Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Ungewöhnlich viele Nat verbindungen

Ungewöhnlich viele Nat verbindungen


Plagegeister aller Art und deren Bekämpfung: Ungewöhnlich viele Nat verbindungen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 19.01.2012, 21:01   #1
naractis
 
Ungewöhnlich viele Nat verbindungen - Standard

Ungewöhnlich viele Nat verbindungen


Hallo
Der besagte Laptop macht baut ungewöhnlich viele Nat Verbindungen auf. Gemerkt habe ich das, als ich im Fehler log des Routers (Zyxel P-660HN-F1Z) nach einer gewissen Surfzeit die Meldung "192.168.x.x 192.168.x.x exceeds the max. number of session per host!" erhielt, und das Surfen unerträglich wurde (auch viele Verbindungsabbrüche / Verbindungsprobleme).

Die Nat Table meines Routers war Standartmässig auf 1024 Verbindungen pro IP eingestellt. Diese habe ich auf 2048 erhöht. Als das Problem nach einer Weile erneut auftauchte, erhöhte ich sie auf 3072.

Anstatt am Router herum zu doktern wollte ich lieber von Euch wissen, warum mein Laptop dermassen ungewöhnlich viele Verbindungen aufbaut. (Nein, es laufen keine Filesharing Programme!)

Ein Virusscan mit Avira Antivir und Microsoft Security Essentials haben nichts gefunden.

Code:
ATTFilter
OTL logfile created on: 19.01.2012 19:26:16 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Naractis\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
2.97 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 65.32% Memory free
5.93 Gb Paging File | 4.62 Gb Available in Paging File | 77.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452.69 Gb Total Space | 246.00 Gb Free Space | 54.34% Space Free | Partition Type: NTFS
Drive D: | 13.06 Gb Total Space | 2.03 Gb Free Space | 15.54% Space Free | Partition Type: NTFS
 
Computer Name: NARACTISBOOK | User Name: Naractis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.19 19:22:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Naractis\Desktop\OTL.exe
PRC - [2011.11.08 15:52:48 | 000,376,704 | R--- | M] (cFos Software GmbH) -- C:\Programme\cFosSpeed\spd.exe
PRC - [2011.11.08 15:52:44 | 001,219,456 | R--- | M] (cFos Software GmbH) -- C:\Programme\cFosSpeed\cfosspeed.exe
PRC - [2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Naractis\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.07.01 14:01:19 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.05.01 09:11:59 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () -- C:\Programme\Synology\Assistant\UsbClientService.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.11.03 20:02:59 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.01 12:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpHostW.exe
PRC - [2009.12.01 12:37:46 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Programme\DigitalPersona\Bin\DpAgent.exe
PRC - [2009.09.16 16:42:30 | 000,210,216 | ---- | M] (CyberLink) -- c:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009.08.21 10:07:14 | 000,100,408 | ---- | M] (Hewlett-Packard ) -- C:\Programme\Hewlett-Packard\HPToneControl\HPToneCtl.exe
PRC - [2009.07.21 09:34:52 | 000,567,864 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009.07.21 01:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.07.21 01:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
PRC - [2009.07.14 02:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.03.01 21:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe
PRC - [2008.10.25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.09.16 09:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2008.06.11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.11.21 15:54:34 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.09.16 16:42:28 | 000,931,112 | ---- | M] () -- c:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009.07.21 09:34:52 | 000,567,864 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2008.05.07 21:33:46 | 000,417,792 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AdobeXMP.dll
MOD - [2007.11.16 16:02:18 | 000,479,232 | R--- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\ccme_base.dll
MOD - [2007.11.16 16:02:18 | 000,401,408 | R--- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\cryptocme2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.11.26 17:14:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.11.08 15:52:48 | 000,376,704 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Program Files\cFosSpeed\spd.exe -- (cFosSpeedS)
SRV - [2011.07.01 14:01:19 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011.05.01 09:11:59 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.03.28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011.02.18 07:18:50 | 000,245,760 | ---- | M] () [Auto | Running] -- C:\Programme\Synology\Assistant\UsbClientService.exe -- (UsbClientService)
SRV - [2010.07.18 22:47:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.03.22 17:29:18 | 000,390,472 | ---- | M] (gogo6, Inc.) [On_Demand | Stopped] -- C:\Programme\gogo6\gogoCLIENT\gogoc.exe -- (gogoc)
SRV - [2009.12.01 12:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009.07.21 01:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe -- (STacSV)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.01 21:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe -- (AESTFilters)
SRV - [2008.09.16 09:33:18 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2007.05.31 08:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 08:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.11.08 15:52:52 | 000,972,160 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\cfosspeed6.sys -- (cFosSpeed) cFosSpeed for faster Internet connections (NDIS 6)
DRV - [2011.07.01 14:01:20 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 14:01:20 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011.02.18 07:20:22 | 000,046,304 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\busenum.sys -- (busenum)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.07.23 17:46:42 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.06.15 15:53:28 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2010.06.15 15:53:12 | 000,033,848 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.03.22 17:29:10 | 000,021,064 | ---- | M] (gogo6 Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gogotun.sys -- (gogoTunnelDevice)
DRV - [2010.02.22 16:23:46 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/07/24 16:03:51] [Kernel | Auto | Running] -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2010.01.13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.10.03 05:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.08.05 21:59:30 | 000,750,592 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2009.07.26 21:39:24 | 000,659,592 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\Windows\System32\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV - [2009.07.21 01:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.05.22 07:32:56 | 000,284,928 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerAF15.sys -- (AVerAF15)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.29 06:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009.03.06 18:09:52 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2008.10.22 16:42:10 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.09.16 09:33:38 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.09.04 00:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 46 98 B3 E1 D1 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.microsoft.com/fwlink/?LinkId=69157"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.80
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..keyword.URL: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Naractis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Naractis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Naractis\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2010.08.15 08:09:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.19 10:01:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.14 12:48:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 12:48:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2010.08.15 08:09:50 | 000,000,000 | ---D | M]
 
[2010.07.18 22:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Naractis\AppData\Roaming\mozilla\Extensions
[2012.01.15 21:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Naractis\AppData\Roaming\mozilla\Firefox\Profiles\gprpat5c.default\extensions
[2010.07.18 22:56:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Naractis\AppData\Roaming\mozilla\Firefox\Profiles\gprpat5c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.05.21 02:17:18 | 000,001,632 | ---- | M] () -- C:\Users\Naractis\AppData\Roaming\Mozilla\Firefox\Profiles\gprpat5c.default\searchplugins\live-search.xml
[2012.01.14 12:30:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.08.02 05:13:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\USERS\NARACTIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPRPAT5C.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\NARACTIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPRPAT5C.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.12.21 08:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: \Auf gut Gl\u00FCck\-Schnellsuche (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&meta=lr%3Dlang_de&btnI=I%27m+Feeling+Lucky
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Naractis\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Naractis\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Naractis\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Naractis\AppData\Local\Google\Update\1.3.21.71\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Speed Dial = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.1_0\
CHR - Extension: AdBlock = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.13_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\5.9.6_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Naractis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.11.26 17:06:06 | 000,001,392 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       activate.adobe.com
O1 - Hosts: 127.0.0.1       practivate.adobe.com
O1 - Hosts: 127.0.0.1       ereg.adobe.com
O1 - Hosts: 127.0.0.1       activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1       wip3.adobe.com
O1 - Hosts: 127.0.0.1       3dns-3.adobe.com
O1 - Hosts: 127.0.0.1       3dns-2.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1       ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1       activate-sea.adobe.com
O1 - Hosts: 127.0.0.1       wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1       activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1       wwis-dubc1-vip60.adobe.com
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [DpAgent] C:\Programme\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [HPToneControl] C:\Programme\Hewlett-Packard\HPToneControl\HPToneCtl.exe (Hewlett-Packard )
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Users\Naractis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Naractis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.230.1.39 194.230.1.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AA745F0-1068-417F-8401-7ACC5D7A3829}: DhcpNameServer = 194.230.1.39 194.230.1.103
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60038E5B-62F8-4476-A978-605E47B5FE35}: DhcpNameServer = 138.188.101.186 138.188.101.189
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CED028D9-9E09-4765-83F4-E0547C591A86}: NameServer = 192.168.0.1,192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.19 19:22:30 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Naractis\Desktop\OTL.exe
[2012.01.19 19:06:34 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Naractis\Desktop\aswMBR.exe
[2012.01.15 13:07:17 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.01.14 19:33:07 | 000,750,592 | ---- | C] (Ralink Technology Corp.) -- C:\Windows\System32\drivers\Dnetr28u.sys
[2012.01.14 19:33:07 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\System32\RaCoInst.dll
[2012.01.14 12:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.01.14 12:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cFosSpeed Traffic Shaping
[2012.01.14 12:32:43 | 000,972,160 | ---- | C] (cFos Software GmbH) -- C:\Windows\System32\drivers\cfosspeed6.sys
[2012.01.14 12:32:42 | 000,000,000 | ---D | C] -- C:\Users\Naractis\AppData\Local\cFos
[2012.01.14 12:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\cFos
[2012.01.14 12:06:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.01.08 18:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Duden
[2012.01.08 18:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duden
[2012.01.08 17:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\Duden
[2012.01.07 17:10:31 | 000,483,328 | ---- | C] (Simon Tatham) -- C:\Users\Naractis\Desktop\putty.exe
[2012.01.04 14:15:31 | 000,000,000 | ---D | C] -- C:\Users\Naractis\AppData\Local\GoPro
[2011.12.26 17:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\CineForm
[2011.12.26 17:02:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
[2011.12.26 17:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\GoPro
[2011.06.15 21:13:05 | 000,219,136 | ---- | C] (TODO: <Company name>) -- C:\Program Files\launcher.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.19 19:27:10 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.19 19:27:10 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.19 19:26:06 | 000,698,998 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.19 19:26:06 | 000,654,276 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.19 19:26:06 | 000,149,162 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.19 19:26:06 | 000,122,108 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.19 19:25:25 | 000,000,512 | ---- | M] () -- C:\Users\Naractis\Desktop\MBR.dat
[2012.01.19 19:22:34 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Naractis\Desktop\OTL.exe
[2012.01.19 19:19:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.19 19:19:25 | 2390,118,400 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.19 19:17:20 | 000,000,020 | ---- | M] () -- C:\Users\Naractis\defogger_reenable
[2012.01.19 19:16:13 | 000,050,477 | ---- | M] () -- C:\Users\Naractis\Desktop\Defogger.exe
[2012.01.19 19:06:55 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Naractis\Desktop\aswMBR.exe
[2012.01.19 19:05:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2455071247-1841323591-682351765-1001UA.job
[2012.01.19 18:49:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2455071247-1841323591-682351765-1001UA.job
[2012.01.19 16:14:56 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2455071247-1841323591-682351765-1001Core.job
[2012.01.19 16:05:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2455071247-1841323591-682351765-1001Core.job
[2012.01.14 19:35:20 | 000,000,009 | ---- | M] () -- C:\Windows\System32\ANIWZCSUSERNAME{0CF68E52-0DF1-47E6-80D9-7474EDE5FB02}
[2012.01.14 12:30:19 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.14 12:07:08 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.01.12 23:30:22 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNaractis.job
[2012.01.10 13:40:47 | 002,548,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.07 17:37:00 | 000,000,600 | ---- | M] () -- C:\Users\Naractis\AppData\Local\PUTTY.RND
[2012.01.07 17:10:39 | 000,483,328 | ---- | M] (Simon Tatham) -- C:\Users\Naractis\Desktop\putty.exe
[2012.01.07 13:51:18 | 000,002,416 | ---- | M] () -- C:\Users\Naractis\Desktop\Google Chrome.lnk
[2012.01.04 23:17:30 | 000,007,606 | ---- | M] () -- C:\Users\Naractis\AppData\Local\Resmon.ResmonCfg
[2011.12.26 17:02:18 | 000,001,111 | ---- | M] () -- C:\Users\Naractis\Desktop\GoPro CineForm Studio.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.19 19:17:04 | 000,000,020 | ---- | C] () -- C:\Users\Naractis\defogger_reenable
[2012.01.19 19:16:12 | 000,050,477 | ---- | C] () -- C:\Users\Naractis\Desktop\Defogger.exe
[2012.01.19 19:10:20 | 000,000,512 | ---- | C] () -- C:\Users\Naractis\Desktop\MBR.dat
[2012.01.14 19:35:20 | 000,000,009 | ---- | C] () -- C:\Windows\System32\ANIWZCSUSERNAME{0CF68E52-0DF1-47E6-80D9-7474EDE5FB02}
[2012.01.14 19:33:08 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2012.01.14 19:33:07 | 000,013,931 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2012.01.14 12:30:19 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.14 12:07:08 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.01.14 12:06:28 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.01.10 18:04:12 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForNaractis.job
[2012.01.07 17:15:34 | 000,000,600 | ---- | C] () -- C:\Users\Naractis\AppData\Local\PUTTY.RND
[2011.12.26 17:02:18 | 000,001,111 | ---- | C] () -- C:\Users\Naractis\Desktop\GoPro CineForm Studio.lnk
[2011.09.17 10:06:02 | 000,007,606 | ---- | C] () -- C:\Users\Naractis\AppData\Local\Resmon.ResmonCfg
[2011.06.15 21:13:05 | 000,080,384 | ---- | C] () -- C:\Program Files\phnxdll.dll
[2011.06.15 21:12:55 | 003,297,280 | ---- | C] () -- C:\Program Files\phoenixRC.exe
[2011.06.02 11:40:00 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.02 11:37:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.01.04 16:08:31 | 000,001,849 | ---- | C] () -- C:\Users\Naractis\AppData\Roaming\GhostObjGAFix.xml
[2010.10.22 20:21:10 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010.10.11 19:34:28 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.10.11 19:34:28 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2010.09.25 13:18:02 | 000,111,928 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.09.25 13:17:56 | 002,373,712 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.09.25 13:17:56 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.08.16 23:10:51 | 000,000,600 | ---- | C] () -- C:\Users\Naractis\AppData\Roaming\winscp.rnd
[2010.08.02 05:14:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.23 18:44:51 | 000,000,350 | ---- | C] () -- C:\Windows\System32\AP6RMHV.BIN
[2010.07.23 18:44:51 | 000,000,308 | ---- | C] () -- C:\Windows\System32\AP6RMKV.BIN
[2010.07.23 18:44:51 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AP6RMJH.BIN
[2010.07.23 18:44:51 | 000,000,238 | ---- | C] () -- C:\Windows\System32\AP6RMFP.BIN
[2010.07.23 18:44:51 | 000,000,189 | ---- | C] () -- C:\Windows\System32\AP6RMKS.BIN
[2010.07.23 18:44:51 | 000,000,126 | ---- | C] () -- C:\Windows\System32\AP6RMHR.BIN
[2009.08.28 10:52:28 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp1ml3.dll
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 09:47:43 | 000,698,998 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,149,162 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 002,548,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,654,276 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,122,108 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.11.14 15:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
 
========== LOP Check ==========
 
[2011.03.08 19:43:06 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\.Kanton ZH
[2011.11.26 17:02:43 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\DAEMON Tools Lite
[2010.07.23 18:39:51 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\DigitalPersona
[2012.01.19 19:21:00 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\Dropbox
[2011.11.11 16:41:19 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\EVEMon
[2011.09.17 12:42:19 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\FileZilla
[2010.09.19 15:16:29 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\FreeCommander
[2010.08.31 11:47:34 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\NCH Swift Sound
[2010.07.18 22:59:23 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\Static EMail Backup
[2011.09.17 12:42:19 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\TS3Client
[2011.05.01 09:24:36 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\TuneUp Software
[2012.01.14 17:44:16 | 000,000,000 | ---D | M] -- C:\Users\Naractis\AppData\Roaming\uTorrent
[2012.01.19 16:05:00 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2455071247-1841323591-682351765-1001Core.job
[2012.01.19 19:05:01 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2455071247-1841323591-682351765-1001UA.job
[2012.01.14 01:49:56 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Code:
ATTFilter
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-19 19:07:34
-----------------------------
19:07:34.376    OS Version: Windows 6.1.7601 Service Pack 1
19:07:34.376    Number of processors: 2 586 0x170A
19:07:34.378    ComputerName: NARACTISBOOK  UserName: Naractis
19:07:40.033    Initialize success
19:08:59.841    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:08:59.841    Disk 0 Vendor: TOSHIBA_MK5055GSX FG002C Size: 476940MB BusType: 11
19:08:59.872    Disk 0 MBR read successfully
19:08:59.872    Disk 0 MBR scan
19:08:59.872    Disk 0 Windows 7 default MBR code
19:08:59.888    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       463559 MB offset 2048
19:08:59.904    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        13377 MB offset 949370880
19:08:59.919    Disk 0 scanning sectors +976766976
19:08:59.982    Disk 0 scanning C:\Windows\system32\drivers
19:09:11.229    Service scanning
19:09:12.774    Service MpKsl2cc050e4 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9D53B79D-CCB8-46B9-B8A4-BAC0FE155330}\MpKsl2cc050e4.sys **LOCKED** 32
19:09:12.774    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
19:09:13.039    Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
19:09:13.663    Modules scanning
19:09:41.088    Disk 0 trace - called modules:
19:09:41.119    ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys >>UNKNOWN [0x8594a1f8]<<
19:09:41.119    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8683e530]
19:09:41.135    3 CLASSPNP.SYS[8bba059e] -> nt!IofCallDriver -> [0x8683e020]
19:09:41.135    5 hpdskflt.sys[8bb52090] -> nt!IofCallDriver -> [0x86669918]
19:09:41.135    7 ACPI.sys[837ab3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86714908]
19:09:41.150    \Driver\atapi[0x866fc910] -> IRP_MJ_CREATE -> 0x8594a1f8
19:09:41.166    Scan finished successfully
19:10:20.306    Disk 0 MBR has been saved successfully to "C:\Users\Naractis\Desktop\MBR.dat"
19:10:20.306    The log file has been saved successfully to "C:\Users\Naractis\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-19 19:23:59
-----------------------------
19:23:59.663    OS Version: Windows 6.1.7601 Service Pack 1
19:23:59.663    Number of processors: 2 586 0x170A
19:23:59.663    ComputerName: NARACTISBOOK  UserName: Naractis
19:24:01.004    Initialize success
19:24:07.873    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:24:07.873    Disk 0 Vendor: TOSHIBA_MK5055GSX FG002C Size: 476940MB BusType: 11
19:24:07.904    Disk 0 MBR read successfully
19:24:07.904    Disk 0 MBR scan
19:24:07.904    Disk 0 Windows 7 default MBR code
19:24:07.920    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       463559 MB offset 2048
19:24:07.951    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        13377 MB offset 949370880
19:24:07.951    Disk 0 scanning sectors +976766976
19:24:08.045    Disk 0 scanning C:\Windows\system32\drivers
19:24:26.001    Service scanning
19:24:31.273    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
19:24:31.929    Modules scanning
19:25:04.829    Disk 0 trace - called modules:
19:25:04.845    ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys ataport.SYS PCIIDEX.SYS msahci.sys 
19:25:05.359    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867c3030]
19:25:05.359    3 CLASSPNP.SYS[8b80459e] -> nt!IofCallDriver -> [0x867be918]
19:25:05.359    5 hpdskflt.sys[8ba02090] -> nt!IofCallDriver -> [0x86718938]
19:25:05.375    7 ACPI.sys[8b4a93d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x866c6908]
19:25:05.375    Scan finished successfully
19:25:25.249    Disk 0 MBR has been saved successfully to "C:\Users\Naractis\Desktop\MBR.dat"
19:25:25.249    The log file has been saved successfully to "C:\Users\Naractis\Desktop\aswMBR.txt"
Da der Laptop während des Scanns keine Internetverbindung hatte, ist die aktuelle Nat Tabelle noch nicht so voll. Vielleicht könnt Ihr trotzdem etwas herauslesen.
Code:
ATTFilter
================================Nat session table==============================
Slot Prot   Internal-IP  :Port    Outgoing-IP  :Port    External-IP  :Port  Idle
================================================================================
  12 UDP  192.168.1.35   :58984 188.155.176.227:17046 194.230.1.39   :53    75
  33 TCP  192.168.1.35   :41145 188.155.176.227:24074 62.75.211.133  :6667  47
  36 TCP  192.168.1.33   :49643 188.155.176.227:24504 193.192.226.164:443   16
  48 TCP  192.168.1.35   :50596 188.155.176.227:24262 199.59.148.139 :443   26
  60 UDP  192.168.1.35   :58158 188.155.176.227:16280 194.230.1.39   :53    25
 130 TCP  192.168.1.33   :49528 188.155.176.227:24283 74.125.232.110 :80    17
 142 TCP  192.168.1.35   :47296 188.155.176.227:16285 173.194.70.84  :443   0
 170 UDP  192.168.1.33   :49483 188.155.176.227:19922 194.230.1.39   :53    154
 173 TCP  192.168.1.33   :49516 188.155.176.227:23823 199.47.217.149 :80    36
 177 UDP  192.168.1.35   :51413 188.155.176.227:29710 213.203.152.155:50227 148
 185 UDP  192.168.1.35   :36879 188.155.176.227:20534 194.230.1.39   :53    90
 196 TCP  192.168.1.35   :43140 188.155.176.227:24144 173.194.35.17  :80    0
 217 UDP  192.168.1.35   :47507 188.155.176.227:24532 194.230.1.39   :53    25
 225 TCP  192.168.1.35   :53194 188.155.176.227:11308 222.94.132.134 :10224 6015
 238 UDP  192.168.1.35   :43710 188.155.176.227:24509 194.230.1.39   :53    90
 282 TCP  192.168.1.33   :49633 188.155.176.227:24489 173.194.35.44  :443   39
 309 TCP  192.168.1.35   :33503 188.155.176.227:24535 173.194.35.18  :80    10
 352 UDP  192.168.1.35   :51413 188.155.176.227:29710 80.108.238.72  :57417 117
 376 UDP  192.168.1.35   :38132 188.155.176.227:24534 194.230.1.39   :53    10
 377 TCP  192.168.1.35   :59933 188.155.176.227:24147 173.194.35.17  :443   4
 425 UDP  192.168.1.35   :51413 188.155.176.227:29710 78.86.125.0    :44098 47
 491 UDP  192.168.1.35   :43651 188.155.176.227:24506 194.230.1.39   :53    112
 496 TCP  192.168.1.35   :52742 188.155.176.227:20078 14.209.219.157 :10439 3826
 516 UDP  192.168.1.33   :50969 188.155.176.227:24493 194.230.1.39   :53    162
 518 UDP  192.168.1.35   :51413 188.155.176.227:29710 94.66.185.79   :28115 165
 532 UDP  192.168.1.33   :60440 188.155.176.227:15189 194.230.1.39   :53    91
 548 UDP  192.168.1.35   :45820 188.155.176.227:21985 194.230.1.39   :53    80
 574 TCP  192.168.1.33   :49548 188.155.176.227:24327 74.125.232.117 :443   14
 612 UDP  192.168.1.35   :49271 188.155.176.227:24526 194.230.1.39   :53    81
 622 TCP  192.168.1.35   :59625 188.155.176.227:12971 84.226.250.159 :22224 8277
 626 TCP  192.168.1.33   :49636 188.155.176.227:24496 173.194.35.49  :443   23
 650 UDP  192.168.1.33   :54361 188.155.176.227:18655 194.95.249.23  :36653 23
 708 UDP  192.168.1.35   :51413 188.155.176.227:29710 190.195.13.184 :56963 129
 721 UDP  192.168.1.35   :47947 188.155.176.227:19647 194.230.1.39   :53    112
 729 TCP  192.168.1.35   :56985 188.155.176.227:24098 75.126.76.138  :80    9
 753 UDP  192.168.1.33   :54157 188.155.176.227:24505 194.230.1.39   :53    118
 760 UDP  192.168.1.35   :37653 188.155.176.227:23401 194.230.1.39   :53    80
 783 UDP  192.168.1.33   :49839 188.155.176.227:24488 194.230.1.39   :53    172
 852 UDP  192.168.1.35   :42879 188.155.176.227:24533 194.230.1.39   :53    20
 901 UDP  192.168.1.33   :59453 188.155.176.227:24510 194.230.1.39   :53    96
 949 UDP  192.168.1.33   :46327 188.155.176.227:26029 194.95.249.23  :25903 22
 951 UDP  192.168.1.33   :49839 188.155.176.227:24488 194.230.1.103  :53    178
 956 UDP  192.168.1.35   :51413 188.155.176.227:29710 72.179.50.38   :59883 47
 966 UDP  192.168.1.35   :34999 188.155.176.227:24487 194.230.1.39   :53    180
 977 UDP  192.168.1.33   :51975 188.155.176.227:24503 194.230.1.39   :53    162
 982 UDP  192.168.1.35   :50574 188.155.176.227:14167 217.147.223.78 :123   159
1005 UDP  192.168.1.35   :51413 188.155.176.227:29710 89.113.24.25   :35691 105
1011 TCP  192.168.1.35   :50597 188.155.176.227:12340 199.59.148.139 :443   25
1049 UDP  192.168.1.35   :51413 188.155.176.227:29710 24.82.162.176  :45376 104
1075 UDP  192.168.1.33   :56266 188.155.176.227:24495 194.230.1.39   :53    167
1083 UDP  192.168.1.33   :65409 188.155.176.227:18797 94.245.121.251 :3544  0
1115 TCP  192.168.1.35   :60445 188.155.176.227:16242 95.100.255.178 :80    35
1129 UDP  192.168.1.35   :34977 188.155.176.227:24490 194.230.1.103  :53    175
1152 UDP  192.168.1.35   :51413 188.155.176.227:29710 190.101.73.37  :34433 104
1173 UDP  192.168.1.35   :51413 188.155.176.227:29710 90.30.222.207  :34762 147
1200 TCP  192.168.1.33   :49529 188.155.176.227:24285 178.236.5.51   :80    162
1209 TCP  192.168.1.35   :41657 188.155.176.227:22662 173.194.70.125 :5222  12
1214 UDP  192.168.1.35   :43288 188.155.176.227:24491 194.230.1.39   :53    180
1215 UDP  192.168.1.33   :49874 188.155.176.227:24513 194.230.1.39   :53    101
1234 UDP  192.168.1.33   :61444 188.155.176.227:15660 194.230.1.39   :53    101

================================Summary information=============================
Used:    60, Total:  8000

Vielen Dank für Eure Mühe!

 

Themen zu Ungewöhnlich viele Nat verbindungen
adblock, adobe, antivir, autorun, avast, avira, bho, bonjour, classpnp.sys, defender, email, exceeds the max. number of session per host, explorer, fehler, firefox, format, ftp, google, helper, hängen, langs, limited.com/facebook, log file, logfile, microsoft security, microsoft security essentials, nat table, nat verbindungen, plug-in, registry, security, software, static, synology, udp, updates, version=1.0, warum, webcheck, windows


« Windowssystem blockiert 50,- EURO | TR/Kexject.A.57 und HTML/Rce.Gen gefunden »


Ähnliche Themen: Ungewöhnlich viele Nat verbindungen


  1. Computer ungewöhnlich langsam
    Plagegeister aller Art und deren Bekämpfung - 17.10.2015 (9)
  2. Langsames Internet/hoher Ping seit kurzer Zeit (zu viele TCP Verbindungen?)
    Plagegeister aller Art und deren Bekämpfung - 09.09.2015 (5)
  3. Arbeitspeicherauslastung ungewöhnlich Hoch
    Plagegeister aller Art und deren Bekämpfung - 28.10.2014 (1)
  4. netstat - a zeigt viele Verbindungen
    Log-Analyse und Auswertung - 29.06.2014 (7)
  5. Viele Verbindungen = Langsames Internet?
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (5)
  6. Netstat zeigt sehr viele verbindungen an
    Plagegeister aller Art und deren Bekämpfung - 30.10.2013 (6)
  7. Internet stark verlangsamt. Ungewöhnlich viele Browser-Prozesse (dragon.exe*32)
    Log-Analyse und Auswertung - 17.09.2013 (23)
  8. service.exe stellt ständig sehr viele Verbindungen mit dem Internet her
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (1)
  9. Viele einkommende verbindungen
    Plagegeister aller Art und deren Bekämpfung - 16.10.2011 (1)
  10. Internetverbindung wird plötzich getrennt (zu viele verbindungen?)
    Log-Analyse und Auswertung - 31.01.2011 (1)
  11. Hatte eine smitfraud Variante auf einem Rechner und viele viele andere malware
    Log-Analyse und Auswertung - 06.01.2011 (0)
  12. Pc zu laut ungewöhnlich :S
    Netzwerk und Hardware - 19.10.2010 (15)
  13. svchost.exe, Browser und Messenger öffnen extrem viele Verbindungen
    Plagegeister aller Art und deren Bekämpfung - 28.06.2010 (1)
  14. Viele Verbindungen nach Win-Neuinstallation
    Plagegeister aller Art und deren Bekämpfung - 22.11.2009 (1)
  15. Laptop ungewöhnlich langsam!
    Log-Analyse und Auswertung - 28.08.2008 (1)
  16. PC ungewöhnlich langsam
    Log-Analyse und Auswertung - 11.08.2008 (2)
  17. Mögliche Infektion / Viele Verbindungen
    Plagegeister aller Art und deren Bekämpfung - 07.06.2008 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Ungewöhnlich viele Nat verbindungen - Hallo Der besagte Laptop macht baut ungewöhnlich viele Nat Verbindungen auf. Gemerkt habe ich das, als ich im Fehler log des Routers (Zyxel P-660HN-F1Z) nach einer gewissen Surfzeit die Meldung - Ungewöhnlich viele Nat verbindungen...
Archiv
Du betrachtest: Ungewöhnlich viele Nat verbindungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131