Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   staendiger datenverkehr!? hijack-log anbei (https://www.trojaner-board.de/34629-staendiger-datenverkehr-hijack-log-anbei.html)

rmknust 22.12.2006 22:57
staendiger datenverkehr!? hijack-log anbei
 
bei jeder internet-verbindung werden riesen-datenmengen gesendet, wohin, an wen, keine ahnung...anbei das logfile...wer kann mir helfen? danke...michael

Logfile of HijackThis v1.99.1
Scan saved at 22:40:38, on 2006-12-22
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sokscmnt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\Atiptaxx.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\WINDOWS\System32\mysvcc.exe
C:\Program Files\CHIPDRIVE\Smartcard Manager\SCMgr.exe
C:\WINDOWS\System32\sokscmpn.exe
C:\WINDOWS\system32\mfee.exe
C:\WINDOWS\system32\syslem.exe
C:\WINDOWS\system32\mlm4.exe
C:\WINDOWS\system32\mnew1winc4.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\mfee.exe
C:\WINDOWS\system32\syslem.exe
C:\WINDOWS\system32\mlm4.exe
C:\WINDOWS\system32\mnew1winc4.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\***\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://szukaj.wp.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.neostrada.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.club-vaio.sony-europe.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [CHIPDRIVESmartcardManager] "C:\Program Files\CHIPDRIVE\Smartcard Manager\SCMgr.exe" x
O4 - HKLM\..\Run: [CHIPDRIVEPinManager] C:\WINDOWS\System32\sokscmpn.exe
O4 - HKLM\..\Run: [stack12] C:\WINDOWS\system32\mfee.exe
O4 - HKLM\..\Run: [sysems] C:\WINDOWS\system32\syslem.exe
O4 - HKLM\..\Run: [ml34] C:\WINDOWS\system32\mlm4.exe
O4 - HKLM\..\Run: [mlrnew1c4] C:\WINDOWS\system32\mnew1winc4.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [stack12] C:\WINDOWS\system32\mfee.exe
O4 - HKCU\..\Run: [sysems] C:\WINDOWS\system32\syslem.exe
O4 - HKCU\..\Run: [ml34] C:\WINDOWS\system32\mlm4.exe
O4 - HKCU\..\Run: [mlrnew1c4] C:\WINDOWS\system32\mnew1winc4.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Cordless DUALphone Startup.lnk = C:\Program Files\Cordless USB Phone\Cordless DUALphone Suite.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Neostrada TP (2).lnk = C:\Program Files\Neostrada TP\NeostradaTP.exe
O4 - Global Startup: Skype (2).lnk = C:\Program Files\Skype\Phone\Skype.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=h**p://www.club-vaio.sony-europe.com
O15 - Trusted Zone: *.Sony-europe.com
O15 - Trusted Zone: *.Sonystyle-europe.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164454397224
O16 - DPF: {65EEE2E1-B8D5-4724-8489-048B551045BF} (PPI Chipcard-Browser-Plugin) - h**ps://karte.seb-bank.de/gei/plugins/SEBChipcardPlugin123.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164454294435
O17 - HKLM\System\CCS\Services\Tcpip\..\{83B310F4-DF78-4497-8D0F-6790DE08B0A5}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: CHIPDRIVE Smartcard Office Kernel (SCM_Smart_Card_Office_Kernel) - SCM Microsystems - C:\WINDOWS\System32\sokscmnt.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

felix1 22.12.2006 23:13
Bei dem
Scan saved at 22:40:38, on 2006-12-22
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
wundert mich nichts.

Bei dem Zoo von Schädlingen, den Du Dir angesammelt hast, gibt es nur eine Lösung:
http://www.trojaner-board.de/12154-a...sicherung.html


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:20 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131