Internet abends ab 20.00 Uhr sehr langsam, oder inaktiv. Router stark frequentiert

pe7e · 08.06.2010, 10:10

Hallo liebe Trojaner-Board Community,

ich habe folgendes Problem. Seit einigen Tagen habe ich abends (nicht jeden Abend aber ca. jeden zweiten) Probleme mit meinem Internet. Das Problem sieht wie folgt aus:

Ich habe Pingschwankungen von 22ms - 1800ms, manchmal geht die Verbindung zum Internet garnicht. Eine halbe Stunde später läuft es optimal, kurze Zeit später wieder überhaupt nicht.

Was habe ich getan um mein Problem selbst zu lösen?

Ich habe mit meinem Provider telefoniert. Ich bin Kunde bei Unitymedia und habe seit dem 01.06.2010 eine 16000 Leitung. Ich habe mehrfach mit der Kundenhotline telefoniert, die mir versichert hat, das die Leitung bis zu meinem Modem einwandfrei ist. Empfohlen wurde mir das Programm TCP Optimizer um meine Netzwerkkarte hochzustellen. Das hat nichts gebracht. Ich habe den Router, sowie das Moden mehrfach neu gestartet - dies hat mein Problem auch nicht gelöst.
Des Weiteren habe ich mich in mein Routerinterface eingeloggt und gesehen, dass abends viele Zugriffe auf meinen Router stattfinden. Dies sieht wie folgt aus:

Montag, 7. Juni 2010 22:49:17 Unrecognized attempt blocked from ***
Montag, 7. Juni 2010 22:49:21 Unrecognized attempt blocked from ***
Montag, 7. Juni 2010 22:49:28 Unrecognized attempt blocked from ***

Da stehen etliche drin. Ich weiß leider nicht genau was ich mit dieser Info anfangen soll, bzw was ich dagegen tun kann.

Über Google habe ich einige verweise auf dieses Board hier gefunden und mich daher hier angemeldet und entschlossen meine Logfile auswerten zu lassen.

Nicht unwichtig ist vielleicht, dass ich über DLAN ins Internet gehe, da mein Router etwas weiter von meinem Rechner steht. Ging nicht anders wg Unitymedia Kalbelanschluß. Ich habe einen Devolod LAN® 200 AVmini Starter Kit.

Infos zu meinem System:

Windows XP Professionel SP2 / Intel Core Duo CPU 6550 @2.33 GhZ /
3GB Ram, Nvidia GForce 8800 GT

CCleaner hab ich laufen lassen und wie beschrieben ausgeführt.

Maleware Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4177

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

08.06.2010 10:44:17
mbam-log-2010-06-08 (10-44-17).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 131700
Laufzeit: 4 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINXP\system32\cmdow.exe (Malware.Tool) -> Quarantined and deleted successfully.

pe7e · 08.06.2010, 10:16

RSIT:

info.txtRSIT Logfile:

Code:

ATTFilter

logfile of random's system information tool 1.06 2010-06-08 10:49:32

======Uninstall list======

-->C:\Programme\Creative\SBAudigy2ZS\Program\Ctzapxx.EXE /W /U /S /L:GER
-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{587BE58B-682F-4043-B197-2DF526196FEC}\Setup.EXE" -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x7 
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINXP\INF\PCHealth.inf
4Musics OGG to MP3 Converter 4.4-->"C:\Programme\4Musics OGG to MP3 Converter\unins000.exe"
AC3File 0.7b-->"C:\Programme\AC3File\unins000.exe"
AC3Filter 1.61b-->"C:\Programme\AC3Filter\unins000.exe"
Addictive Drums-->C:\WINXP\unvise32.exe C:\Programme\XLN Audio\Addictive Drums\uninstal.log
Adobe Acrobat 7.0 Professional - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000002}
Adobe Flash Player 10 ActiveX-->C:\WINXP\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINXP\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Photoshop 7.0-->C:\WINXP\ISUN0407.EXE -f"C:\Programme\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Programme\Adobe\Photoshop 7.0\Uninst.dll"
AIMP2-->C:\Programme\AIMP2\Uninstall.exe
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{B5C3B892-0849-476C-9F46-B12F84819D57}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Programme\ASIO4ALL v2\uninstall.exe
Atheros Communications Inc.(R) L2 Fast Ethernet Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0A755762-EED8-47AB-A446-505766F93D43}\setup.exe" -l0x9  -removeonly
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AviSynth 2.5-->"C:\Programme\AviSynth 2.5\Uninstall.exe"
AVS Media Player 3.1-->"C:\Programme\AVS4YOU\AVSMediaPlayer\unins000.exe"
AVS Update Manager 1.0-->"C:\Programme\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Programme\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
BEHRINGER USB MIDI DRIVER-->C:\WINXP\usb-audio.deBehringerMIDI\Setup.exe /l0
Bonjour-->MsiExec.exe /X{76BC2442-0002-47FA-9617-43BAD82BEF4C}
Canon MP Navigator EX 2.0-->"C:\Programme\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Programme\Canon\MP Navigator EX 2.0\uninst.ini
Canon MP540 series Benutzerregistrierung-->C:\Programme\Canon\IJEREG\MP540 series\UNINST.EXE
Canon MP540 series MP Drivers-->"C:\WINXP\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series /L0x0007
Canon Utilities Easy-PhotoPrint EX-->C:\Programme\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities My Printer-->C:\Programme\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Programme\Canon\SolutionMenu\uninst.exe uninst.ini
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
CDex extraction audio-->"C:\Programme\CDex_170b2\uninstall.exe"
Collab-->C:\Programme\Image-Line\Collab\uninstall.exe
COMODO Internet Security-->C:\Programme\COMODO\COMODO Internet Security\cfpconfg.exe -u
Counter-Strike: Source-->"C:\Programme\Valve\Steam\steam.exe" steam://uninstall/240
Creative-Systeminformationen-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x7  /remove
CSE Demoplayer-->MsiExec.exe /I{516D04BB-4A01-4FC2-B595-442A5E3BEF27}
CSStrat-->"C:\Programme\CSStrat\uninstaller.exe"
Day of Defeat: Source-->"C:\Programme\Valve\Steam\steam.exe" steam://uninstall/300
discoDSP Discovery VSTi v2.9-->"C:\Programme\discoDSP\Uninstall\unins000.exe"
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVDx 2-->"C:\Programme\DVDx\unins000.exe"
East West Symphonic Choirs-->C:\PROGRA~1\EASTWE~1\SYMPHO~1\UNWISE.EXE C:\PROGRA~1\EASTWE~1\SYMPHO~1\INSTALL.LOG
ESL Wire 1.3-->"C:\Programme\EslWire\unins000.exe"
EZdrummer Lite Installer-->MsiExec.exe /I{E80B34EE-F3E5-4F60-AE89-FF0D717554A2}
FL Studio 8-->C:\Programme\Image-Line\FL Studio 8\uninstall.exe
Funktionspräsentation-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{587BE58B-682F-4043-B197-2DF526196FEC}\Setup.EXE" -l0x7  /remove
Genesis Vst-->C:\Programme\genesis\VSTplugins\Uninstal.exe
Half-Life(R) 2-->MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Hardcore-->C:\Programme\Image-Line\Hardcore\uninstall.exe
Heroes of Might and Magic V Collector Edition-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{DDB68A90-340C-42B9-B42B-D2CBED1B91DC}\setup.exe" -l0x7 
HijackThis 2.0.2-->"C:\Dokumente und Einstellungen\***\Desktop\HijackThis.exe" /uninstall
HLSW v1.3.1-->"C:\Programme\HLSW\unins000.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINXP\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB921411)-->"C:\WINXP\$NtUninstallKB921411$\spuninst\spuninst.exe"
ICQ6.5-->"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
IL Download Manager-->C:\Programme\Image-Line\Downloader\uninstall.exe
Inkjet Printer/Scanner Extended Survey Program-->C:\Programme\Canon\IJPLM\SETUP.EXE -R
iTunes-->MsiExec.exe /I{996A2FAA-7514-4628-9D12-A8FC34A0016E}
IZArc 3.81-->"C:\Programme\IZArc\unins000.exe"
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
JDownloader-->C:\Programme\JDownloader\uninstall.exe
KhalInstallWrapper-->MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
Korg Kontrol Editor-->MsiExec.exe /I{AAE4B36C-7A25-4513-975B-ACE7437572A0}
KORG USB-MIDI Driver Tools for Windows-->MsiExec.exe /I{3A7DDC0A-B576-47E4-B061-2DD5D91E432F}
Legend of Kyrandia Trilogie-->"C:\Programme\DOS Games\Legend of Kyrandia Trilogie\unins000.exe"
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x7 UNINSTALL
Logitech MouseWare 9.80 -->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x7 -l0007 UNINSTALL
Logitech Registration-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint-->C:\Programme\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0007 -removeonly
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
McGill English Dictionary of Rhyme & Verse Perfect 2.0-->"C:\Programme\VersePerfect\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINXP\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINXP\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MIDI-OX-->MsiExec.exe /I{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}
MIKSOFT Mobile AMR converter-->"C:\Programme\MIKSOFT\Mobile AMR converter\unins000.exe"
mIRC-->"C:\Programme\mIRC\mirc.exe" -uninstall
Morphine-->C:\Programme\Image-Line\Morphine\uninstall.exe
Mozilla Firefox (3.6.3)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Mumble and Murmur-->C:\Programme\Mumble\Uninstall.exe
Native Instruments Kore Player-->C:\PROGRA~1\NATIVE~1\KOREPL~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\KOREPL~1\INSTALL.LOG
Native Instruments Service Center-->C:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG
Nero 6 Enterprise Edition-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINXP\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143}
Oxelon Media Converter 1.1-->"C:\Programme\OxelonMedia\unins000.exe"
PoiZone-->C:\Programme\Image-Line\PoiZone\uninstall.exe
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Rag Doll Kung Fu-->"C:\Programme\Valve\Steam\steam.exe" steam://uninstall/1002
Real Alternative 1.7.5-->"C:\Programme\Real Alternative\unins000.exe"
REAPER-->"C:\Programme\REAPER\Uninstall.exe"
Rob Papen Albino 3-->C:\Programme\VSTplugins\UninstalAlbino3.exe
Safari-->MsiExec.exe /X{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINXP\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923789)-->C:\WINXP\system32\MacroMed\Flash\genuinst.exe C:\WINXP\system32\MacroMed\Flash\KB923789.inf
Software Menü-->MsiExec.exe /I{B060295C-E378-484C-91BE-DB5C41383FE9}
Sony Noise Reduction Plug-In 2.0e-->MsiExec.exe /X{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}
Sony Sound Forge 9.0-->MsiExec.exe /X{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}
Sound Blaster Audigy 2 ZS-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\SETUP.EXE" -l0x7 
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 3 Client-->"C:\Programme\TeamSpeak 3 Client\uninstall.exe"
Toontrack solo-->MsiExec.exe /I{5866520C-8857-4986-833A-039F4584C3F7}
Total Commander 6.53-->MsiExec.exe /X{CB71F9B7-E8BB-4275-9F45-7F6B4BB980FA}
Toxic Biohazard-->C:\Programme\Image-Line\Toxic Biohazard\uninstall.exe
ToxicIII v1.2 Orion Edition Unlocked VSTi-->C:\PROGRA~1\VSTPLU~1\TOXIC3~1\UNWISE.EXE C:\PROGRA~1\VSTPLU~1\TOXIC3~1\INSTALL.LOG
T-RackS 3 Deluxe-->C:\Programme\InstallShield Installation Information\{423C4130-EBC3-410A-B3A0-37BBF9D607D5}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6d-->C:\Programme\VideoLAN\VLC\uninstall.exe
Viewer2-->"C:\Programme\Viewer2\uninstall.exe"
WinRAR-->C:\Programme\winrar\uninstall.exe
WordBuilder-->MsiExec.exe /I{E201E642-C8C2-46D2-9286-29C3BFAE3679}
Z Engine-->MsiExec.exe /X{2AE2EFF4-A14B-42AB-B364-F04DB651180F}

======Security center information======

AV: Avira AntiVir PersonalEdition
FW: COMODO Firewall

======System event log======

Computer Name: OGC-DFC6E2A2251
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "NLA (Network Location Awareness)" gesendet.

Record Number: 17695
Source Name: Service Control Manager
Time Written: 20100417160658.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: OGC-DFC6E2A2251
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "SSDP-Suchdienst" gesendet.

Record Number: 17694
Source Name: Service Control Manager
Time Written: 20100417160658.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: OGC-DFC6E2A2251
Event Code: 7036
Message: Dienst "IMAPI-CD-Brenn-COM-Dienste" befindet sich jetzt im Status "Ausgeführt".

Record Number: 17693
Source Name: Service Control Manager
Time Written: 20100417160658.000000+120
Event Type: Informationen
User: 

Computer Name: OGC-DFC6E2A2251
Event Code: 7035
Message: Der Steuerbefehl "starten" wurde erfolgreich an den Dienst "IMAPI-CD-Brenn-COM-Dienste" gesendet.

Record Number: 17692
Source Name: Service Control Manager
Time Written: 20100417160658.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: OGC-DFC6E2A2251
Event Code: 7036
Message: Dienst "Kompatibilität für schnelle Benutzerumschaltung" befindet sich jetzt im Status "Ausgeführt".

Record Number: 17691
Source Name: Service Control Manager
Time Written: 20100417160658.000000+120
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: OGC-DFC6E2A2251
Event Code: 1
Message: The service is started.

Record Number: 1039
Source Name: IJPLMSVC
Time Written: 20090619090748.000000+120
Event Type: Informationen
User: 

Computer Name: OGC-DFC6E2A2251
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!

Record Number: 1038
Source Name: Avira AntiVir
Time Written: 20090618214442.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: OGC-DFC6E2A2251
Event Code: 1
Message: 
Record Number: 1037
Source Name: Bonjour Service
Time Written: 20090618214437.000000+120
Event Type: Informationen
User: 

Computer Name: OGC-DFC6E2A2251
Event Code: 1
Message: The service is started.

Record Number: 1036
Source Name: IJPLMSVC
Time Written: 20090618214437.000000+120
Event Type: Informationen
User: 

Computer Name: OGC-DFC6E2A2251
Event Code: 1002
Message: Die Shell wurde unerwartet beendet und Explorer.exe wurde neu gestartet.

Record Number: 1035
Source Name: Winlogon
Time Written: 20090618113127.000000+120
Event Type: Informationen
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\Gemeinsame Dateien\DivX Shared\;C:\Programme\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

--- --- ---

RSIT Logfile:

Code:

ATTFilter

Logfile of random's system information tool 1.07 (written by random/random)
Run by *** at 2010-06-08 10:49:06
Microsoft Windows XP Professional Service Pack 2
System drive C: has 143 GB (60%) free of 238 GB
Total RAM: 3071 MB (80% free)

Logfile of Trend Micro HijackTh*is v2.0.4
Scan saved at 10:49:30, on 08.06.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\RUNDLL32.EXE
C:\WINXP\system32\CTHELPER.EXE
C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Ideazon\ZEngine\Zboard.exe
C:\WINXP\Logi_MwX.Exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\COMODO\COMODO Internet Security\cfp.exe
C:\Programme\QuickTime\QTTask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINXP\system32\ctfmon.exe
C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINXP\system32\nvsvc32.exe
C:\WINXP\system32\PnkBstrA.exe
C:\WINXP\system32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\***\Desktop\RSIT.exe
C:\Programme\trend micro\***.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) -  - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINXP\UpdReg.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zboard] C:\Programme\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programme\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O20 - AppInit_DLLs:   C:\WINXP\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINXP\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINXP\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programme\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINXP\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINXP\System32\TuneUpDefragService.exe

--
End of file - 9576 bytes

======Scheduled tasks folder======

C:\WINXP\tasks\1-Klick-Wartung.job
C:\WINXP\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINXP\system32\NvCpl.dll [2009-01-15 13680640]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINXP\system32\NvMcTray.dll [2009-01-15 86016]
"CTHelper"=C:\WINXP\system32\CTHELPER.EXE [2003-06-20 24576]
"AsioReg"=REGSVR32.EXE /S CTASIO.DLL []
"SBDrvDet"=C:\Programme\Creative\SB Drive Det\SBDrvDet.exe [2002-12-03 45056]
"UpdReg"=C:\WINXP\UpdReg.EXE [2000-05-10 90112]
"Acrobat Assistant 7.0"=C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"KernelFaultCheck"=C:\WINXP\system32\dumprep 0 -k []
"avgnt"=C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"Zboard"=C:\Programme\Ideazon\ZEngine\Zboard.exe [2008-11-12 57344]
"Logitech Utility"=C:\WINXP\Logi_MwX.Exe [2003-12-11 20992]
"Kernel and Hardware Abstraction Layer"=C:\WINXP\KHALMNPR.EXE [2007-04-11 56080]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"COMODO Internet Security"=C:\Programme\COMODO\COMODO Internet Security\cfp.exe [2009-12-28 1800464]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2010-03-26 142120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINXP\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Programme\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Programme\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESL Wire]
C:\Programme\EslWire\wire.exe [2010-02-16 7068672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Programme\iTunes\iTunesHelper.exe [2010-03-26 142120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINXP\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
C:\Dokumente und Einstellungen\pe7e\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe -inv:bootrun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programme\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMRUBottedTray]
C:\Programme\Trend Micro\RUBotted\TMRUBottedTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Programme\Winamp\winampa.exe []

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
Adobe Acrobat - Schnellstart.lnk - C:\WINXP\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe
Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
Logitech Desktop Messenger.lnk - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="  C:\WINXP\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINXP\system32\WgaLogon.dll [2007-10-16 3584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINXP\system32\wpdshserviceobj.dll [2007-10-09 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine"
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe"="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Programme\Combat Arms EU\CombatArms.exe"="C:\Programme\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Programme\Combat Arms EU\Engine.exe"="C:\Programme\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Programme\Valve\Steam\SteamApps\pet00r\counter-strike source\hl2.exe"="C:\Programme\Valve\Steam\SteamApps\pet00r\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Programme\HLSW\hlsw.exe"="C:\Programme\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Programme\Combat Arms EU\NMService.exe"="C:\Programme\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\WINXP\system32\PnkBstrA.exe"="C:\WINXP\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINXP\system32\PnkBstrB.exe"="C:\WINXP\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Programme\EslWire\wire.exe"="C:\Programme\EslWire\wire.exe:*:Enabled:ESL Wire Client"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour""
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\Valve\Steam\SteamApps\pet00r\day of defeat source\hl2.exe"="C:\Programme\Valve\Steam\SteamApps\pet00r\day of defeat source\hl2.exe:*:Enabled:Day of Defeat: Source"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Combat Arms EU\CombatArms.exe"="C:\Programme\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Programme\Combat Arms EU\Engine.exe"="C:\Programme\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8013543c-0a83-11de-a0ce-00e04c581482}]
shell\AutoRun\command - F:\StartPortableApps.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9e909da-207a-11de-a104-00e04c581482}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-06-08 10:49:18 ----D---- C:\Programme\trend micro
2010-06-08 10:49:06 ----D---- C:\rsit
2010-06-08 10:37:30 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
2010-06-08 10:37:19 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-06-08 10:37:19 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-06-08 10:29:26 ----D---- C:\Programme\CCleaner

======List of files/folders modified in the last 1 months======

2010-06-08 10:49:18 ----RD---- C:\Programme
2010-06-08 10:49:07 ----D---- C:\WINXP\system32\CatRoot2
2010-06-08 10:47:11 ----D---- C:\WINXP\Temp
2010-06-08 10:47:07 ----D---- C:\WINXP
2010-06-08 10:46:28 ----D---- C:\WINXP\system32\drivers
2010-06-08 10:46:02 ----A---- C:\WINXP\SchedLgU.Txt
2010-06-08 10:44:27 ----D---- C:\WINXP\PeerNet
2010-06-08 10:44:15 ----D---- C:\WINXP\system32
2010-06-08 10:33:12 ----D---- C:\WINXP\Debug
2010-06-08 10:33:07 ----D---- C:\WINXP\Prefetch
2010-06-07 22:01:23 ----D---- C:\Dokumente und Einstellungen\pe7e\Anwendungsdaten\HLSW
2010-06-07 21:31:39 ----D---- C:\Programme\mIRC
2010-06-07 21:30:46 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mumble
2010-06-07 17:13:40 ----A---- C:\WINXP\NeroDigital.ini
2010-06-07 15:35:48 ----D---- C:\Programme\JDownloader
2010-06-06 20:22:49 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AIMP
2010-06-02 23:04:12 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Viewer2
2010-05-28 16:38:46 ----A---- C:\WINXP\system32\msvcsv60.dll
2010-05-26 14:40:20 ----A---- C:\WINXP\WINCMD.INI
2010-05-26 14:38:01 ----A---- C:\WINXP\wcx_ftp.ini
2010-05-21 22:25:33 ----A---- C:\WINXP\system32\PerfStringBackup.INI
2010-05-14 09:58:46 ----D---- C:\Programme\AIMP2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINXP\system32\DRIVERS\avipbb.sys [2009-05-27 75096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINXP\System32\DRIVERS\cmdguard.sys [2009-12-28 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINXP\System32\DRIVERS\cmdhlp.sys [2009-12-28 25160]
R1 intelppm;Intel-Prozessortreiber; C:\WINXP\system32\DRIVERS\intelppm.sys [2004-08-03 40192]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINXP\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 ssmdrv;ssmdrv; C:\WINXP\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R3 Alpham1;Ideazon ZBoard USB Human Interface Device; C:\WINXP\system32\DRIVERS\Alpham1.sys [2007-07-23 42624]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device; C:\WINXP\system32\DRIVERS\Alpham2.sys [2007-03-20 18432]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINXP\system32\DRIVERS\arp1394.sys [2007-10-09 60800]
R3 avgntflt;avgntflt; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ctac32k;Creative AC3 Software Decoder; C:\WINXP\system32\drivers\ctac32k.sys [2003-07-10 651792]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINXP\system32\drivers\ctaud2k.sys [2003-06-20 509328]
R3 ctprxy2k;Creative Proxy Driver; C:\WINXP\system32\drivers\ctprxy2k.sys [2003-06-20 6144]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINXP\system32\drivers\ctsfm2k.sys [2003-06-20 136016]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINXP\system32\drivers\emupia2k.sys [2003-07-10 145232]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit; C:\WINXP\system32\DRIVERS\ESLvnic.sys [2009-12-03 24504]
R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM); C:\WINXP\system32\DRIVERS\vacs2xkd.sys [2007-11-01 42880]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINXP\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINXP\system32\drivers\ha10kx2k.sys [2003-06-27 860592]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINXP\system32\drivers\hap16v2k.sys [2003-06-27 159040]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINXP\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINXP\system32\DRIVERS\L8042Kbd.sys [2007-04-11 20496]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINXP\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINXP\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
R3 mouhid;Maus-HID-Treiber; C:\WINXP\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINXP\system32\DRIVERS\nic1394.sys [2007-10-09 61824]
R3 nv;nv; C:\WINXP\system32\DRIVERS\nv4_mini.sys [2009-01-15 6301248]
R3 OmniUsb;Ideazon Usb Keyboard Driver; C:\WINXP\system32\DRIVERS\OmniUsb.sys [2004-04-03 28640]
R3 OmniUsbl;Ideazon Usbl Keyboard Driver; C:\WINXP\system32\DRIVERS\OmniUsbl.sys [2004-04-03 8160]
R3 ossrv;Creative OS Services Driver; C:\WINXP\system32\drivers\ctoss2k.sys [2003-06-20 190208]
R3 rtl8139;NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter; C:\WINXP\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINXP\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINXP\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINXP\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB-Massenspeichertreiber; C:\WINXP\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINXP\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 Wdf01000;Wdf01000; C:\WINXP\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 61883;61883-Einheitsgerät; C:\WINXP\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINXP\System32\DRIVERS\ASPI32.sys []
S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINXP\system32\DRIVERS\l251x86.sys [2007-06-21 29696]
S3 Avc;AVC-Gerät; C:\WINXP\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 ayb5solp;ayb5solp; C:\WINXP\system32\drivers\ayb5solp.sys []
S3 BCR2000;B-Control Rotary/Fader 2000 (12/23/2004,1.1.1.1); C:\WINXP\system32\drivers\bcr2000.sys [2004-12-23 20992]
S3 BEHRINGER_PT_MIDI;Behringer MIDI driver service (pt); C:\WINXP\system32\drivers\bhrngr_m.sys [2009-12-15 35904]
S3 CCDECODE;Untertiteldecoder; C:\WINXP\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINXP\system32\drivers\ctdvda2k.sys [2003-03-27 287920]
S3 EagleNT;EagleNT; \??\C:\WINXP\system32\drivers\EagleNT.sys []
S3 KORGUMDS;KORG USB-MIDI Driver for Windows; C:\WINXP\System32\Drivers\KORGUMDS.SYS [2010-01-08 22232]
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINXP\system32\DRIVERS\LHidFlt2.Sys [2003-12-11 25630]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINXP\System32\Drivers\LHidUsb.Sys [2003-12-11 37916]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINXP\system32\DRIVERS\LMouFlt2.Sys [2003-12-11 70894]
S3 MA_CMIDI;M-Audio USB Driver; C:\WINXP\system32\drivers\ma_cmidi.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINXP\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINXP\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINXP\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINXP\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 OmniDrv;Ideazon Keyboard Driver; C:\WINXP\system32\DRIVERS\OmniDrv.sys [2004-01-05 30976]
S3 SLIP;BDA Slip De-Framer; C:\WINXP\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA-IPSink; C:\WINXP\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 TMPassthruMP;TMPassthruMP; C:\WINXP\system32\DRIVERS\TMPassthru.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINXP\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINXP\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINXP\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB-Scannertreiber; C:\WINXP\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINXP\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINXP\system32\DRIVERS\WudfPf.sys [2007-10-09 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINXP\system32\DRIVERS\wudfrd.sys [2007-10-09 82944]
S4 IntelIde;IntelIde; C:\WINXP\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINXP\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Planer; C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
R2 Bonjou*r Service;Dienst "Bonjour**"; C:\Programme\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe [2010-01-10 723632]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Programme\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINXP\system32\nvsvc32.exe [2009-01-15 163908]
R2 PnkBstrA;PnkBstrA; C:\WINXP\system32\PnkBstrA.exe [2009-09-05 66872]
R2 UxTuneUp;TuneUp Designerweiterung; C:\WINXP\System32\svchost.exe [2004-08-03 14336]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2010-03-26 545576]
S3 Adobe LM Service;Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-02-08 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag-Dienst; C:\WINXP\System32\TuneUpDefragService.exe [2009-02-09 306432]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINXP\system32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------

--- --- ---

Internet abends ab 20.00 Uhr sehr langsam, oder inaktiv. Router stark frequentiert

Log-Analyse und Auswertung: Internet abends ab 20.00 Uhr sehr langsam, oder inaktiv. Router stark frequentiert

Internet abends ab 20.00 Uhr sehr langsam, oder inaktiv. Router stark frequentiert

Internet abends ab 20.00 Uhr sehr langsam, oder inaktiv. Router stark frequentiert

Ähnliche Themen: Internet abends ab 20.00 Uhr sehr langsam, oder inaktiv. Router stark frequentiert