Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Logfile (https://www.trojaner-board.de/21486-logfile.html)

AndyVogel 04.09.2005 11:55
Logfile
 
Hallo!

Unser Server produziert immensen Traffic zum Internet, auffällig war voe ein paar Tagen ein Traffic im POP3-Dienst von 1,8 GB innerhalb von 8 Tagen...

Vielleicht hat ja jemand aufgrund des HiJackThis-Logfiles eine Idee.

Liebe Grüße

Andy


Logfile of HijackThis v1.99.1
Scan saved at 12:26:51, on 04.09.2005
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\pcAnywhere\awhost32.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\compaq\hpdiags\hpdiags.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\System32\ismserv.exe
C:\Programme\KEN!\KENSERV.EXE
C:\Programme\Gemeinsame Dateien\Sage KHK Shared\Liveupdate\LiveUpdateInstaller.exe
C:\Programme\NetLimiter 2\nlsvc.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Programme\Gemeinsame Dateien\Sage KHK Shared\REGISTRY.EXE
C:\Programme\SAGE NT SERVICE\KHKCLDBS.exe
D:\Programme\HaPeC\Xstream\XstreamTC21.exe
C:\WINDOWS\system32\CpqRcmc.exe
C:\WINDOWS\system32\sysdown.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\cpqteam.exe
C:\Programme\NetTime\NetTime.exe
C:\Programme\KEN!\kentbsrv.exe
D:\Programme\HaPeC\Xstream\XstreamSrvMgr10.exe
C:\Programme\MesPC\pcmeasure.exe
C:\Programme\NetLimiter 2\NLClient.exe
D:\Users\Allgemein\Paketsniffer\ViewTCP.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=192.168.0.2:3128;gopher=192.168.0.2:3128;http=192.168.0.2:3128;https=192.168.0.2:3128;socks=192.168.0.2:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [CPQTEAM] cpqteam.exe
O4 - HKLM\..\Run: [NetTime] C:\Programme\NetTime\NetTime.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KEN Taskbar Service] "C:\Programme\KEN!\kentbsrv.exe"
O4 - HKCU\..\Run: [FTPUploader] "C:\Programme\ftp-uploader\FTPUploader.exe" /autorun
O4 - Startup: MessPC.lnk = C:\Programme\MesPC\pcmeasure.exe
O4 - Startup: SunnyWeb.lnk = C:\Programme\SunnyWeb\SunnyWeb.exe
O4 - Global Startup: Xstream Dienstmanager.lnk = D:\Programme\HaPeC\Xstream\XstreamSrvMgr10.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RKSH.local
O17 - HKLM\Software\..\Telephony: DomainName = RKSH.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF3BBF07-92F0-4783-8EA8-197AE451784C}: NameServer = 192.168.114.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3B6E2ED-50F3-444B-872B-46577001749D}: NameServer = 192.168.0.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = RKSH.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = RKSH.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = RKSH.local
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Programme\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Compaq Remote Monitor Service (CpqRcmc) - Compaq - C:\WINDOWS\system32\CpqRcmc.exe
O23 - Service: HP Insight Diagnostics (hpdiags) - Unknown owner - C:\compaq\hpdiags\hpdiags.exe
O23 - Service: eTrust Antivirus-RPC-Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus-Echtzeitserver (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus-Jobserver (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: AVM KEN (KEN Service) - AVM Berlin - C:\Programme\KEN!\KENSERV.EXE
O23 - Service: LiveUpdateInstaller - Sage KHK Software - C:\Programme\Gemeinsame Dateien\Sage KHK Shared\Liveupdate\LiveUpdateInstaller.exe
O23 - Service: NetTime (NetTimeSvc) - Subjective Software - C:\Programme\NetTime\NeTmSvNT.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programme\NetLimiter 2\nlsvc.exe
O23 - Service: Sage Registrierungsdienst (Registry) - Sage KHK Software - C:\Programme\Gemeinsame Dateien\Sage KHK Shared\REGISTRY.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sage KHK Classic Line Database (Sage_KHK_Classic_Line_Database) - Unknown owner - C:\Programme\SAGE NT SERVICE\KHKCLDBS.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINDOWS\system32\sysdown.exe
O23 - Service: Xstream Server (XstreamSrv) - HaPeC GmbH - D:\Programme\HaPeC\Xstream\XstreamSrv20.exe
O23 - Service: Xstream Transaction Coordinator (XstreamTC) - HaPeC GmbH - D:\Programme\HaPeC\Xstream\XstreamTC21.exe

HerrKautz 04.09.2005 17:54
Hi,

sieht auch auf den ersten Blick nich so gut aus,mach einen escan nach Anleitung http://www.trojaner-board.de/showthread.php?t=17492 poste dann das Ergebnis!

Gruss


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:15 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19