Help please "HiJackThis + Netstat -ab"-Log

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. Alle Rechte vorbehalten.

C:\Windows\system32>netstat -ab

Aktive Verbindungen

  Proto  Lokale Adresse         Remoteadresse          Status
  TCP    0.0.0.0:135            ************:0         ABHÖREN
  RpcSs
 [svchost.exe]
  TCP    0.0.0.0:445            ************:0         ABHÖREN

 Es konnten keine Besitzerinformationen ermittelt werden.

x: Fehler bei der Windows Sockets-Initialisierung: 5
  TCP    0.0.0.0:990            ************:0         ABHÖREN
  WcesComm
 [svchost.exe]
  TCP    0.0.0.0:49152          ************:0         ABHÖREN
 [wininit.exe]
  TCP    0.0.0.0:49153          ************:0         ABHÖREN
  Eventlog
 [svchost.exe]
  TCP    0.0.0.0:49154          ************:0         ABHÖREN
  Schedule
 [svchost.exe]
  TCP    0.0.0.0:49155          ************:0         ABHÖREN
 [lsass.exe]
  TCP    0.0.0.0:49166          ************:0         ABHÖREN
  PolicyAgent
 [svchost.exe]
  TCP    0.0.0.0:49167          ************:0         ABHÖREN
 [services.exe]
  TCP    1.2.96.108:49481       fx-in-f104:http        WARTEND
  TCP    1.2.96.108:49482       fx-in-f104:http        WARTEND
  TCP    1.2.96.108:49483       fx-in-f104:http        WARTEND
  TCP    1.2.96.108:49484       fx-in-f104:http        WARTEND
  TCP    1.2.96.108:49486       fx-in-f139:http        WARTEND
  TCP    1.2.96.108:49498       mu-in-f138:http        FIN_WARTEN_1
 [System]
  TCP    1.2.96.108:49499       mu-in-f138:http        FIN_WARTEN_1
 [System]
  TCP    1.2.96.108:49500       www:http               FIN_WARTEN_1
 [System]
  TCP    1.2.96.108:49508       mu-in-f138:http        FIN_WARTEN_1
 [System]
  TCP    1.2.96.108:49528       mu-in-f138:http        FIN_WARTEN_1
 [System]
  TCP    1.2.96.108:49529       mu-in-f138:http        FIN_WARTEN_1
 [System]
  TCP    1.2.96.108:49530       mu-in-f138:http        FIN_WARTEN_1
 [System]
  TCP    1.2.96.108:49556       fx-in-f165:http        WARTEND
  TCP    1.2.96.108:49559       fx-in-f154:http        WARTEND
  TCP    1.2.96.108:49560       fx-in-f154:http        WARTEND
  TCP    1.2.96.108:49561       fx-in-f154:http        WARTEND
  TCP    1.2.96.108:49582       fx-in-f138:http        FIN_WARTEN_1
 [System]
  TCP    127.0.0.1:5354         ************:0         ABHÖREN
 [mDNSResponder.exe]
  TCP    127.0.0.1:5679         ************:0         ABHÖREN
  WcesComm
 [svchost.exe]
  TCP    127.0.0.1:7438         ************:0         ABHÖREN
  WcesComm
 [svchost.exe]
  TCP    127.0.0.1:27015        ************:0         ABHÖREN
 [AppleMobileDeviceService.exe]
  TCP    127.0.0.1:49477        ************:49476     WARTEND
  TCP    169.254.10.244:139     ************:0         ABHÖREN

 Es konnten keine Besitzerinformationen ermittelt werden.

x: Fehler bei der Windows Sockets-Initialisierung: 5
  TCP    ***.***.***.***:139       ************:0         ABHÖREN

 Es konnten keine Besitzerinformationen ermittelt werden.

x: Fehler bei der Windows Sockets-Initialisierung: 5
  TCP    [::]:135               ************:0         ABHÖREN //[::] ???
  RpcSs
 [svchost.exe]
  TCP    [::]:445               ************:0         ABHÖREN

 Es konnten keine Besitzerinformationen ermittelt werden.

x: Fehler bei der Windows Sockets-Initialisierung: 5
  TCP    [::]:990               ************:0         ABHÖREN
  WcesComm
 [svchost.exe]
  TCP    [::]:49152             ************:0         ABHÖREN
 [wininit.exe]
  TCP    [::]:49153             ************:0         ABHÖREN
  Eventlog
 [svchost.exe]
  TCP    [::]:49154             ************:0         ABHÖREN
  Schedule
 [svchost.exe]
  TCP    [::]:49155             ************:0         ABHÖREN
 [lsass.exe]
  TCP    [::]:49166             ************:0         ABHÖREN
  PolicyAgent
 [svchost.exe]
  TCP    [::]:49167             ************:0         ABHÖREN
 [services.exe]
  TCP    [::1]:5679             ************:0         ABHÖREN
  WcesComm
 [svchost.exe]
  UDP    0.0.0.0:123            *:*
  W32Time
 [svchost.exe]
  UDP    0.0.0.0:427            *:*
  HPSLPSVC
 [svchost.exe]
  UDP    0.0.0.0:500            *:*
  IKEEXT
 [svchost.exe]
  UDP    0.0.0.0:4500           *:*
  IKEEXT
 [svchost.exe]
  UDP    0.0.0.0:5355           *:*
  Dnscache
 [svchost.exe]
  UDP    0.0.0.0:50617          *:*
 [spoolsv.exe]
  UDP    0.0.0.0:59035          *:*
  Dnscache
 [svchost.exe]
  UDP    0.0.0.0:60477          *:*
 [mDNSResponder.exe]
  UDP    127.0.0.1:1900         *:*
  SSDPSRV
 [svchost.exe]
  UDP    127.0.0.1:54216        *:*
  SSDPSRV
 [svchost.exe]
  UDP    127.0.0.1:65287        *:*
 [ehRecvr.exe]
  UDP    169.254.10.244:137     *:*

 Es konnten keine Besitzerinformationen ermittelt werden.

x: Fehler bei der Windows Sockets-Initialisierung: 5
  UDP    169.254.10.244:138     *:*

 Es konnten keine Besitzerinformationen ermittelt werden.

x: Fehler bei der Windows Sockets-Initialisierung: 5
  UDP    169.254.10.244:427     *:*
  HPSLPSVC
 [svchost.exe]
  UDP    169.254.10.244:1900    *:*
  SSDPSRV
 [svchost.exe]
  UDP    169.254.10.244:5353    *:*
 [mDNSResponder.exe]
  UDP    169.254.10.244:54215   *:*
  SSDPSRV
 [svchost.exe]
  UDP    ***.***.***.***:137       *:*

 Es konnten keine Besitzerinformationen ermittelt werden.

x: Fehler bei der Windows Sockets-Initialisierung: 5
  UDP    ***.***.***.***:138       *:*

 Es konnten keine Besitzerinformationen ermittelt werden.

x: Fehler bei der Windows Sockets-Initialisierung: 5
  UDP    ***.***.***.***:427       *:*
  HPSLPSVC
 [svchost.exe]
  UDP    ***.***.***.***:1900      *:*
  SSDPSRV
 [svchost.exe]
  UDP    ***.***.***.***:5353      *:*
 [mDNSResponder.exe]
  UDP    ***.***.***.***:54214     *:*
  SSDPSRV
 [svchost.exe]
  UDP    [::]:123               *:*
  W32Time
 [svchost.exe]
  UDP    [::]:500               *:*
  IKEEXT
 [svchost.exe]
  UDP    [::]:5355              *:*
  Dnscache
 [svchost.exe]
  UDP    [::]:60478             *:*
 [mDNSResponder.exe]
  UDP    [::]:63818             *:* 
  Dnscache
 [svchost.exe]
  UDP    [::1]:1900             *:*
  SSDPSRV
 [svchost.exe]
  UDP    [::1]:54212            *:*
  SSDPSRV
 [svchost.exe]
  UDP    [fe80::100:7f:fffe%9]:1900  *:*  //Was meint das? IPv6? Wie kann man da einen IP Lookup machen? Ist das normal?
  SSDPSRV
 [svchost.exe]
  UDP    [fe80::100:7f:fffe%9]:54213  *:*
  SSDPSRV
 [svchost.exe]
  UDP    [fe80::8ce8:151d:9958:31c4%8]:1900  *:*
  SSDPSRV
 [svchost.exe]
  UDP    [fe80::8ce8:151d:9958:31c4%8]:54210  *:*
  SSDPSRV
 [svchost.exe]
  UDP    [fe80::b181:1718:cbaa:af4%19]:1900  *:*
  SSDPSRV
 [svchost.exe]
  UDP    [fe80::b181:1718:cbaa:af4%19]:5353  *:*
 [mDNSResponder.exe]
  UDP    [fe80::b181:1718:cbaa:af4%19]:54211  *:*
  SSDPSRV
 [svchost.exe]

C:\Windows\system32>
         

OrgName:    Asia Pacific Network Information Centre 
OrgID:      APNIC
Address:    PO Box 2131
City:       Milton
StateProv:  QLD
PostalCode: 4064
Country:    AU
 
ReferralServer: whois://whois.apnic.net
 
NetRange:   1.0.0.0 - 1.255.255.255 
CIDR:       1.0.0.0/8 
NetName:    APNIC-1
NetHandle:  NET-1-0-0-0-1
Parent:     
NetType:    Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: NS2.LACNIC.NET
NameServer: NS-SEC.RIPE.NET
Comment:    This IP address range is not registered in the ARIN database.
Comment:    For details, refer to the APNIC Whois Database via
Comment:    WHOIS.APNIC.NET or hxxp://wq.apnic.net/apnic-bin/whois.pl
Comment:    ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment:    for the Asia Pacific region. APNIC does not operate networks
Comment:    using this IP address range and is not able to investigate
Comment:    spam or abuse reports relating to these addresses. For more
Comment:    help, refer to hxxp://www.apnic.net/apnic-info/whois_search2/abuse-and-spamming
RegDate:    
Updated:    2010-01-27
 
OrgTechHandle: AWC12-ARIN
OrgTechName:   APNIC Whois Contact 
OrgTechPhone:  +61 7 3858 3188
OrgTechEmail:  search-apnic-not-arin@apnic.net
 
# ARIN WHOIS database, last updated 2010-07-14 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html
#
# Attention! Changes are coming to ARIN's Whois service on June 26.
# See https://www.arin.net/features/whois for details on the improvements.
 
 
 
Deferred to specific whois server: whois.ripe.net...
 
 
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See hxxp://www.ripe.net/db/support/db-terms-conditions.pdf
 
% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag.
 
% Information related to '0.0.0.0 - 255.255.255.255'
 
inetnum:      0.0.0.0 - 255.255.255.255
netname:      IANA-BLK
descr:        The whole IPv4 address space
country:      EU # Country is really world wide
org:          ORG-IANA1-RIPE
admin-c:      IANA1-RIPE
tech-c:       IANA1-RIPE
status:       ALLOCATED UNSPECIFIED
remarks:      The country is really worldwide.
remarks:      This address space is assigned at various other places in
remarks:      the world and might therefore not be in the RIPE database.
mnt-by:       RIPE-NCC-HM-MNT
mnt-lower:    RIPE-NCC-HM-MNT
mnt-routes:   RIPE-NCC-RPSL-MNT
source:       RIPE # Filtered
 
organisation: ORG-IANA1-RIPE
org-name:     Internet Assigned Numbers Authority
org-type:     IANA
address:      see hxxp://www.iana.org
remarks:      The IANA allocates IP addresses and AS number blocks to RIRs
remarks:      see hxxp://www.iana.org/ipaddress/ip-addresses.htm
remarks:      and hxxp://www.iana.org/assignments/as-numbers
e-mail:       bitbucket@ripe.net
admin-c:      IANA1-RIPE
tech-c:       IANA1-RIPE
mnt-ref:      RIPE-NCC-HM-MNT
mnt-by:       RIPE-NCC-HM-MNT
source:       RIPE # Filtered
 
role:         Internet Assigned Numbers Authority
address:      see hxxp://www.iana.org.
e-mail:       bitbucket@ripe.net
admin-c:      IANA1-RIPE
tech-c:       IANA1-RIPE
nic-hdl:      IANA1-RIPE
remarks:      For more information on IANA services
remarks:      go to IANA web site at hxxp://www.iana.org.
mnt-by:       RIPE-NCC-MNT
source:       RIPE # Filtered
         

OrgName:    Internet Assigned Numbers Authority 
OrgID:      IANA
Address:    4676 Admiralty Way, Suite 330
City:       Marina del Rey
StateProv:  CA
PostalCode: 90292-6695
Country:    US
 
NetRange:   169.254.0.0 - 169.254.255.255 
CIDR:       169.254.0.0/16 
NetName:    LINKLOCAL-RFC3927-IANA-RESERVED
NetHandle:  NET-169-254-0-0-1
Parent:     NET-169-0-0-0-0
NetType:    IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment:    This is the "link local" block. It was set
Comment:    aside for this special use in the Standards
Comment:    Track document, RFC 3927 and was further
Comment:    documented in the Best Current Practice
Comment:    RFC 5735, which can  be found at:
Comment:    hxxp://www.rfc-editor.org/rfc/rfc3927.txt
Comment:    hxxp://www.rfc-editor.org/rfc/rfc5735.txt
Comment:    It is allocated for communication between hosts
Comment:    on a single link. Hosts obtain these addresses
Comment:    by auto-configuration, such as when a DHCP
Comment:    server cannot be found.
Comment:    A router MUST NOT forward a packet with an IPv4
Comment:    Link-Local source or destination address,
Comment:    irrespective  of the router's default route configuration
Comment:    or routes obtained from dynamic routing protocols.
Comment:    A  router which receives a packet with an IPv4
Comment:    Link-Local source or destination address MUST NOT
Comment:    forward the packet. This prevents forwarding of
Comment:    packets back onto the network segment from which
Comment:    they originated, or to any other segment.
RegDate:    1998-01-27
Updated:    2010-03-15
 
OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName:   Internet Corporation for Assigned Names and Number 
OrgAbusePhone:  +1-310-301-5820
OrgAbuseEmail:  abuse@iana.org
 
OrgTechHandle: IANA-IP-ARIN
OrgTechName:   Internet Corporation for Assigned Names and Number 
OrgTechPhone:  +1-310-301-5820
OrgTechEmail:  abuse@iana.org
 
# ARIN WHOIS database, last updated 2010-07-14 20:00
# Enter ? for additional hints on searching ARIN's WHOIS database.
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at https://www.arin.net/whois_tou.html
#
# Attention! Changes are coming to ARIN's Whois service on June 26.
# See https://www.arin.net/features/whois for details on the improvements.
         

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at **:**:**, on **.**.**
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\taskeng.exe
C:\Users\************\Programme\CoreTemp32\Core Temp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Windows\system32\Notepad.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=*****
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=*****
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=*****
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=*****
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {********-****-****-****-************} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {********-****-****-****-************} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: HP Smart BHO Class - {********-****-****-****-************} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Home Server Banner - {********-****-****-****-************} - C:\Program Files\Windows Home Server\WHSDeskBands.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\************\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: (no name) - {********-****-****-****-************} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {********-****-****-****-************} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O18 - Filter hijack: text/xml - {********-****-****-****-************} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {********-****-****-****-************} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe