View Full Version : i have no clue
chickenfeathers
2011-09-10, 06:55
hi,
well first my problem. my internet is running slow : i have disconnect during games und my browser is slow aswell or wont finish loading pages.
the DDS wont work for some reason.
I reinstalled my computer 2 times i rang my provider and they say they had trouble finding me behind my modem.
pls give me stepwise instructions cause im not a speciialist :D
and thank you for taking note of my issue.
greets Chicken
P.S. i got the link here with some logs from my first Thread if thats any help
http://forums.spybot.info/showthread.php?t=63838
shelf life
2011-09-15, 00:10
hi,
Do you have updated AV and anti-malware on your machine? See if you can get Malwarebytes downloaded and installed unless you already have it:
Please download the free version of Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected.*
*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
chickenfeathers
2011-09-17, 12:44
hi,
i installed the malwarebytes and run the full scan.
here is the Log :
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 7622
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
17.09.2011 12:40:00
mbam-log-2011-09-17 (12-40-00).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 309411
Time elapsed: 13 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
shelf life
2011-09-17, 13:41
Well thats a good start. Post a traditional hjt log. You can get it here. (http://free.antivirus.com/hijackthis/#tab3) There is a quick start guide on the site. Post the log from it.
chickenfeathers
2011-09-17, 16:20
i hope i got it right :)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:08:02, on 17.09.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.33\deploy\LoLLauncher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Spybot S&D 2 Live Protection Service (SDHookService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
--
End of file - 4917 bytes
chickenfeathers
2011-09-17, 16:22
well i try to do the startuplog but the editor stays blank. do i have to generate it as admin ? well here is the other log i got out of it:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:08:02, on 17.09.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.33\deploy\LoLLauncher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Spybot S&D 2 Live Protection Service (SDHookService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
--
End of file - 4917 bytes
chickenfeathers
2011-09-17, 16:27
well i try to do the startuplog but the editor stays blank. do i have to generate it as admin ? well here is the other log i got out of it:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:08:02, on 17.09.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.33\deploy\LoLLauncher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Spybot S&D 2 Live Protection Service (SDHookService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
--
End of file - 4917 bytes
chickenfeathers
2011-09-17, 16:37
well here you can see how long im sitting here just simply to get the log file in to the forum :D . sorry for multisending sometimes i have to click several times for a page to open or finish loading.
my pc was running good for a week now. but since yesterday my powersuply part (netzteil in german) is making funny sound ( sounds like a minigenerator )
and everything is slow again.
shelf life
2011-09-17, 21:52
You got it right. I dont see any malware and the Malwarebytes log cant look any better.
chickenfeathers
2011-09-18, 15:18
thx for your help :)
well so my provider says the problem is on my side..dont you think my log from /netstat has anything to tell me ? so im malware free for sure ? nobody abusing my inet ?i dont have wireless im using simple cable since i dont want leechers.
shelf life
2011-09-18, 16:52
my provider says the problem is on my side.
Of course they do!
they had trouble finding me behind my modem.
do you have a firewall or router
im using simple cable since i dont want leechers.
keeping leechers off your wireless is possible
I dont see a AV installed. do you have one? If not this should be a priority. Spybot isnt a antivirus app. A full scan with AV will tell us alot more as far as malware goes. I can link to several free ones if you want.
my log from /netstat has anything to tell me
reboot your machine. let everything come up, then run your netstat cmd first without doing anything else. post the log.
You can also try running DDS in safe mode to get the log. To reach safe mode you would tap the f8 key during a computer restart, chose the first option from the list: safe mode, once at the desktop try running DDS
chickenfeathers
2011-09-20, 02:41
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Alle Rechte vorbehalten.
C:\Windows\system32>netstat
Aktive Verbindungen
Proto Lokale Adresse Remoteadresse Status
TCP 127.0.0.1:2869 www:49263 WARTEND
TCP 127.0.0.1:2869 www:49264 WARTEND
TCP 127.0.0.1:2869 www:49265 WARTEND
TCP 127.0.0.1:2869 www:49266 WARTEND
TCP 127.0.0.1:2869 www:49267 WARTEND
TCP 127.0.0.1:2869 www:49268 SCHLIESSEN_WARTEN
TCP 127.0.0.1:2869 www:49279 SCHLIESSEN_WARTEN
TCP 127.0.0.1:2869 www:49297 SCHLIESSEN_WARTEN
TCP 127.0.0.1:2869 www:49310 SCHLIESSEN_WARTEN
TCP 127.0.0.1:5357 www:49187 WARTEND
TCP 127.0.0.1:5357 www:49193 WARTEND
TCP 127.0.0.1:5357 www:49274 WARTEND
TCP 127.0.0.1:5357 www:49299 WARTEND
TCP 127.0.0.1:49169 www:21321 WARTEND
TCP 127.0.0.1:49172 www:49171 WARTEND
TCP 127.0.0.1:49174 www:49175 HERGESTELLT
TCP 127.0.0.1:49175 www:49174 HERGESTELLT
TCP 127.0.0.1:49176 www:49177 HERGESTELLT
TCP 127.0.0.1:49177 www:49176 HERGESTELLT
TCP 127.0.0.1:49179 www:49180 HERGESTELLT
TCP 127.0.0.1:49180 www:49179 HERGESTELLT
TCP 127.0.0.1:49181 www:49182 HERGESTELLT
TCP 127.0.0.1:49182 www:49181 HERGESTELLT
TCP 127.0.0.1:49184 www:49185 HERGESTELLT
TCP 127.0.0.1:49185 www:49184 HERGESTELLT
TCP 127.0.0.1:49188 www:21321 WARTEND
TCP 127.0.0.1:49189 www:21322 WARTEND
TCP 127.0.0.1:49190 www:21323 WARTEND
TCP 127.0.0.1:49191 www:21322 WARTEND
TCP 127.0.0.1:49258 www:21321 WARTEND
TCP 127.0.0.1:49259 www:21322 WARTEND
TCP 127.0.0.1:49260 www:21323 WARTEND
TCP 127.0.0.1:49261 www:21322 WARTEND
TCP 127.0.0.1:49268 www:icslap FIN_WARTEN_2
TCP 127.0.0.1:49270 www:21321 WARTEND
TCP 127.0.0.1:49271 www:21322 WARTEND
TCP 127.0.0.1:49272 www:21323 WARTEND
TCP 127.0.0.1:49273 www:21322 WARTEND
TCP 127.0.0.1:49279 www:icslap FIN_WARTEN_2
TCP 127.0.0.1:49293 www:21321 WARTEND
TCP 127.0.0.1:49294 www:21322 WARTEND
TCP 127.0.0.1:49295 www:21323 WARTEND
TCP 127.0.0.1:49296 www:21322 WARTEND
TCP 127.0.0.1:49297 www:icslap FIN_WARTEN_2
TCP 127.0.0.1:49310 www:icslap FIN_WARTEN_2
TCP 127.0.0.1:49313 www:21321 WARTEND
TCP 127.0.0.1:49314 www:21322 WARTEND
TCP 127.0.0.1:49315 www:21323 WARTEND
TCP 127.0.0.1:49316 www:21322 WARTEND
TCP 127.0.0.1:49362 www:21321 WARTEND
TCP 127.0.0.1:49363 www:21322 WARTEND
TCP 127.0.0.1:49364 www:21323 WARTEND
TCP 127.0.0.1:49365 www:21322 WARTEND
TCP 127.0.0.1:49368 www:21321 WARTEND
TCP 127.0.0.1:49369 www:21322 WARTEND
TCP 127.0.0.1:49370 www:21323 WARTEND
TCP 127.0.0.1:49371 www:21322 WARTEND
TCP 178.83.50.147:139 178-83-50-52:20388 WARTEND
TCP 178.83.50.147:49164 217.212.238.134:https HERGESTELLT
TCP 178.83.50.147:49165 a124-40:http WARTEND
TCP 178.83.50.147:49170 188.165.126.154:http WARTEND
TCP 178.83.50.147:49192 178-82-220-182:64580 HERGESTELLT
TCP 178.83.50.147:49194 a184-84-182-56:http HERGESTELLT
TCP 178.83.50.147:49200 a88-221-18-161:https HERGESTELLT
TCP 178.83.50.147:49202 95.101.223.139:https HERGESTELLT
TCP 178.83.50.147:49206 208.78.158.70:https ZULETZT_ACK
TCP 178.83.50.147:49214 213.146.189.201:https HERGESTELLT
TCP 178.83.50.147:49231 modemcable068:56751 SYN_GESENDET
TCP 178.83.50.147:49232 c-24-6-249-16:57601 ZULETZT_ACK
TCP 178.83.50.147:49233 20119198123:58003 WARTEND
TCP 178.83.50.147:49234 CPE0026f39a9038-CM0026f39a9035:57061 SYN_GESEND
ET
TCP 178.83.50.147:49235 h181:59119 SYN_GESENDET
TCP 178.83.50.147:49277 fra07s07-in-f95:https HERGESTELLT
TCP 178.83.50.147:49281 a88-221-17-195:https HERGESTELLT
TCP 178.83.50.147:49282 api-read-13-02-snc5:https HERGESTELLT
TCP 178.83.50.147:49283 178-84-141-62:5409 WARTEND
TCP 178.83.50.147:49284 217-162-206-131:1810 WARTEND
TCP 178.83.50.147:49298 fra07s07-in-f149:https HERGESTELLT
TCP 178.83.50.147:49300 fra07s07-in-f148:https HERGESTELLT
TCP 178.83.50.147:49302 194-17-45-189:http HERGESTELLT
TCP 178.83.50.147:49317 95.100.255.18:http HERGESTELLT
TCP 178.83.50.147:49321 a89-152-228-220:58130 SYN_GESENDET
TCP 178.83.50.147:49322 140:58766 SYN_GESENDET
TCP 178.83.50.147:49323 pD9E31A8D:58122 SYN_GESENDET
TCP [::1]:2869 Kylie:49197 WARTEND
TCP [::1]:2869 Kylie:49198 WARTEND
TCP [::1]:49155 Kylie:49157 HERGESTELLT
TCP [::1]:49157 Kylie:49155 HERGESTELLT
C:\Windows\system32>
i dont have AV pls link me any that you would recommend. i also only have the firewall on windows if thats any good. i dont have any wireless access, my computer is pluged into the modem (no router) wich doesnt support wireless.
shelf life
2011-09-20, 03:37
Thanks for the info. For now download one of these free AV. Install, update and do a full scan and see if any malware turns up.
Avast (http://www.avast.com/free-antivirus-download)
MS security Essentials (https://www.microsoft.com/en-us/security_essentials/default.aspx)
AVG (http://free.avg.com/us-en/homepage)
Panda Cloud (http://www.cloudantivirus.com/en/)
Also you can try to get a log from DDS by using it in safe mode. To get into safe mode you would tap the f8 key during a computer re-start. Chose the first option from the list: safe mode. Log into your normal account. Once at the safe mode desktop try running DDS. Save the logs to your desktop, reboot normally and post the DDS logs if everything went ok. If not, dont worry about it.
Instead of just netstat you can post a new log using: netstat -anb