4.dll (203736 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (7df96cf4a46f679ec761abb42a2d9e06) (Modified)
C:\Program Files (x86)\Mozilla Firefox\nss3.dll (646104 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (ea3f287cff29f37e431bbb205462bf32) (Modified)
C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll (343000 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (71d2b0b88ecfef071e7edf941a97cf87) (Modified)
C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll (98304 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (71c8a752b0d923c0e69534fcbf4c0eca) (Modified)
C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll (89048 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (a098fd9319a9e13e401db52532a84482) (Modified)
C:\Program Files (x86)\Mozilla Firefox\plc4.dll (21976 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (21fa41e68237c8f3e4e08c7f0ed90d62) (Modified)
C:\Program Files (x86)\Mozilla Firefox\plds4.dll (18904 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (f42d78548604f19a4141c8c7df669eef) (Modified)
C:\Program Files (x86)\Mozilla Firefox\smime3.dll (105432 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (032f64dd58f2f05cf775a3a537b5ba22) (Modified)
C:\Program Files (x86)\Mozilla Firefox\softokn3.dll (155648 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (2dde7b838ec67919b3b942ba3da4c56d) (Modified)
C:\Program Files (x86)\Mozilla Firefox\sqlite3.dll (459224 bytes) (sqlite.org) (11.12.2010 01:29:42) (--A-) (05a3b32e43fe7fe0336a6f65c7cc9b33) (Modified)
C:\Program Files (x86)\Mozilla Firefox\ssl3.dll (142296 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (8aa4180f05e4acb486299fafb7dd6474) (Modified)
C:\Program Files (x86)\Mozilla Firefox\updater.exe (246744 bytes) (Mozilla Foundation) (11.12.2010 01:29:43) (--A-) (15a3f354eff31d147bbb159abd9683b7) (Modified)
C:\Program Files (x86)\Mozilla Firefox\xpcom.dll (19416 bytes) (Mozilla Foundation) (11.12.2010 01:29:43) (--A-) (401adb80d41841a3efaa191514ffe8b0) (Modified)
C:\Program Files (x86)\Mozilla Firefox\xul.dll (10806232 bytes) (Mozilla Foundation) (11.12.2010 01:29:45) (--A-) (b03ea5a5732726fb494c0598bc99333f) (Modified)
C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll (25048 bytes) (Mozilla Foundation) (11.12.2010 01:29:39) (--A-) (fb0e6fe8631dac2d2dc077e336b9377a) (Modified)
C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll (138712 bytes) (Mozilla Foundation) (11.12.2010 01:29:39) (--A-) (726a0ef6a2cc6af4100c72848ef67d18) (Modified)
C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll (66520 bytes) (mozilla.org) (11.12.2010 01:29:42) (--A-) (7a9790c3452910e8fe6fb8eafb9b415a) (Modified)
C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe (555760 bytes) (Mozilla Corporation) (11.12.2010 01:29:43) (--A-) (6d42264e1f806da53eeee6157e858a9a) (Modified)
C:\Program Files (x86)\NoVirusThanks\Hijack Hunter\HijackHunter.exe (630784 bytes) (NoVirusThanks Company Srl) (11.12.2010 15:31:14) (--A-) (9f3044c2b3f27132a9dae449235fbaec) (Created)
C:\Program Files (x86)\NoVirusThanks\Hijack Hunter\nhdrv.sys (4608 bytes) (NoVirusThanks Company Srl) (11.12.2010 15:31:15) (--A-) (8f40312ac7b0f3d0246fe52105e4f1d7) (Created)
C:\Program Files (x86)\NoVirusThanks\Hijack Hunter\unins000.exe (709638 bytes) (Unknown) (11.12.2010 15:31:14) (--A-) (9ffd2d09a743f2b1d9dc5a491ca58e36) (Created)
C:\Program Files (x86)\Steam\steamapps\kirbydancer\counter-strike\Core.dll (258106 bytes) (Unknown) (05.12.2010 00:40:14) (--A-) (c07ccb23f403fa3cf44fea955a74d071) (Modified)
C:\Program Files (x86)\Steam\steamapps\kirbydancer\counter-strike\DemoPlayer.dll (90112 bytes) (Unknown) (05.12.2010 00:40:14) (--A-) (7ef5b581202ca32bd0a5bf7043cbe04f) (Modified)
C:\Program Files (x86)\Steam\steamapps\kirbydancer\counter-strike\vgui2.dll (245819 bytes) (Unknown) (05.12.2010 00:40:12) (--A-) (547a53f3dff2be47838cdfee75194d98) (Modified)
C:\Program Files (x86)\Steam\steamapps\kirbydancer\counter-strike\voice_miles.dll (53248 bytes) (Unknown) (05.12.2010 00:51:16) (--A-) (bcceb6861babedf0024b7d2caea50923) (Modified)
C:\Program Files (x86)\Steam\steamapps\kirbydancer\counter-strike\voice_speex.dll (139264 bytes) (Unknown) (05.12.2010 00:40:25) (--A-) (0a812ecf43bfe0173a84734c70f4a260) (Modified)
C:\Program Files (x86)\Steam\steamapps\kirbydancer\counter-strike\cstrike\cl_dlls\client.dll (1074496 bytes) (Unknown) (05.12.2010 00:40:12) (--A-) (d3b7ade860eaa163dee7d49edea3de97) (Modified)
C:\Program Files (x86)\Steam\steamapps\kirbydancer\counter-strike\platform\servers\serverbrowser.dll (535552 bytes) (Unknown) (05.12.2010 00:40:14) (--A-) (82db5fec08b49d03f2b758d8f59d696e) (Modified)

[+] Hidden files in suspicious folders


[+] Suspicious Registry Keys


[+] Suspicious folders


[+] Drivers

C:\Windows\system32\drivers\amdxata.sys (amdxata) (amdxata) (Advanced Micro Devices) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\atihdmi.sys (AtiHdmiService) (ATI Service for HD Audio Codec) (ATI Research Inc.) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\atikmdag.sys (atikmdag) (atikmdag) (ATI Technologies Inc.) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\avgntflt.sys (avgntflt) (avgntflt) (Avira GmbH) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\avipbb.sys (avipbb) (avipbb) (Avira GmbH) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\blbdrive.sys (blbdrive) (blbdrive) (Microsoft Corporation) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\e1y60x64.sys (e1yexpress) (Intel(R) Gigabit-Netzwerkverbindungstreiber) (Intel Corporation) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\iastor.sys (iaStor) (Intel AHCI Controller) (Intel Corporation) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\rtkvhd64.sys (IntcAzAudAddService) (Service for Realtek HD Audio (WDM)) (Realtek Semiconductor Corp.) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\netr28ux.sys (netr28ux) (RT2870 USB Extensible Wireless LAN Card Driver) (Ralink Technology Corp.) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\npf.sys (NPF) (NetGroup Packet Filter Driver) (CACE Technologies, Inc.) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\pxhlpa64.sys (PxHlpa64) (PxHlpa64) (Sonic Solutions) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\snpstd3.sys (SNPSTD3) (USB PC Camera (SNPSTD3)) (Sonix Co. Ltd.) (3708efbaa0c3899430565e1d700f07c6)
C:\Windows\system32\drivers\sptd.sys (sptd) (sptd) (Unknown) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\swenum.sys (swenum) (Software Bus Driver) (Microsoft Corporation) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\tffsmon.sys (TfFsMon) (TfFsMon) (PC Tools) (d41d8cd98f00b204e9800998ecf8427e)
c:\windows\system32\drivers\tfnetmon.sys (TfNetMon) (TfNetMon) (PC Tools) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\tfsysmon.sys (TfSysMon) (TfSysMon) (PC Tools) (d41d8cd98f00b204e9800998ecf8427e)
c:\program files (x86)\tuneup utilities 2010\tuneuputilitiesdriver64.sys (TuneUpUtilitiesDrv) (TuneUpUtilitiesDrv) (TuneUp Software) (dcc94c51d27c7ec0dadeca8f64c94fcf)

[+] Drivers -> FSFilter Anti-Virus

Driver Name: avgntflt
Driver File: system32\DRIVERS\avgntflt.sys
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntflt


[+] Services

c:\program files (x86)\adobe\photoshop elements 7.0\photoshopelementsfileagent.exe (AdobeActiveFileMonitor7.0) (Adobe Active File Monitor V7) (Adobe Systems Incorporated) (6d9fc1e7ea3c548f4d3455f0c3feef8c)
c:\windows\system32\atiesrxx.exe (AMD External Events Utility) (AMD External Events Utility) (AMD) (d41d8cd98f00b204e9800998ecf8427e)
c:\program files (x86)\avira\antivir desktop\sched.exe (AntiVirSchedulerService) (Avira AntiVir Planer) (Avira GmbH) (d0438db784d7bd2f07f5b9c7fb698049)
c:\program files (x86)\avira\antivir desktop\avguard.exe (AntiVirService) (Avira AntiVir Guard) (Avira GmbH) (55c34ff96dbf02a39523cf48503bf8d1)

[+] ServiceDll

c:\program files (x86)\common files\akamai\netsession_win_aeec0f0.dll (3020888 bytes) (Unknown) (09.12.2010 00:56:38) (--A-) (aeec0f0c30480703ec797f848fe645a6)

[+] Unknown files in Winsock LSP

Value: LibraryPath
Data: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007

Value: LibraryPath
Data: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008

Value: LibraryPath
Data: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007

Value: LibraryPath
Data: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008

Value: LibraryPath
Data: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007

Value: LibraryPath
Data: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008


[+] Unknown files in CLSID

C:\Windows\SysWOW64\imagXpr7.dll (497296 bytes) (Pegasus Imaging Corp.) (04.07.2008 18:23:38) (--A-) (30cfd905ba1f1b85dc8e98cbf79f1d57)
C:\Windows\SysWow64\atiumdva.dll (2868736 bytes) (ATI Technologies Inc.) (18.08.2009 02:05:32) (--A-) (dd53819a94889702b4ae20365dc7efb7)
C:\Windows\SysWow64\RealMediaSplitter.ax (421888 bytes) (Gabest) (12.10.2009 07:30:22) (--A-) (96d1780365241cf98a56165fc04cfd55)
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (341600 bytes) (RealPlayer) (23.03.2010 06:12:20) (--A-) (87718b465f86597acf88772cfb00b055)
C:\Windows\SysWOW64\igfxdv32.dll (216576 bytes) (Intel Corporation) (15.08.2009 09:41:06) (--A-) (8b05e9fd64e217c1e9f8ec89d46688b0)
C:\Windows\SysWOW64\RTCOM\RTCOMDLL.dll (1038880 bytes) (Realtek Semiconductor Corp.) (15.08.2009 09:03:09) (--A-) (33b69c63da09044b0a27574fed76082b)
C:\Windows\SysWOW64\RTCOM\RtkCfg.dll (141856 bytes) (Realtek Semiconductor Corp.) (15.08.2009 09:03:10) (--A-) (1a10554b68b57a4af88d4b09a4ac89e9)
C:\Windows\SysWow64\deployJava1.dll (411368 bytes) (Sun Microsystems, Inc.) (11.07.2010 17:16:16) (--A-) (b8f7c6ca5f8e97249853dbe1dadd1fbc)
C:\Windows\SysWOW64\rmoc3260.dll (185920 bytes) (RealNetworks, Inc.) (17.01.2010 15:29:39) (--A-) (99286d542a59c585329223f6c7f8e1db)
C:\Windows\SysWOW64\RTCOM\RTLCPAPI.dll (137760 bytes) (Realtek Semiconductor Corp.) (15.08.2009 09:03:10) (--A-) (91d3b4059a5fa1beb3ec24b5e06cd298)

[+] TCP Connections

N/A -> 0.0.0.0:135 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:445 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:554 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:990 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:2869 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:5357 -> 0.0.0.0:0 -> LISTENING
postgres.exe -> 0.0.0.0:5432 -> 0.0.0.0:0 -> LISTENING
GregHSRW.exe -> 0.0.0.0:8093 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:10243 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:49152 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:49153 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:49154 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:49155 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:49160 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:49161 -> 0.0.0.0:0 -> LISTENING
N/A -> 127.0.0.1:5679 -> 0.0.0.0:0 -> LISTENING
N/A -> 127.0.0.1:7438 -> 0.0.0.0:0 -> LISTENING
svchost.exe -> 127.0.0.1:9421 -> 0.0.0.0:0 -> LISTENING
svchost.exe -> 127.0.0.1:9422 -> 0.0.0.0:0 -> LISTENING
svchost.exe -> 127.0.0.1:9423 -> 0.0.0.0:0 -> LISTENING
N/A -> 192.168.178.37:139 -> 0.0.0.0:0 -> LISTENING
N/A -> 192.168.178.37:2869 -> 192.168.178.1:2119 -> TIME_WAIT
N/A -> 192.168.178.37:2869 -> 192.168.178.1:2122 -> TIME_WAIT
N/A -> 192.168.178.37:49155 -> 192.168.178.40:53520 -> ESTABLISHED
svchost.exe -> 192.168.178.37:49220 -> 213.248.117.215:443 -> ESTABLISHED
svchost.exe -> 192.168.178.37:49223 -> 0.0.0.0:0 -> LISTENING
chrome.exe -> 192.168.178.37:51450 -> 66.220.145.37:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:51572 -> 209.85.149.113:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:51574 -> 209.85.149.102:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:51588 -> 209.85.149.156:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:51601 -> 66.220.158.32:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:51886 -> 92.123.69.57:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:51887 -> 92.123.69.57:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:51888 -> 92.123.69.57:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:51889 -> 92.123.69.57:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:51890 -> 92.123.69.57:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:51891 -> 92.123.69.57:80 -> ESTABLISHED
N/A -> 192.168.178.37:51892 -> 69.63.189.39:80 -> TIME_WAIT
N/A -> 192.168.178.37:51893 -> 69.63.189.39:80 -> TIME_WAIT
chrome.exe -> 192.168.178.37:51894 -> 69.63.189.39:80 -> ESTABLISHED
N/A -> 192.168.178.37:51899 -> 66.220.145.37:80 -> TIME_WAIT
chrome.exe -> 192.168.178.37:51900 -> 92.123.69.104:80 -> ESTABLISHED
N/A -> 192.168.178.37:51902 -> 192.168.178.40:139 -> TIME_WAIT

[+] UDP Connections

N/A -> 0.0.0.0:3702 -> *.*
N/A -> 0.0.0.0:3702 -> *.*
N/A -> 0.0.0.0:3702 -> *.*
N/A -> 0.0.0.0:3702 -> *.*
N/A -> 0.0.0.0:5004 -> *.*
N/A -> 0.0.0.0:5005 -> *.*
N/A -> 0.0.0.0:5355 -> *.*
N/A -> 0.0.0.0:49152 -> *.*
N/A -> 0.0.0.0:55205 -> *.*
N/A -> 0.0.0.0:64331 -> *.*
N/A -> 127.0.0.1:1900 -> *.*
svchost.exe -> 127.0.0.1:49155 -> *.*
svchost.exe -> 127.0.0.1:49156 -> *.*
svchost.exe -> 127.0.0.1:55207 -> *.*
svchost.exe -> 127.0.0.1:55208 -> *.*
N/A -> 127.0.0.1:58679 -> *.*
N/A -> 192.168.178.37:137 -> *.*
N/A -> 192.168.178.37:138 -> *.*
N/A -> 192.168.178.37:1900 -> *.*
svchost.exe -> 192.168.178.37:55209 -> *.*
svchost.exe -> 192.168.178.37:55210 -> *.*
N/A -> 192.168.178.37:58678 -> *.*

[+] Hosts file


[+] Ring3 API Hooks

x64 OS not supported!

[+] Kernel Mode Info

x64 OS not supported!

---
Finish [ 0:1:19 ]



Kann es an den Hkey dingens liegen(siehe Highjack liste), bei der Auswertung heißt es die sind schädlich.

Viren sollt ich keine haben laut Virenscan.

Mfg
 
Seine Komponenten stehen doch in seinem Beitrag.

Erstmal Herzlich Willkommen im PCMasters Forum 🙂 !

Kannst du mal nur den Hijackthis log hier Posten in einem neuen Beitrag weil, ich verwirr mich ein bisschen in deinem Beitrag....

Und welches Antivirus Pogramm hast du ? Wenn du den Taskmanager öffnest dann siehst du unter Prozesse welcher Prozess grade wie viel MB zieht oder wie viel % er den Prozessor aus lastet. Villeicht mal dort alle Prozesse hier auf schreiben. Und mal nachschauen wenn dein PC eine kurze Zeit langsam wird welcher Prozess am meisten zieht.
 
Seine Komponenten stehen doch in seinem Beitrag.

Erstmal Herzlich Willkommen im PCMasters Forum 🙂 !

Kannst du mal nur den Hijackthis log hier Posten in einem neuen Beitrag weil, ich verwirr mich ein bisschen in deinem Beitrag....

Und welches Antivirus Pogramm hast du ? Wenn du den Taskmanager öffnest dann siehst du unter Prozesse welcher Prozess grade wie viel MB zieht oder wie viel % er den Prozessor aus lastet. Villeicht mal dort alle Prozesse hier auf schreiben. Und mal nachschauen wenn dein PC eine kurze Zeit langsam wird welcher Prozess am meisten zieht.


Danke schonmal,
also ich habe Avira Antivir personal
Und genau das ist ja das Problem, keines meiner Prozesse(unter Taskmanger) bezieht arg speicher, alles recht gering, also egal ob der Rechner normal läuft wie jetzt oder eben mal hängen bleibt, der MB Verbrauch bleibt gleich. nur der Leerlaufprozess ist meist dauerhaft auf 99% und das ist ja gut soweit ich weiß 🙂

hier mal ein neuer highjack log, den ich eben gemacht habe🙁alles dick markiert)


Hijack Hunter 1.8.4.0

Log created on 19.12.2010 at 03:11:23

[+] Generic system info

Operating System: Windows 7 Home Premium 64-bit
Build Version: 7600.win7_gdr.100618-1621
Internet Explorer: 8.0.7600.16385
System Folder: C:\Windows\system32

[+] Running processes

C:\Windows\System32\atiesrxx.exe (0 bytes) (AMD) () (HSAR) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\System32\atieclxx.exe (0 bytes) (AMD) () (HSAR) (d41d8cd98f00b204e9800998ecf8427e)
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (135336 bytes) (Avira GmbH) (22.09.2010 18:28:06) (--A-) (d0438db784d7bd2f07f5b9c7fb698049)
c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (169312 bytes) (Adobe Systems Incorporated) (08.12.2008 15:16:56) (--A-) (6d9fc1e7ea3c548f4d3455f0c3feef8c)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (267944 bytes) (Avira GmbH) (22.09.2010 18:28:06) (--A-) (55c34ff96dbf02a39523cf48503bf8d1)
C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (1150496 bytes) (Acer Incorporated) (04.06.2009 14:04:50) (--A-) (816fd5a6f3c2f3d600900096632fc60e)
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (260776 bytes) (Avira GmbH) (22.09.2010 18:28:06) (--A-) (e99612344fdd564d5671289e2ea7f44c)
C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe (66048 bytes) (PostgreSQL Global Development Group) (30.04.2010 03:26:17) (--A-) (afdf4bb9b45ea47bbb06c4ba57dfa1d5)
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (185632 bytes) (Protexis Inc.) (24.07.2007 11:15:14) (--A-) (a6a7ad767bf5141665f5c675f671b3e1)
C:\Program Files (x86)\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe (40960 bytes) (Realtek) (17.02.2010 05:18:12) (--A-) (bbfcac1c23b867ae5d7ef96df40680c5)
C:\Program Files (x86)\Realtek\RTL8187B Wireless LAN Utility\RtWlan.exe (1118208 bytes) (Realtek Semiconductor Corp.) (17.02.2010 05:18:13) (--A-) (66f39eb030f69731fd2731d83d6a3dbd)
C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe (4513792 bytes) (PostgreSQL Global Development Group) (30.04.2010 03:26:17) (--A-) (356d6b7e1932917fc89fd143690a1011)
C:\Program Files (x86)\ThreatFire\TFService.exe (70928 bytes) (PC Tools) (22.09.2010 18:28:48) (--A-) (2a5578a33baf46afef748ace0f973ae7)
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (1403200 bytes) (TuneUp Software) (30.09.2010 17:03:04) (--A-) (48e96687af5fd4a622466fe3bcd09e67)
C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesApp64.exe (834880 bytes) (TuneUp Software) (30.09.2010 17:03:08) (--A-) (3439d80e230b610ed6fbbe4487e00cce)
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe (240160 bytes) (Acer) (15.08.2009 09:22:15) (--A-) (70dde3a86dbeb1d6c3c30ad687b1877a)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2291568 bytes) (Microsoft Corporation) (18.08.2009 11:48:02) (--A-) (98f138897ef4246381d197cb81846d62)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (354840 bytes) (Intel Corporation) (15.08.2009 09:00:30) (--A-) (7548066df68a8a1a56b043359f915f37)
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (186904 bytes) (Intel Corporation) (15.08.2009 09:00:30) (--A-) (5af1e9600e3ff841e522703a4993ed0c)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (7981088 bytes) (Realtek Semiconductor) (15.08.2009 09:03:09) (--A-) (02c60c606b17d7797377f1ac837ea070)
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (2184520 bytes) (CANON INC.) (13.03.2010 21:12:27) (--A-) (338318e3cdd3989fae15f85bf5b3ef6b)
C:\Windows\vsnpstd3.exe (831488 bytes) (Unknown) (13.03.2010 22:04:30) (--A-) (db77bcd2d4e6e3058c0d9bdb9765228e)
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (281768 bytes) (Avira GmbH) (22.09.2010 18:28:06) (--A-) (61941d4566c3b09f377e0e1a97bd0d9a)
C:\Program Files (x86)\ThreatFire\TFTray.exe (378128 bytes) (PC Tools) (22.09.2010 18:28:49) (--A-) (6a52a7525aa33c7df2867bf3a7876e1c)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (65536 bytes) (Advanced Micro Devices Inc.) (22.04.2009 17:38:50) (--A-) (e7704cbf568815c1caa6e513387bd3f2)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (221040 bytes) (Microsoft Corporation) (18.08.2009 11:48:02) (--A-) (499147f015e87ac2c2ebaa368f6bfe96)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (65536 bytes) (ATI Technologies Inc.) (22.04.2009 17:37:16) (--A-) (74ef310fac89341ce2897b7f2c4a7b0f)
C:\Users\Ufuk\AppData\Local\Google\Chrome\Application\chrome.exe (991800 bytes) (Google Inc.) (11.07.2010 14:20:10) (--A-) (cd2529845b83b5d952d91fdc0143a266)
C:\Program Files (x86)\NoVirusThanks\Hijack Hunter\HijackHunter.exe (630784 bytes) (NoVirusThanks Company Srl) (11.12.2010 15:31:14) (--A-) (9f3044c2b3f27132a9dae449235fbaec)

[+] Loaded Modules

C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCP90.dll (569664 bytes) (Microsoft Corporation) (13.07.2009 22:10:23) (--A-) (105319e3d66d6e1bad22aadec1e9e0da)
C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll (652608 bytes) (Microsoft Corporation) (13.07.2009 22:10:23) (--A-) (93f0ffd46ba1ee3aeecd07678dd8e510)
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCP80.dll (554816 bytes) (Microsoft Corporation) (13.07.2009 21:46:11) (--A-) (cfc54225d1870fdbf6e9e75fb83a27cb)
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll (632656 bytes) (Microsoft Corporation) (13.07.2009 21:46:13) (--A-) (c4e9e285e1730d864dd4b35b73cdafdb)
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\comctl32.dll (530432 bytes) (Microsoft Corporation) (13.10.2010 13:54:49) (--A-) (d3ead1cf16ba729a7f7c9a5d94aa7c05)
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (1624576 bytes) (Microsoft Corporation) (14.07.2009 00:26:25) (--A-) (edb57065790b62ef83be117ad3edfde2)
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\COMCTL32.dll (1680896 bytes) (Microsoft Corporation) (13.10.2010 13:54:49) (--A-) (4b8dd8541c0e26602005dd0137333615)
C:\Windows\system32\OLEPRO32.DLL (90112 bytes) (Microsoft Corporation) (14.07.2009 00:43:54) (--A-) (c10459dbdc2099c5a8428cb7d87db85f)
C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.DLL (97280 bytes) (Microsoft Corporation) (15.08.2009 09:25:28) (--A-) (3e9a33113d663d8bd5ed38858e669652)
C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7\mfc90u.dll (3780424 bytes) (Microsoft Corporation) (22.09.2010 18:27:49) (--A-) (423069307fb726e51e2a66f1c3f738fe)
C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9\MFC90DEU.DLL (63296 bytes) (Microsoft Corporation) (22.09.2010 18:27:50) (--A-) (255742e72e7a4c331620f9601c29344e)
C:\Windows\system32\atiumdag.dll (3105280 bytes) (ATI Technologies Inc.) (18.08.2009 02:20:38) (--A-) (912aaadb198854104d747aa617458fe3)
C:\Windows\system32\atiumdva.dll (2868736 bytes) (ATI Technologies Inc.) (18.08.2009 02:05:32) (--A-) (dd53819a94889702b4ae20365dc7efb7)

[+] Registry startups

Value: StartCCC
Data: "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: tsnpstd3
Data: C:\Windows\tsnpstd3.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: avgnt
Data: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: ThreatFire
Data: C:\Program Files (x86)\ThreatFire\TFTray.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: msnmsgr
Data: "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
Data: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

Value: {3049C3E9-B461-4BC5-8870-4C09146192CA}
Data: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}

Value: {9030D464-4C02-4ABF-8ECC-5164760863C6}
Data: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

Value: {bf00e119-21a3-4fd1-b178-3b8537e75c92}
Data: C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}

Value: {CB0D163C-E9F4-4236-9496-0597E24B23A5}
Data: C:\Program Files (x86)\GamesBar\2.0.1.55\oberontb.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}

Value: {DBC80044-A445-435b-BC74-9C25C1C588A9}
Data: C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}


[+] Other Startups Methods


[+] Startup folders


[+] TCPIP nameservers


[+] Internet Explorer settings

Value: Start Page
Data:
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

Value: Start Page
Data:
Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Value: Default_Page_URL
Data:
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

Value: ProxyOverride
Data: local
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings


[+] Internet Explorer Trusted Sites


[+] Windows Firewall allowed programs


[+] Windows Firewall allowed ports


[+] System Hijack

Value: Hidden
Data: 2
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Value: EnableDCOM
Data: Y
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Ole

Value: Wallpaper
Data: C:\Users\Ufuk\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
Key: HKEY_CURRENT_USER\Control Panel\Desktop


[+] Executables in Temp folders

C:\Users\Ufuk\AppData\Local\Temp\BITBAD8.tmp (85465960 bytes) (Microsoft Corporation) (07.05.2010 00:58:22) (H-A-) (ad65ed29ff9d30b545b55851655d2e25)

[+] Executables in suspicious folders

C:\ProgramData\FullRemove.exe (36136 bytes) (Oberon Media) (15.08.2009 09:09:28) (--A-) (62b7c506b092d460898f3296da94b728)

[+] Autorun.ini


[+] Unknown .SYS files

C:\Windows\system32\drivers\avgntdd.sys (51992 bytes) (AVIRA GmbH) (22.09.2010 18:28:06) (--A-) (323860ec84bb332b613530d904380a4d)
C:\Windows\system32\drivers\avgntmgr.sys (17016 bytes) (AVIRA GmbH) (22.09.2010 18:28:06) (--A-) (7f8283ea8284dfde226e3262bed8c92a)
C:\Windows\system32\drivers\snpstd3.sys (10252672 bytes) (Sonix Co. Ltd.) (13.03.2010 22:04:29) (--A-) (3708efbaa0c3899430565e1d700f07c6)
C:\Windows\system32\drivers\StarOpen.sys (5632 bytes) (Unknown) (25.10.2007 16:26:10) (--A-) (306521935042fc0a6988d528643619b3)
C:\Windows\system32\drivers\TFsExDisk.Sys (16392 bytes) (Teruten Inc) (07.05.2010 07:43:32) (--A-) (ce4b6956e4e12492715a53076e58761f)

[+] Non accessible files


[+] Executables in Internet Explorer Folder


[+] Files created/modified 15 days ago

C:\Program Files (x86)\Avira\AntiVir Desktop\aecore.dll (196984 bytes) (Avira GmbH) (05.12.2010 16:00:27) (--A-) (6fa9b5c81a2144ff816d19c8a0c0e67e) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\aegen.dll (397685 bytes) (Avira GmbH) (05.12.2010 16:00:27) (--A-) (8c7eaaf14505bd51475968db20fae592) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\aehelp.dll (246136 bytes) (Avira GmbH) (05.12.2010 16:00:28) (--A-) (ea75b506f1f9b76f86f7dc5a986a9fd2) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\aeheur.dll (3142008 bytes) (Avira GmbH) (18.12.2010 14:21:59) (--A-) (168bb2b7c2a699a80491a48b73d36846) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\aepack.dll (512375 bytes) (Avira GmbH) (18.12.2010 14:22:01) (--A-) (dcc25bd018eab08d8a2f930ca9c0e982) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\aescript.dll (1286524 bytes) (Avira GmbH) (05.12.2010 16:00:31) (--A-) (b66bf3704d614fb0f0cf183176b9cf57) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\avarkt.dll (231784 bytes) (Avira GmbH) (08.12.2010 16:10:28) (--A-) (9d56d808efff44645801c4fa9699cc9e) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (267944 bytes) (Avira GmbH) (08.12.2010 16:10:30) (--A-) (55c34ff96dbf02a39523cf48503bf8d1) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (435368 bytes) (Avira GmbH) (08.12.2010 16:10:35) (--A-) (f12a7815a071dee00cd4aa7a3fffdade) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\avscplr.dll (84328 bytes) (Avira GmbH) (08.12.2010 16:10:35) (--A-) (509e3090ec3d291c2626384eead5ffb6) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\luke.dll (104296 bytes) (Avira GmbH) (08.12.2010 16:10:36) (--A-) (06da96b54ef94dee0bfa8912e0da7427) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe (666280 bytes) (Avira GmbH) (08.12.2010 16:10:39) (--A-) (ab6a087198d4b1716cc13b08951d8e69) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\unacev2.dll (77569 bytes) (ACE Compression Software) (18.12.2010 14:22:01) (--A-) (492e0883defbe740d5da3737e87c95ec) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\FAILSAFE\aecore.dll (196984 bytes) (Avira GmbH) (05.12.2010 16:00:27) (--A-) (6fa9b5c81a2144ff816d19c8a0c0e67e) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\FAILSAFE\aegen.dll (397685 bytes) (Avira GmbH) (05.12.2010 16:00:27) (--A-) (8c7eaaf14505bd51475968db20fae592) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\FAILSAFE\aehelp.dll (246136 bytes) (Avira GmbH) (05.12.2010 16:00:28) (--A-) (ea75b506f1f9b76f86f7dc5a986a9fd2) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\FAILSAFE\aeheur.dll (3142008 bytes) (Avira GmbH) (18.12.2010 14:21:59) (--A-) (168bb2b7c2a699a80491a48b73d36846) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\FAILSAFE\aepack.dll (512375 bytes) (Avira GmbH) (18.12.2010 14:22:01) (--A-) (dcc25bd018eab08d8a2f930ca9c0e982) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\FAILSAFE\aescript.dll (1286524 bytes) (Avira GmbH) (05.12.2010 16:00:31) (--A-) (b66bf3704d614fb0f0cf183176b9cf57) (Modified)
C:\Program Files (x86)\Avira\AntiVir Desktop\FAILSAFE\unacev2.dll (77569 bytes) (ACE Compression Software) (18.12.2010 14:22:01) (--A-) (492e0883defbe740d5da3737e87c95ec) (Modified)
C:\Program Files (x86)\Cheat Engine\dbghelp.dll (1213200 bytes) (Microsoft Corporation) (11.12.2010 01:28:45) (--A-) (4003e34416ebd25e4c115d49dc15e1a7) (Created)
C:\Program Files (x86)\Cheat Engine\unins001.exe (710490 bytes) (Unknown) (11.12.2010 01:28:45) (--A-) (f292769a769443cb7e5665e0086c032f) (Created)
C:\Program Files (x86)\Common Files\Akamai\AdminTool.exe (967752 bytes) (Unknown) (09.12.2010 00:56:48) (--A-) (317a34106c339307e525006c8b482445) (Modified)
C:\Program Files (x86)\Common Files\Akamai\netsession_win_aeec0f0.dll (3020888 bytes) (Unknown) (09.12.2010 00:56:38) (--A-) (aeec0f0c30480703ec797f848fe645a6) (Created)
C:\Program Files (x86)\Common Files\Akamai\rswinui.exe (1150024 bytes) (Unknown) (09.12.2010 00:56:48) (--A-) (7e703f2f90210d13ff83b648dc3932e7) (Modified)
C:\Program Files (x86)\Common Files\Akamai\uninstall.exe (432208 bytes) (Unknown) (09.12.2010 00:56:46) (--A-) (728299d10ed5de4eed6a800a349d0da6) (Modified)
C:\Program Files (x86)\Internet Explorer\iedvtool.dll (860160 bytes) (Microsoft Corporation) (16.12.2010 00:14:27) (--A-) (d7c1ef2b8a1353bf321030ec48b66066) (Created)
C:\Program Files (x86)\Internet Explorer\ieproxy.dll (163328 bytes) (Microsoft Corporation) (16.12.2010 00:14:23) (--A-) (1c9a08b23960fd10981882910c8bc28c) (Created)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (673040 bytes) (Microsoft Corporation) (16.12.2010 00:14:24) (--A-) (58cf468d3ff4cf830339fe5e45356355) (Created)
C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll (19416 bytes) (Mozilla Foundation) (11.12.2010 01:29:38) (--A-) (3ca3de162bfcf43fdcdade3cd586320a) (Modified)
C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe (122328 bytes) (Mozilla Foundation) (11.12.2010 01:29:41) (--A-) (6a4f596a2431dc1ce241d2f12d9eb71b) (Modified)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (910296 bytes) (Mozilla Corporation) (11.12.2010 01:29:41) (--A-) (5261202c54ad1f993d92b33457b87af6) (Modified)
C:\Program Files (x86)\Mozilla Firefox\freebl3.dll (249856 bytes) (Mozilla Foundation) (11.12.2010 01:29:41) (--A-) (7bc33d1ff3e2512eb7d0ef5095a01cf1) (Modified)
C:\Program Files (x86)\Mozilla Firefox\js3250.dll (922584 bytes) (Netscape Communications Corporation) (11.12.2010 01:29:41) (--A-) (02810813bb77cedf7c69bddb6b1286f4) (Modified)
C:\Program Files (x86)\Mozilla Firefox\mozcrt19.dll (715736 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (9a2adfbd8f5b254e9f3a83bc95f2b940) (Modified)
C:\Program Files (x86)\Mozilla Firefox\nspr4.dll (203736 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (7df96cf4a46f679ec761abb42a2d9e06) (Modified)
C:\Program Files (x86)\Mozilla Firefox\nss3.dll (646104 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (ea3f287cff29f37e431bbb205462bf32) (Modified)
C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll (343000 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (71d2b0b88ecfef071e7edf941a97cf87) (Modified)
C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll (98304 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (71c8a752b0d923c0e69534fcbf4c0eca) (Modified)
C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll (89048 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (a098fd9319a9e13e401db52532a84482) (Modified)
C:\Program Files (x86)\Mozilla Firefox\plc4.dll (21976 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (21fa41e68237c8f3e4e08c7f0ed90d62) (Modified)
C:\Program Files (x86)\Mozilla Firefox\plds4.dll (18904 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (f42d78548604f19a4141c8c7df669eef) (Modified)
C:\Program Files (x86)\Mozilla Firefox\smime3.dll (105432 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (032f64dd58f2f05cf775a3a537b5ba22) (Modified)
C:\Program Files (x86)\Mozilla Firefox\softokn3.dll (155648 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (2dde7b838ec67919b3b942ba3da4c56d) (Modified)
C:\Program Files (x86)\Mozilla Firefox\sqlite3.dll (459224 bytes) (sqlite.org) (11.12.2010 01:29:42) (--A-) (05a3b32e43fe7fe0336a6f65c7cc9b33) (Modified)
C:\Program Files (x86)\Mozilla Firefox\ssl3.dll (142296 bytes) (Mozilla Foundation) (11.12.2010 01:29:42) (--A-) (8aa4180f05e4acb486299fafb7dd6474) (Modified)
C:\Program Files (x86)\Mozilla Firefox\updater.exe (246744 bytes) (Mozilla Foundation) (11.12.2010 01:29:43) (--A-) (15a3f354eff31d147bbb159abd9683b7) (Modified)
C:\Program Files (x86)\Mozilla Firefox\xpcom.dll (19416 bytes) (Mozilla Foundation) (11.12.2010 01:29:43) (--A-) (401adb80d41841a3efaa191514ffe8b0) (Modified)
C:\Program Files (x86)\Mozilla Firefox\xul.dll (10806232 bytes) (Mozilla Foundation) (11.12.2010 01:29:45) (--A-) (b03ea5a5732726fb494c0598bc99333f) (Modified)
C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll (25048 bytes) (Mozilla Foundation) (11.12.2010 01:29:39) (--A-) (fb0e6fe8631dac2d2dc077e336b9377a) (Modified)
C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll (138712 bytes) (Mozilla Foundation) (11.12.2010 01:29:39) (--A-) (726a0ef6a2cc6af4100c72848ef67d18) (Modified)
C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll (66520 bytes) (mozilla.org) (11.12.2010 01:29:42) (--A-) (7a9790c3452910e8fe6fb8eafb9b415a) (Modified)
C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe (555760 bytes) (Mozilla Corporation) (11.12.2010 01:29:43) (--A-) (6d42264e1f806da53eeee6157e858a9a) (Modified)
C:\Program Files (x86)\NoVirusThanks\Hijack Hunter\HijackHunter.exe (630784 bytes) (NoVirusThanks Company Srl) (11.12.2010 15:31:14) (--A-) (9f3044c2b3f27132a9dae449235fbaec) (Created)
C:\Program Files (x86)\NoVirusThanks\Hijack Hunter\nhdrv.sys (4608 bytes) (NoVirusThanks Company Srl) (11.12.2010 15:31:15) (--A-) (8f40312ac7b0f3d0246fe52105e4f1d7) (Created)
C:\Program Files (x86)\NoVirusThanks\Hijack Hunter\unins000.exe (709638 bytes) (Unknown) (11.12.2010 15:31:14) (--A-) (9ffd2d09a743f2b1d9dc5a491ca58e36) (Created)
C:\Program Files (x86)\Steam\steamapps\kirbydancer\counter-strike\Core.dll (258106 bytes) (Unknown) (14.12.2010 19:32:18) (--A-) (c07ccb23f403fa3cf44fea955a74d071) (Modified)
C:\Program Files (x86)\Steam\steamapps\kirbydancer\counter-strike\DemoPlayer.dll (90112 bytes) (Unknown) (14.12.2010 19:32:18) (--A-) (7ef5b581202ca32bd0a5bf7043cbe04f) (Modified)
C:\Program Files (x86)\Steam\steamapps\kirbydancer\counter-strike\vgui2.dll (245819 bytes) (Unknown) (14.12.2010 19:32:16) (--A-) (547a53f3dff2be47838cdfee75194d98) (Modified)
C:\Program Files (x86)\Steam\steamapps\kirbydancer\counter-strike\voice_miles.dll (53248 bytes) (Unknown) (14.12.2010 19:32:18) (--A-) (bcceb6861babedf0024b7d2caea50923) (Modified)
C:\Program Files (x86)\Steam\steamapps\kirbydancer\counter-strike\voice_speex.dll (139264 bytes) (Unknown) (14.12.2010 19:49:47) (--A-) (0a812ecf43bfe0173a84734c70f4a260) (Modified)
C:\Program Files (x86)\Steam\steamapps\kirbydancer\counter-strike\cstrike\cl_dlls\client.dll (1074496 bytes) (Unknown) (14.12.2010 19:32:16) (--A-) (d3b7ade860eaa163dee7d49edea3de97) (Modified)
C:\Program Files (x86)\Steam\steamapps\kirbydancer\counter-strike\platform\servers\serverbrowser.dll (535552 bytes) (Unknown) (14.12.2010 19:32:19) (--A-) (82db5fec08b49d03f2b758d8f59d696e) (Modified)
C:\Program Files (x86)\Windows Mail\wab.exe (516096 bytes) (Microsoft Corporation) (16.12.2010 00:14:31) (--A-) (5992835831a58d35ed60435ea15e51ca) (Created)

[+] Hidden files in suspicious folders


[+] Suspicious Registry Keys


[+] Suspicious folders


[+] Drivers

C:\Windows\system32\drivers\amdxata.sys (amdxata) (amdxata) (Advanced Micro Devices) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\atihdmi.sys (AtiHdmiService) (ATI Service for HD Audio Codec) (ATI Research Inc.) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\atikmdag.sys (atikmdag) (atikmdag) (ATI Technologies Inc.) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\avgntflt.sys (avgntflt) (avgntflt) (Avira GmbH) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\avipbb.sys (avipbb) (avipbb) (Avira GmbH) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\blbdrive.sys (blbdrive) (blbdrive) (Microsoft Corporation) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\e1y60x64.sys (e1yexpress) (Intel(R) Gigabit-Netzwerkverbindungstreiber) (Intel Corporation) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\iastor.sys (iaStor) (Intel AHCI Controller) (Intel Corporation) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\rtkvhd64.sys (IntcAzAudAddService) (Service for Realtek HD Audio (WDM)) (Realtek Semiconductor Corp.) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\netr28ux.sys (netr28ux) (RT2870 USB Extensible Wireless LAN Card Driver) (Ralink Technology Corp.) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\npf.sys (NPF) (NetGroup Packet Filter Driver) (CACE Technologies, Inc.) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\pxhlpa64.sys (PxHlpa64) (PxHlpa64) (Sonic Solutions) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\snpstd3.sys (SNPSTD3) (USB PC Camera (SNPSTD3)) (Sonix Co. Ltd.) (3708efbaa0c3899430565e1d700f07c6)
C:\Windows\system32\drivers\sptd.sys (sptd) (sptd) (Unknown) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\swenum.sys (swenum) (Software Bus Driver) (Microsoft Corporation) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\tffsmon.sys (TfFsMon) (TfFsMon) (PC Tools) (d41d8cd98f00b204e9800998ecf8427e)
c:\windows\system32\drivers\tfnetmon.sys (TfNetMon) (TfNetMon) (PC Tools) (d41d8cd98f00b204e9800998ecf8427e)
C:\Windows\system32\drivers\tfsysmon.sys (TfSysMon) (TfSysMon) (PC Tools) (d41d8cd98f00b204e9800998ecf8427e)
c:\program files (x86)\tuneup utilities 2010\tuneuputilitiesdriver64.sys (TuneUpUtilitiesDrv) (TuneUpUtilitiesDrv) (TuneUp Software) (dcc94c51d27c7ec0dadeca8f64c94fcf)

[+] Drivers -> FSFilter Anti-Virus

Driver Name: avgntflt
Driver File: system32\DRIVERS\avgntflt.sys
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avgntflt


[+] Services

c:\program files (x86)\adobe\photoshop elements 7.0\photoshopelementsfileagent.exe (AdobeActiveFileMonitor7.0) (Adobe Active File Monitor V7) (Adobe Systems Incorporated) (6d9fc1e7ea3c548f4d3455f0c3feef8c)
c:\windows\system32\atiesrxx.exe (AMD External Events Utility) (AMD External Events Utility) (AMD) (d41d8cd98f00b204e9800998ecf8427e)
c:\program files (x86)\avira\antivir desktop\sched.exe (AntiVirSchedulerService) (Avira AntiVir Planer) (Avira GmbH) (d0438db784d7bd2f07f5b9c7fb698049)
c:\program files (x86)\avira\antivir desktop\avguard.exe (AntiVirService) (Avira AntiVir Guard) (Avira GmbH) (55c34ff96dbf02a39523cf48503bf8d1)

[+] ServiceDll

c:\program files (x86)\common files\akamai\netsession_win_aeec0f0.dll (3020888 bytes) (Unknown) (09.12.2010 00:56:38) (--A-) (aeec0f0c30480703ec797f848fe645a6)

[+] Unknown files in Winsock LSP

Value: LibraryPath
Data: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007

Value: LibraryPath
Data: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008

Value: LibraryPath
Data: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007

Value: LibraryPath
Data: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008

Value: LibraryPath
Data: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007

Value: LibraryPath
Data: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008


[+] Unknown files in CLSID

C:\Windows\SysWOW64\imagXpr7.dll (497296 bytes) (Pegasus Imaging Corp.) (04.07.2008 18:23:38) (--A-) (30cfd905ba1f1b85dc8e98cbf79f1d57)
C:\Windows\SysWow64\atiumdva.dll (2868736 bytes) (ATI Technologies Inc.) (18.08.2009 02:05:32) (--A-) (dd53819a94889702b4ae20365dc7efb7)
C:\Windows\SysWow64\RealMediaSplitter.ax (421888 bytes) (Gabest) (12.10.2009 07:30:22) (--A-) (96d1780365241cf98a56165fc04cfd55)
C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (341600 bytes) (RealPlayer) (23.03.2010 06:12:20) (--A-) (87718b465f86597acf88772cfb00b055)
C:\Windows\SysWOW64\igfxdv32.dll (216576 bytes) (Intel Corporation) (15.08.2009 09:41:06) (--A-) (8b05e9fd64e217c1e9f8ec89d46688b0)
C:\Windows\SysWOW64\RTCOM\RTCOMDLL.dll (1038880 bytes) (Realtek Semiconductor Corp.) (15.08.2009 09:03:09) (--A-) (33b69c63da09044b0a27574fed76082b)
C:\Windows\SysWOW64\RTCOM\RtkCfg.dll (141856 bytes) (Realtek Semiconductor Corp.) (15.08.2009 09:03:10) (--A-) (1a10554b68b57a4af88d4b09a4ac89e9)
C:\Windows\SysWow64\deployJava1.dll (411368 bytes) (Sun Microsystems, Inc.) (11.07.2010 17:16:16) (--A-) (b8f7c6ca5f8e97249853dbe1dadd1fbc)
C:\Windows\SysWOW64\rmoc3260.dll (185920 bytes) (RealNetworks, Inc.) (17.01.2010 15:29:39) (--A-) (99286d542a59c585329223f6c7f8e1db)
C:\Windows\SysWOW64\RTCOM\RTLCPAPI.dll (137760 bytes) (Realtek Semiconductor Corp.) (15.08.2009 09:03:10) (--A-) (91d3b4059a5fa1beb3ec24b5e06cd298)

[+] TCP Connections

N/A -> 0.0.0.0:135 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:445 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:554 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:990 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:2869 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:5357 -> 0.0.0.0:0 -> LISTENING
postgres.exe -> 0.0.0.0:5432 -> 0.0.0.0:0 -> LISTENING
GregHSRW.exe -> 0.0.0.0:8093 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:10243 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:49152 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:49153 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:49154 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:49155 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:49161 -> 0.0.0.0:0 -> LISTENING
N/A -> 0.0.0.0:49163 -> 0.0.0.0:0 -> LISTENING
N/A -> 127.0.0.1:5679 -> 0.0.0.0:0 -> LISTENING
N/A -> 127.0.0.1:7438 -> 0.0.0.0:0 -> LISTENING
svchost.exe -> 127.0.0.1:9421 -> 0.0.0.0:0 -> LISTENING
svchost.exe -> 127.0.0.1:9422 -> 0.0.0.0:0 -> LISTENING
svchost.exe -> 127.0.0.1:9423 -> 0.0.0.0:0 -> LISTENING
N/A -> 192.168.178.37:139 -> 0.0.0.0:0 -> LISTENING
svchost.exe -> 192.168.178.37:49158 -> 213.248.117.222:443 -> ESTABLISHED
svchost.exe -> 192.168.178.37:49159 -> 0.0.0.0:0 -> LISTENING
chrome.exe -> 192.168.178.37:49322 -> 66.220.149.18:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49363 -> 74.114.14.111:9339 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49365 -> 66.220.145.37:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49366 -> 74.114.14.176:9339 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49383 -> 50.16.235.171:8890 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49450 -> 74.125.39.100:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49633 -> 66.220.156.32:80 -> ESTABLISHED
N/A -> 192.168.178.37:49646 -> 192.168.178.1:49000 -> TIME_WAIT
N/A -> 192.168.178.37:49647 -> 192.168.178.1:49000 -> TIME_WAIT
chrome.exe -> 192.168.178.37:49653 -> 188.111.53.35:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49654 -> 188.111.53.35:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49655 -> 208.71.123.72:80 -> ESTABLISHED
N/A -> 192.168.178.37:49656 -> 208.71.123.72:80 -> TIME_WAIT
chrome.exe -> 192.168.178.37:49657 -> 74.125.39.156:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49659 -> 74.125.39.149:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49660 -> 74.125.39.148:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49661 -> 208.81.234.1:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49663 -> 208.71.125.1:80 -> ESTABLISHED
N/A -> 192.168.178.37:49664 -> 192.168.178.1:49000 -> TIME_WAIT
N/A -> 192.168.178.37:49665 -> 192.168.178.1:49000 -> TIME_WAIT
N/A -> 192.168.178.37:49666 -> 192.168.178.1:49000 -> TIME_WAIT
chrome.exe -> 192.168.178.37:49667 -> 74.125.43.190:80 -> ESTABLISHED
N/A -> 192.168.178.37:49668 -> 74.125.39.149:80 -> TIME_WAIT
chrome.exe -> 192.168.178.37:49669 -> 74.125.39.138:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49670 -> 74.125.39.138:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49671 -> 74.125.39.113:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49672 -> 74.125.39.113:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49673 -> 74.125.39.113:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49674 -> 74.125.39.102:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49675 -> 74.125.39.102:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49676 -> 74.125.39.101:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49677 -> 74.125.39.101:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49678 -> 74.125.39.101:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49679 -> 74.125.39.113:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49681 -> 74.125.224.38:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49682 -> 74.125.39.149:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49684 -> 74.125.160.39:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49685 -> 74.125.39.102:80 -> ESTABLISHED
chrome.exe -> 192.168.178.37:49686 -> 74.125.39.100:80 -> ESTABLISHED
N/A -> 192.168.178.37:49687 -> 192.168.178.1:49000 -> TIME_WAIT
N/A -> 192.168.178.37:49688 -> 192.168.178.1:49000 -> TIME_WAIT
N/A -> 192.168.178.37:49689 -> 192.168.178.1:49000 -> TIME_WAIT
N/A -> 192.168.178.37:49690 -> 192.168.178.1:49000 -> TIME_WAIT
N/A -> 192.168.178.37:49691 -> 192.168.178.1:49000 -> TIME_WAIT
N/A -> 192.168.178.37:49692 -> 192.168.178.1:49000 -> TIME_WAIT

[+] UDP Connections

N/A -> 0.0.0.0:3544 -> *.*
N/A -> 0.0.0.0:3702 -> *.*
N/A -> 0.0.0.0:3702 -> *.*
N/A -> 0.0.0.0:3702 -> *.*
N/A -> 0.0.0.0:3702 -> *.*
N/A -> 0.0.0.0:5004 -> *.*
N/A -> 0.0.0.0:5005 -> *.*
N/A -> 0.0.0.0:5355 -> *.*
N/A -> 0.0.0.0:49152 -> *.*
N/A -> 0.0.0.0:49154 -> *.*
N/A -> 0.0.0.0:52741 -> *.*
N/A -> 127.0.0.1:1900 -> *.*
N/A -> 127.0.0.1:58313 -> *.*
svchost.exe -> 127.0.0.1:62516 -> *.*
svchost.exe -> 127.0.0.1:62517 -> *.*
svchost.exe -> 127.0.0.1:65126 -> *.*
svchost.exe -> 127.0.0.1:65127 -> *.*
N/A -> 192.168.178.37:137 -> *.*
N/A -> 192.168.178.37:138 -> *.*
N/A -> 192.168.178.37:1900 -> *.*
N/A -> 192.168.178.37:57018 -> *.*
N/A -> 192.168.178.37:58312 -> *.*
svchost.exe -> 192.168.178.37:62518 -> *.*
svchost.exe -> 192.168.178.37:62519 -> *.*

[+] Hosts file


[+] Ring3 API Hooks

x64 OS not supported!

[+] Kernel Mode Info

x64 OS not supported!

---
Finish [ 0:2:35 ]



Gruß


EDIT:
PS:
Habe es mit HiJackHUNTER gemacht, da ich gehört habe, dieser gebe inzwischen bessere Auskünfte als HijackTHIS
 
Zuletzt bearbeitet:

Online-Statistiken

Zurzeit aktive Mitglieder
2
Zurzeit aktive Gäste
40
Besucher gesamt
42

Beliebte Forum-Themen

Zurück
Oben Unten