Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
HiJackThis Log-File : Keylogger/Trojan

HiJackThis Log-File : Keylogger/Trojan


Log-Analyse und Auswertung: HiJackThis Log-File : Keylogger/Trojan

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 28.09.2007, 22:25   #1
nochdigger
 
HiJackThis Log-File : Keylogger/Trojan - Standard

HiJackThis Log-File : Keylogger/Trojan


Hallo

Hm, ok dann fahre fort mit Blacklight und Silentrunners.

MFG

Alt 29.09.2007, 16:40   #2
Skywal
 
HiJackThis Log-File : Keylogger/Trojan - Standard

HiJackThis Log-File : Keylogger/Trojan


BLACKLIGHt:
09/29/07 17:21:02 [Info]: BlackLight Engine 1.0.64 initialized
09/29/07 17:21:02 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/29/07 17:21:04 [Note]: 7019 4
09/29/07 17:21:04 [Note]: 7005 0
09/29/07 17:21:12 [Note]: 7006 0
09/29/07 17:21:12 [Note]: 7011 1748
09/29/07 17:21:12 [Note]: 7026 0
09/29/07 17:21:13 [Note]: 7026 0
09/29/07 17:21:17 [Note]: FSRAW library version 1.7.1022
09/29/07 17:27:35 [Info]: Hidden file: c:\WINDOWS\system32\dfrcache.dll
09/29/07 17:27:35 [Note]: 7002 0
09/29/07 17:27:35 [Note]: 7003 1
09/29/07 17:27:35 [Note]: 10002 1
09/29/07 17:27:37 [Info]: Hidden file: c:\WINDOWS\system32\MFPLAT32.dll
09/29/07 17:27:37 [Note]: 7002 0
09/29/07 17:27:37 [Note]: 7003 1
09/29/07 17:27:37 [Note]: 10002 1
09/29/07 17:27:49 [Info]: Hidden file: c:\WINDOWS\system32\spressvr.exe
09/29/07 17:27:49 [Note]: 7002 0
09/29/07 17:27:49 [Note]: 7003 1
09/29/07 17:27:49 [Note]: 10002 1
09/29/07 17:28:11 [Info]: Hidden file: c:\WINDOWS\system32\drivers\imapint.sys
09/29/07 17:28:11 [Note]: 7002 0
09/29/07 17:28:11 [Note]: 7003 1
09/29/07 17:28:11 [Note]: 10002 1
09/29/07 17:28:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\LVUSBSex.sys
09/29/07 17:28:12 [Note]: 7002 0
09/29/07 17:28:12 [Note]: 7003 1
09/29/07 17:28:12 [Note]: 10002 1
09/29/07 17:28:12 [Info]: Hidden file: c:\WINDOWS\system32\drivers\bth2k.sys
09/29/07 17:28:12 [Note]: 7002 0
09/29/07 17:28:12 [Note]: 7003 1
09/29/07 17:28:12 [Note]: 10002 1
09/29/07 17:32:36 [Note]: 7007 0

SILTENRUNNERS:

"Silent Runners.vbs", revision 52, Silent Runners - Adware? Disinfect, don't reformat!
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]
"Steam" = ""f:\valve\steam\steam.exe" -silent" ["Valve Corporation"]
"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"ALi5289" = "C:\Program Files\ULI5289\ALi5289.exe" ["ALi Corporation"]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"VSOCheckTask" = ""C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask" ["McAfee, Inc."]
"VirusScan Online" = "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" ["McAfee, Inc."]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
"MCUpdateExe" = "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"]
"OASClnt" = "C:\Program Files\McAfee.com\VSO\oasclnt.exe" ["McAfee, Inc."]
"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]
"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe " ["Logitech Inc."]
"LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"CmPCIaudio" = "RunDll32 cmicnfg3.cpl,CMICtrlWnd" [MS]



"usnsvc.exe" = "C:\WINDOWS\usnsvc.exe" [null data]
Dieser File macht mich sehr Verdächtig, [null data] ? kann die Datei nicht finden wenn ich sie mit
Jotti untersuchen will, weiss jemand wie?


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {HKLM...CLSID} = "My Logitech Pictures"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
"{ABC70703-32AF-11d4-90C4-D483A70F4825}" = "CMenuExtender"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\Documents and Settings\User\Desktop\New Folder (2)\Vista Inspirat 2\iColorFolder\CMExt.dll" [file not found]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Meine freigegebenen Ordner"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
CMenuExtender\(Default) = "{ABC70703-32AF-11d4-90C4-D483A70F4825}"
-> {HKLM...CLSID} = "CMenuExtender"
\InProcServer32\(Default) = "C:\Documents and Settings\User\Desktop\New Folder (2)\Vista Inspirat 2\iColorFolder\CMExt.dll" [file not found]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\ICQLite\ICQLiteShell.dll" [empty string]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "User" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Workspace Macro Pro Hotkeys" -> shortcut to: "C:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exe" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 14
%SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan"
-> {HKLM...CLSID} = "McAfee VirusScan"
\InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["McAfee, Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Mobilen Favoriten erstellen"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Mobilen Favoriten erstellen..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\INetRepl.dll" [MS]

{B863453A-26C3-4E1F-A54D-A2CD196348E9}\
"ButtonText" = "ICQ Lite"
"MenuText" = "ICQ Lite"
"Exec" = "C:\Program Files\ICQLite\ICQLite.exe" ["ICQ Ltd."]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"]
McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["McAfee Inc."]
StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]


---------- (launch time: 2007-09-29 17:37:18)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 63 seconds.
---------- (total run time: 116 seconds)
__________________

Geändert von Skywal (29.09.2007 um 17:14 Uhr)

Alt 29.09.2007, 16:57   #3
Skywal
 
HiJackThis Log-File : Keylogger/Trojan - Standard

HiJackThis Log-File : Keylogger/Trojan


Hier habe ich was gefunden, sieht aus als wäre die Datei infiziert.
Ich kann sie nicht löschen, und komischer weise sehe ich sie auch nicht
im Task Manager, was soll ich machen?



File: ftp.exe
Status: INFECTED/MALWARE
MD5: 22efd0214705ad441cc32755d02b69b0
Packers detected: -
Bit9 reports: Not analyzed yet (more info)

Scanner results
Scan taken on 29 Sep 2007 15:49:19 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Generic_c.KR
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
__________________
Alt 02.10.2007, 20:14   #4
don_night
 
HiJackThis Log-File : Keylogger/Trojan - Standard

HiJackThis Log-File : Keylogger/Trojan


so habe dass selbe problem was nu???

[edit]
bitte eröffne, wie jeder andere hier auch, für dein problem einen eigenen beitrag
nur so wird sichergestellt, das jedem user übersichtlich und individuell geholfen werden kann

danke
GUA
[/edit]

Alt 03.10.2007, 09:00   #5
nochdigger
 
HiJackThis Log-File : Keylogger/Trojan - Standard

HiJackThis Log-File : Keylogger/Trojan


Hallo

@Skywal lass Blacklight nochmal laufen und nutze nun die - Rename - Funktion, wenn die Dateien umbenannt sind wirst du diese finden können und kannst sie hier Virustotal
hier VirSCAN.org - The Multi-Engine Virus Scanner v1.00 Beta,Support 33 AntiVirus Engine, Last Update(070917)
oder hier Jotti
überprüfen lassen (kann einige Minuten dauern), poste die Ergebnisse mit der Angabe der größe der hochgeladenen Datei sowie die MD5 und SHA1 Angaben,
bitte auch wenn nichts gefunden wurde.

MFG


Alt 03.10.2007, 11:18   #6
Skywal
 
HiJackThis Log-File : Keylogger/Trojan - Standard

HiJackThis Log-File : Keylogger/Trojan


ehmm. srry aber mein Blacklight ist jetzt expired!?
gibt es vielleicht ein ähnliches Programm wie Blacklight?

Alt 03.10.2007, 15:38   #7
nochdigger
 
HiJackThis Log-File : Keylogger/Trojan - Standard

HiJackThis Log-File : Keylogger/Trojan


Hallo

Zitat:
ehmm. srry aber mein Blacklight ist jetzt expired!?
Ist mir beim lesen eines anderen Beitrages auch eingefallen
Du bekommst es aber zum laufen, wenn du im Bios den Monat von Oktober auf September zurücksetzt, gerade ausprobiert

Zitat:
gibt es vielleicht ein ähnliches Programm wie Blacklight?
'ne ganze Menge
GMER - Files
Download: Sophos Anti-Rootkit - PC-WELT
Download: McAfee Rootkit Detective - PC-WELT
http://download.bitdefender.com/wind...tkit-BETA2.exe
wobei ich diese Tools, mit Ausnahme von Sophos, noch nicht laufen hatte, es wäre allerdings interessant zu sehen was diese Programme entdecken.

MFG

Antwort

Themen zu HiJackThis Log-File : Keylogger/Trojan
ad-aware, auf einmal, datei, deutsch, fenster, frage, gleichzeitig, hijack, hijackthis, hijackthis log-file, jahre, komische, log-file, löschen, mcafee, msn, nicht mehr, programm, runter, schließen, schnell, search, taskmanager, tiere, trojaner, öffnen


« Scrupd.exe ? | Counter Strike Dedicated Server geht nicht! »


Ähnliche Themen: HiJackThis Log-File : Keylogger/Trojan


  1. PWS:Win32/Zbot malware : Trojan.Phex.TGen (File) und Trojan.Agent.IET (Registry Value und File)
    Log-Analyse und Auswertung - 16.01.2013 (15)
  2. trojan-BNK.win32.keylogger.gen
    Log-Analyse und Auswertung - 28.06.2011 (20)
  3. Win 7: Internet Katastrophal HijackThis Logfile keylogger ?, Malware ? Virus ?
    Log-Analyse und Auswertung - 24.12.2010 (1)
  4. Hijackthis post Keylogger
    Log-Analyse und Auswertung - 05.10.2010 (3)
  5. Keylogger Trojan-Spy.Win32.KeyLogger.cqd in Windows32
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (1)
  6. WoW Keylogger: Keylogger : TR\FakeAV.C[Trojan]
    Log-Analyse und Auswertung - 20.01.2010 (11)
  7. Firefox.exe "wird gerade verwendet" - HiJackThis Log-File und AntiVir Log-File
    Log-Analyse und Auswertung - 23.07.2009 (2)
  8. hijackthis file-yieldmanager-hijackthis.de geblockt
    Log-Analyse und Auswertung - 08.07.2009 (1)
  9. HiJackThis Log File und Gmer file Für Rootkit Problem
    Log-Analyse und Auswertung - 28.02.2009 (12)
  10. Trojan Keylogger Win 32 Fung
    Plagegeister aller Art und deren Bekämpfung - 03.11.2008 (41)
  11. Trojan.keylogger.win.32.fung
    Mülltonne - 01.11.2008 (0)
  12. Trojan-Spy.HTML.Bankfraud.dq - Trojan-Spy.Win32.KeyLogger.aa
    Mülltonne - 08.09.2008 (0)
  13. hijackthis log-file : Trojan.Exploit.Html.Iframe.Filedownload.FI
    Log-Analyse und Auswertung - 09.02.2008 (3)
  14. Ich hab ein keylogger verdacht!!!!HiJackThis Log-File bitte bewerten
    Mülltonne - 28.10.2007 (0)
  15. HiJackThis Log-File zu Trojan.Goldun. Hilfe!!
    Log-Analyse und Auswertung - 25.06.2007 (1)
  16. Keylogger.Trojan
    Plagegeister aller Art und deren Bekämpfung - 17.11.2005 (4)
  17. trojan keylogger peflog 1.4.6
    Plagegeister aller Art und deren Bekämpfung - 19.03.2004 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema HiJackThis Log-File : Keylogger/Trojan - Hallo Hm , ok dann fahre fort mit Blacklight und Silentrunners. MFG - HiJackThis Log-File : Keylogger/Trojan...
Archiv
Du betrachtest: HiJackThis Log-File : Keylogger/Trojan auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19