Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Problem mit Trojaner/Keylogger

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.10.2009, 15:57   #1
dgdg
Gast
 
Problem mit Trojaner/Keylogger - Unglücklich

Problem mit Trojaner/Keylogger



Hallo zusammen,

ich bin neu hier! Ich habe mich angemeldet, weil ich ein Problem mit einem Trojaner/Keylogger habe (hatte?) und mir nicht sicher bin, ob ich das Ding losgeworden bin.

Folgendes ist passiert: Meine Bank hat mir mein Online-Banking gesperrt, weil ich meine Online-Banking-Daten bereits auf einem ausländischen Server gefunden wurden.

Ich habe daraufhin den PC mit Knoppicilin 7 (alle drei Scanner) komplett gescannt. Dabei wurden folgenden Viren/Trojaner gefunden:
- TR/Crypt.XPACK.Gen
- TR/Crypt.ZPACK.Gen
- TR/Spy.Bebloh.A.14
- TR/Spy.Bebloh.A.15
und gelöscht. Ausserdem habe ich von der XP-Wiederherstellung-Console aus nochmal ein "fixmbr" gemacht (ohne das Windows zwischendurch zu booten).

AntiVir findet nun bei einem Komplett-Scan nichts mehr. Im Hijack-Log kann ich auch nichts verdächtiges erkennen.

Aber folgende Phänomene machen mich skeptisch:
1. Firefox stürzt ständig ab, auch im Save-Mode (aktuelle Version 3.5.3). Das macht er seit ich auf die 3.5.3 aktualisiert habe. Ich habe Firefox schon zweimal neu installiert und dabei auch alle Einstellungen löschen lassen - ohne Erfolg.
2. Windows meldet mir bei jedem Sysemstart für kurze Zeit, dass meine Firewall nicht aktiv wäre. Kurze Zeit später verschwindet die Meldung und die Firewall ist aktiv.

Ich bräuchte nun eure Hilfe, um sicher zu gehen, dass der PC sauber ist bzw. welcher Trojaner sich da evtl. noch versteckt. Bitte keine Tipps, den Rechner komplett platt zu machen - das geht aus verschiedenen Gründen im Moment nicht.

Ich poste in der nächsten Mail die gewünschten Listen. Ich hoffe, ich habe beim Erstellen der Listen alles richtig gemacht.

Es wäre toll, wenn ihr mir irgendwie helfen könntet!

Detlef

Geändert von dgdg (08.10.2009 um 16:25 Uhr)

Alt 08.10.2009, 16:09   #2
dgdg
Gast
 
Problem mit Trojaner/Keylogger - Standard

Hijack-Log



Ich kommen die Liste laut Anleitung. Wie gesagt, ich hoffe ich habe alles richtig gemacht

Hijack 2.0.2

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01:16, on 08.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\DVBViewer\DVBVservice.exe
C:\Programme\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\CyberLink\Shared files\RichVideo.exe
C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\system32\vmnat.exe
C:\Programme\TightVNC1.3.9\WinVNC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programme\VMware\VMware Workstation\vmware-authd.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programme\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\xRaidSetup.exe
C:\Programme\VMware\VMware Workstation\vmware-tray.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\etMon.exe
C:\WINDOWS\system32\umonit.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programme\DVBViewer\DVBVCtrl.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
C:\Programme\EventGhost\EventGhost.exe
C:\Programme\totalcmd\TOTALCMD.EXE
C:\Programme\TaskbarPP12\TaskbarPP.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programme\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\DllHost.exe
C:\Programme\Mpeg2Schnitt\Mpeg2Schnitt.exe
C:\Programme\ImagoMPEG-Muxer\ImagoMPEG-Muxer.exe
C:\Programme\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Programme\CCleaner\CCleaner.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ulutil2.dll,SetWriteBack
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [vmware-tray] "C:\Programme\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Programme\TightVNC1.3.9\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Programme\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DVBV Service Ctrl] C:\Programme\DVBViewer\DVBVCtrl.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: TaskbarPP.lnk = C:\Programme\TaskbarPP12\TaskbarPP.exe
O4 - Global Startup: Biet-O-Matic.lnk = C:\Programme\Biet-O-Matic\Biet-O-Matic.exe
O4 - Global Startup: EventGhost.lnk = C:\Programme\EventGhost\EventGhost.exe
O4 - Global Startup: Total Commander.lnk = C:\Programme\totalcmd\TOTALCMD.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programme\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\programme\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O17 - HKLM\System\CCS\Services\Tcpip\..\{C09F605C-DF5C-41E7-A533-A32093A49C1C}: NameServer = 192.168.0.91
O17 - HKLM\System\CCS\Services\Tcpip\..\{F5796A22-B878-4834-B787-881E70E1C54E}: NameServer = 192.168.0.91
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DVBViewer Recording Service (DVBVRecorder) - CM & V - C:\Programme\DVBViewer\DVBVservice.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Programme\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8fd8a63939670) (gupdate1c8fd8a63939670) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Programme\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Start BT in service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Programme\Gemeinsame Dateien\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Programme\TightVNC1.3.9\WinVNC.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13265 bytes
         
Fortsetzung folgt...
__________________


Alt 08.10.2009, 16:12   #3
dgdg
Gast
 
Problem mit Trojaner/Keylogger - Standard

Filelist Teil 1



Filelist (die letzten 6 Monate) - Teil 1:

Code:
ATTFilter
----- Root ----------------------------- 
 Datentr„ger in Laufwerk C: ist dg2 c
 Volumeseriennummer: F491-7E20

 Verzeichnis von C:\

07.10.2009  16:07                43 filelist.txt
06.10.2009  08:33     2.145.386.496 pagefile.sys
              16 Datei(en)  2.145.696.238 Bytes
               0 Verzeichnis(se), 15.228.641.280 Bytes frei
 
----- Windows -------------------------- 
 Datentr„ger in Laufwerk C: ist dg2 c
 Volumeseriennummer: F491-7E20

 Verzeichnis von C:\WINDOWS

07.10.2009  16:07         3.056.414 pfirewall.log
07.10.2009  15:19             7.085 wincmd.ini
07.10.2009  15:01         1.095.444 WindowsUpdate.log
07.10.2009  14:06               367 wiadebug.log
07.10.2009  13:26            32.424 SchedLgU.Txt
06.10.2009  08:35           908.757 setupapi.log
06.10.2009  08:33                 0 wiaservc.log
06.10.2009  08:33                 0 0.log
06.10.2009  08:33             2.048 bootstat.dat
05.10.2009  12:57               508 ODBC.INI
04.10.2009  13:22               957 wcx_ftp.ini
03.10.2009  17:20         8.519.693 pfirewall.log.old
16.09.2009  17:01           209.290 setupact.log
14.09.2009  14:34         1.318.461 iis6.log
14.09.2009  14:34           403.517 comsetup.log
14.09.2009  14:34           243.602 ntdtcsetup.log
14.09.2009  14:34            60.448 tabletoc.log
14.09.2009  14:34             1.374 imsins.log
14.09.2009  14:34            65.723 ocmsn.log
14.09.2009  14:34           544.966 tsoc.log
14.09.2009  14:34             7.137 KB968816.log
14.09.2009  14:34            83.959 medctroc.Log
14.09.2009  14:34           207.146 netfxocm.log
14.09.2009  14:34           578.684 ocgen.log
14.09.2009  14:34            59.374 msgsocm.log
14.09.2009  14:34         1.178.775 FaxSetup.log
14.09.2009  14:34           368.518 msmqinst.log
14.09.2009  14:34             1.374 imsins.BAK
14.09.2009  14:34             7.145 KB956844.log
14.09.2009  14:34             7.512 KB971961-IE8.log
12.09.2009  20:07             4.683 KB970653-v3.log
25.08.2009  23:59            39.424 zipinst.exe
23.08.2009  22:27               839 d.ini
19.08.2009  22:50                69 NeroDigital.ini
14.08.2009  15:36           153.213 spupdsvc.log
14.08.2009  00:55            21.815 KB960859.log
14.08.2009  00:55            21.755 KB971657.log
14.08.2009  00:55            21.565 KB971557.log
14.08.2009  00:55           185.083 updspapi.log
14.08.2009  00:55            12.515 KB956744.log
14.08.2009  00:55            12.125 KB973869.log
14.08.2009  00:55            21.380 KB973507.log
14.08.2009  00:55            11.877 KB973354.log
14.08.2009  00:55            12.255 KB973540.log
14.08.2009  00:55            42.458 wmsetup.log
14.08.2009  00:53            20.742 KB973815.log
03.08.2009  17:18                 0 eDrawingOfficeAutomator.INI
29.07.2009  07:46            15.068 KB972260-IE8.log
28.07.2009  10:36            17.611 KB963093.log
28.07.2009  10:36           108.884 avmacc.log
27.07.2009  20:34             7.485 KB972636-IE8.log
27.07.2009  20:34            32.322 KB926140-v5.log
27.07.2009  20:33            24.180 KB940157.log
27.07.2009  20:33             4.052 KB915800-v4.log
23.07.2009  12:11             9.112 KB973346.log
23.07.2009  12:11            16.423 KB971633.log
23.07.2009  12:11            14.618 KB961371.log
06.07.2009  12:38            46.893 ie8_main.log
06.07.2009  12:38            39.009 KB971930-IE8.log
06.07.2009  12:38            47.644 KB969897-IE8.log
06.07.2009  12:37            50.515 ie8.log
02.07.2009  07:41                43 hpfccopy.INI
18.06.2009  13:23             1.469 win.ini
12.06.2009  12:29            27.619 KB961501.log
12.06.2009  12:29            28.764 KB969897.log
12.06.2009  12:29            13.843 KB969898.log
12.06.2009  12:26            25.735 KB970238.log
12.06.2009  12:26            25.216 KB968537.log
13.05.2009  10:39                59 vbaddin.ini
04.05.2009  09:28                51 CoDeSysOPC.ini
29.04.2009  17:42                86 WAGO-IO-PRO 32.ini
23.04.2009  12:27               517 spupdsvc.log.1.log
22.04.2009  11:50            31.482 WgaNotify.log
16.04.2009  09:32            25.747 KB959426.log
16.04.2009  09:32            24.732 KB961373.log
16.04.2009  09:30            20.668 KB956572.log
16.04.2009  09:30            20.875 KB952004.log
16.04.2009  09:30            18.469 KB960803.log
16.04.2009  09:30            19.186 KB963027.log
16.04.2009  09:30            10.748 KB923561.log
14.04.2009  17:47           274.272 DPINST.LOG
             391 Datei(en)     80.904.682 Bytes
               0 Verzeichnis(se), 15.228.600.320 Bytes frei
 
----- System  --- 
 Datentr„ger in Laufwerk C: ist dg2 c
 Volumeseriennummer: F491-7E20

 Verzeichnis von C:\WINDOWS\system

23.08.2009  19:26           157.696 STORAGE.DLL
              51 Datei(en)      4.834.479 Bytes
               0 Verzeichnis(se), 15.228.608.512 Bytes frei
 
----- System 32 (Achtung: Zeitfenster beachten!) --- 
 Datentr„ger in Laufwerk C: ist dg2 c
 Volumeseriennummer: F491-7E20

 Verzeichnis von C:\WINDOWS\system32

06.10.2009  14:35            91.289 ryqhao
06.10.2009  08:38           102.950 perfc007.dat
06.10.2009  08:38            79.828 perfc009.dat
06.10.2009  08:38           503.814 perfh007.dat
06.10.2009  08:38           461.198 perfh009.dat
06.10.2009  08:38         1.165.368 PerfStringBackup.INI
06.10.2009  08:35            12.598 wpa.dbl
06.10.2009  08:33           111.099 oodbs.lor
12.09.2009  20:07           588.714 TZLog.log
28.08.2009  23:38        24.689.600 MRT.exe
26.08.2009  00:11           156.672 rmc_fixasf.exe
26.08.2009  00:11           237.568 rmc_rtspdl.dll
26.08.2009  00:11           323.584 AUDIOGENIE2.DLL
05.08.2009  10:59           206.336 mswebdvd.dll
19.07.2009  18:41        11.067.392 ieframe.dll
19.07.2009  15:11         5.937.152 mshtml.dll
17.07.2009  21:01            58.880 atl.dll
14.07.2009  13:03            46.080 tzchange.exe
13.07.2009  23:43        10.841.088 wmp.dll
13.07.2009  23:43           286.208 wmpdxm.dll
03.07.2009  18:55           206.848 occache.dll
03.07.2009  18:55           915.456 wininet.dll
03.07.2009  18:55         1.208.832 urlmon.dll
03.07.2009  18:55           594.432 msfeeds.dll
03.07.2009  18:55            55.296 msfeedsbs.dll
03.07.2009  18:55            25.600 jsproxy.dll
03.07.2009  18:55         1.469.440 inetcpl.cpl
03.07.2009  18:55         1.985.536 iertutil.dll
03.07.2009  18:55           184.320 iepeers.dll
03.07.2009  18:55           386.048 iedkcs32.dll
03.07.2009  13:01           173.056 ie4uinit.exe
29.06.2009  10:40            57.667 ieuinit.inf
22.06.2009  08:45           726.528 jscript.dll
16.06.2009  16:36            81.920 fontsub.dll
16.06.2009  16:36           119.808 t2embed.dll
15.06.2009  12:43            78.848 telnet.exe
15.06.2009  12:43            82.944 tlntsess.exe
12.06.2009  13:07           184.224 FNTCACHE.DAT
10.06.2009  16:13            85.504 avifil32.dll
10.06.2009  09:19         2.066.432 mstscax.dll
10.06.2009  08:14           132.096 wkssvc.dll
03.06.2009  21:09         1.296.896 quartz.dll
25.05.2009  00:24           350.208 mssph.dll
20.05.2009  04:56         2.458.112 WMVCore.dll
12.05.2009  15:12            16.928 spmsg.dll
12.05.2009  15:12            26.144 spupdsvc.exe
07.05.2009  17:32           348.160 localspl.dll
01.05.2009  23:02           811.008 divx_xx16.dll
01.05.2009  23:02           823.296 divx_xx0c.dll
01.05.2009  23:02           685.056 DivX.dll
01.05.2009  23:02           802.816 divx_xx11.dll
01.05.2009  23:02           815.104 divx_xx0a.dll
01.05.2009  23:02           823.296 divx_xx07.dll
29.04.2009  06:33         1.499.136 shdocvw.dll
26.04.2009  17:02                46 DonationCoder_processtamer_InstallInfo.dat
19.04.2009  21:46         1.847.296 win32k.sys
19.04.2009  19:34            30.704 FreeOTFEHashWhirlpool.sys
19.04.2009  19:34            22.128 FreeOTFEHashTiger.sys
19.04.2009  19:33            26.224 FreeOTFEHashSHA.sys
19.04.2009  19:33            32.112 FreeOTFEHashRIPEMD.sys
19.04.2009  19:33            16.880 FreeOTFEHashMD.sys
19.04.2009  19:33            31.600 FreeOTFECypherTwofish_ltc.sys
19.04.2009  19:33            28.528 FreeOTFECypherSerpent_Gladman.sys
19.04.2009  19:33            25.968 FreeOTFECypherRC6_ltc.sys
19.04.2009  19:33            24.944 FreeOTFECypherMARS_Gladman.sys
19.04.2009  19:33            56.816 FreeOTFECypherDES.sys
19.04.2009  19:33            30.576 FreeOTFECypherCAST6_Gladman.sys
19.04.2009  19:33            31.088 FreeOTFECypherCAST5.sys
19.04.2009  19:33            25.200 FreeOTFECypherBlowfish.sys
19.04.2009  19:32            47.088 FreeOTFECypherAES_ltc.sys
19.04.2009  19:32            31.856 FreeOTFE.sys
15.04.2009  16:51           585.216 rpcrt4.dll
04.04.2009  12:41             1.205 lvcoinst.log
04.04.2009  12:37               487 Installer.log
            2735 Datei(en)    646.659.663 Bytes
               0 Verzeichnis(se), 15.228.436.480 Bytes frei
 
----- Prefetch ------------------------- 
 Datentr„ger in Laufwerk C: ist dg2 c
 Volumeseriennummer: F491-7E20

 Verzeichnis von C:\WINDOWS\Prefetch

07.10.2009  16:07            11.440 FIND.EXE-0F3A16B9.pf
07.10.2009  16:07            64.364 CMD.EXE-18AA480B.pf
07.10.2009  16:06            13.104 VERCLSID.EXE-11B4EDAB.pf
07.10.2009  16:06            14.938 7ZG.EXE-232A5FFD.pf
07.10.2009  16:06            19.668 SEARCHFILTERHOST.EXE-36BAE580.pf
07.10.2009  16:06            37.668 SEARCHPROTOCOLHOST.EXE-029776ED.pf
07.10.2009  16:05            17.448 EXPLORER.EXE-04FFEABC.pf
07.10.2009  16:03            35.204 AVWSC.EXE-148E32AF.pf
07.10.2009  16:02            75.988 THUNDERBIRD.EXE-0529A4C6.pf
07.10.2009  15:56            21.600 GUARDGUI.EXE-00E7569A.pf
07.10.2009  15:30            13.648 NET1.EXE-0312854F.pf
07.10.2009  15:30            12.198 NET.EXE-1C1A7E2A.pf
07.10.2009  15:30            23.610 WSCRIPT.EXE-0D18836C.pf
07.10.2009  15:30            12.628 WGET.EXE-2B594EC4.pf
07.10.2009  15:30            31.124 TVINFODVBV.EXE-1B29EEBA.pf
07.10.2009  15:26            34.684 GOOGLEUPDATE.EXE-03ABE250.pf
07.10.2009  15:24            24.100 WMIPRVSE.EXE-23177086.pf
07.10.2009  15:04            52.262 AVSCAN.EXE-2A474F12.pf
07.10.2009  15:01            58.134 WUAUCLT.EXE-141D0725.pf
07.10.2009  15:01            58.824 AVCONFIG.EXE-209E9690.pf
07.10.2009  14:57            55.652 AVCENTER.EXE-1C6B3E83.pf
07.10.2009  14:45           215.158 NOTEPAD.EXE-1D460EEF.pf
07.10.2009  14:27            15.058 JBWCIZ.EXE-157EE6E1.pf
07.10.2009  14:27            17.200 ROOTKITREVEALER.EXE-3160D16C.pf
07.10.2009  14:24            29.350 TQ197V08.EXE-1E823435.pf
07.10.2009  14:20           350.206 Layout.ini
07.10.2009  13:55            21.350 HIJACKTHIS.EXE-14CED3CD.pf
07.10.2009  13:53            92.278 FIREFOX.EXE-03F20888.pf
07.10.2009  13:50           112.450 CRASHREPORTER.EXE-378FD784.pf
07.10.2009  13:38            17.066 GOOGLEUPDATERSERVICE.EXE-04962E7F.pf
07.10.2009  13:34             7.872 JQSNOTIFY.EXE-03D4C663.pf
07.10.2009  12:29            14.604 ADOBELM_CLEANUP.0001-0BDC05D8.pf
07.10.2009  12:29            16.608 ADOBELMSVC.EXE-01052515.pf
07.10.2009  12:28            85.770 ACROBAT.EXE-2C4E2D80.pf
07.10.2009  09:44           166.856 ACDSEE.EXE-1EB44F4B.pf
07.10.2009  09:40            95.892 PSP.EXE-02F37582.pf
07.10.2009  09:33            27.796 ACROBATINFO.EXE-346F5F3C.pf
07.10.2009  09:30            55.842 ACRODIST.EXE-1D813A40.pf
07.10.2009  09:20            64.854 WINWORD.EXE-3A00FFE0.pf
07.10.2009  07:54           258.502 VLC.EXE-3ACE3305.pf
07.10.2009  06:10           100.214 DVBVIEWER.EXE-37AE3068.pf
07.10.2009  05:26            14.220 GOOGLECRASHHANDLER.EXE-0D3465C0.pf
07.10.2009  03:03            60.016 HELPSVC.EXE-1C72BC12.pf
07.10.2009  02:28            76.708 WINAMP.EXE-2B90D5BD.pf
07.10.2009  01:23            62.292 AMC3.EXE-2BEBF94A.pf
07.10.2009  00:21            94.662 TSPLAYER.EXE-1C160E62.pf
07.10.2009  00:09           100.014 GOOGLEUPDATER.EXE-030E6701.pf
06.10.2009  21:10            51.244 AVNOTIFY.EXE-07C18EBB.pf
06.10.2009  21:09            50.916 UPDATE.EXE-032CC98D.pf
06.10.2009  16:10            24.342 FREEOTFE.EXE-1EFCD76D.pf
06.10.2009  14:35             6.144 TEMP_8901245.EXE-07A7ADC4.pf
05.10.2009  21:10            15.032 RUNDLL32.EXE-6A480868.pf
05.10.2009  15:56            54.792 SEARCHFILTERHOST.EXE-2B53C1A9.pf
05.10.2009  15:56           130.196 SEARCHPROTOCOLHOST.EXE-2F7C9065.pf
05.10.2009  15:49            70.846 AVWSC.EXE-0770069F.pf
05.10.2009  15:44            91.138 WMIPRVSE.EXE-0E69CB0B.pf
05.10.2009  15:30            23.506 NET.EXE-1A501125.pf
05.10.2009  15:30            13.864 NET1.EXE-02EAE2C6.pf
05.10.2009  15:30            29.622 WSCRIPT.EXE-19DD6617.pf
05.10.2009  15:30            31.458 WGET.EXE-03CA705C.pf
05.10.2009  15:30            31.400 TVINFODVBV.EXE-008477A0.pf
05.10.2009  15:30           154.786 CMD.EXE-137A0D53.pf
05.10.2009  15:26            32.192 GOOGLEUPDATE.EXE-05B6617F.pf
05.10.2009  15:07           161.824 WUAUCLT.EXE-12D8E25E.pf
              66 Datei(en)      5.116.054 Bytes
               0 Verzeichnis(se), 15.228.469.248 Bytes frei
 
----- Tasks ---------------------------- 
 Datentr„ger in Laufwerk C: ist dg2 c
 Volumeseriennummer: F491-7E20

 Verzeichnis von C:\WINDOWS\tasks

07.10.2009  16:00               276 dvbviewer.job
07.10.2009  15:30               278 dvb_tvinfo.job
07.10.2009  15:26             1.088 GoogleUpdateTaskMachineUA.job
07.10.2009  13:38             1.044 Google Software Updater.job
07.10.2009  07:00               278 dvb_epgupd.job
07.10.2009  06:10               284 dvb_datenbank.job
07.10.2009  05:26             1.084 GoogleUpdateTaskMachineCore.job
06.10.2009  08:33                 6 SA.DAT
               9 Datei(en)          4.403 Bytes
               0 Verzeichnis(se), 15.228.469.248 Bytes frei
 
----- Windows/Temp ----------------------- 
 Datentr„ger in Laufwerk C: ist dg2 c
 Volumeseriennummer: F491-7E20

 Verzeichnis von C:\WINDOWS\Temp

06.10.2009  08:35            13.930 hpqddsvc.log
06.10.2009  08:34            49.152 CompiledAdapter.dll
06.10.2009  08:34            16.384 Perflib_Perfdata_ed8.dat
06.10.2009  08:33            16.384 Perflib_Perfdata_9d0.dat
06.10.2009  08:33                 0 sqlite_ZekOmbha8eolg5s
06.10.2009  08:33               483 WGAErrLog.txt
05.10.2009  21:08            16.384 Perflib_Perfdata_ccc.dat
29.09.2009  12:40            16.384 Perflib_Perfdata_7a4.dat
25.09.2009  08:26                 0 is1171.tmp
22.09.2009  10:51            16.384 Perflib_Perfdata_844.dat
14.09.2009  14:38            16.384 Perflib_Perfdata_7f8.dat
12.09.2009  19:50            16.384 Perflib_Perfdata_3c8.dat
25.08.2009  12:33            16.384 Perflib_Perfdata_9f4.dat
17.08.2009  17:32            16.384 Perflib_Perfdata_914.dat
14.08.2009  15:36            16.384 Perflib_Perfdata_e10.dat
12.08.2009  19:57            16.384 Perflib_Perfdata_304.dat
12.08.2009  14:22            18.578 wudf_update.log
28.07.2009  12:52            16.384 Perflib_Perfdata_dbc.dat
17.07.2009  09:02            16.384 Perflib_Perfdata_854.dat
17.07.2009  08:52            16.384 Perflib_Perfdata_e04.dat
07.07.2009  17:25            16.384 Perflib_Perfdata_ff0.dat
15.06.2009  12:16            16.384 Perflib_Perfdata_53c.dat
12.06.2009  13:08            16.384 Perflib_Perfdata_d94.dat
17.05.2009  23:07            16.384 Perflib_Perfdata_ce0.dat
17.05.2009  23:01           616.448 wi04ey7d.TMP
17.05.2009  23:01            16.384 Perflib_Perfdata_250.dat
17.05.2009  23:00            16.384 Perflib_Perfdata_948.dat
17.05.2009  23:00            16.384 Perflib_Perfdata_8dc.dat
15.05.2009  03:02                 0 is1062.tmp
15.05.2009  03:02                 0 is105F.tmp
09.05.2009  11:56            16.384 Perflib_Perfdata_f04.dat
23.04.2009  12:28            16.384 Perflib_Perfdata_8fc.dat
23.04.2009  12:27            16.384 Perflib_Perfdata_85c.dat
23.04.2009  12:27            16.384 Perflib_Perfdata_7c0.dat
16.04.2009  12:42            16.384 Perflib_Perfdata_f94.dat
16.04.2009  12:27            16.384 Perflib_Perfdata_b34.dat
16.04.2009  11:16            16.384 Perflib_Perfdata_b00.dat
15.04.2009  20:51            16.384 Perflib_Perfdata_674.dat
15.04.2009  13:50            16.384 Perflib_Perfdata_ad0.dat
15.04.2009  13:40            16.384 Perflib_Perfdata_fe4.dat
04.04.2009  12:42             1.084 CamServr.log
04.04.2009  12:42            53.677 CamWizrd.log
04.04.2009  12:40            16.384 Perflib_Perfdata_d40.dat
04.04.2009  12:40            16.384 Perflib_Perfdata_a4c.dat
04.04.2009  12:39            16.384 Perflib_Perfdata_9f0.dat
04.04.2009  12:20               444 InstVid.log
04.04.2009  12:20               359 Instmed.log
             192 Datei(en)      3.518.286 Bytes
               0 Verzeichnis(se), 15.228.452.864 Bytes frei
         
Fortsetzung folgt...
__________________

Alt 08.10.2009, 16:14   #4
dgdg
Gast
 
Problem mit Trojaner/Keylogger - Standard

Problem mit Trojaner/Keylogger



Filelist - Teil 2:

Code:
ATTFilter
----- Temp ----------------------------- 
 Datentr„ger in Laufwerk C: ist dg2 c
 Volumeseriennummer: F491-7E20

 Verzeichnis von C:\DOKUME~1\detlef\LOKALE~1\Temp

07.10.2009  15:56       639.014.521 totalcmd.log
07.10.2009  15:55                 0 etilqs_u4g3jgl95FBtrq2hlSLi
07.10.2009  14:46            91.712 Genotron GMER Logdatei (4August 2009)3von3.txt
07.10.2009  14:46            91.341 Genotron GMER Logdatei (4August 2009)2von3.txt
07.10.2009  14:46            54.776 Genotron GMER Logdatei (4August 2009)1von3.txt
07.10.2009  14:46            31.872 Genotron RSIT Logdatei (4 August2009).txt
07.10.2009  14:45             1.097 Genotron mbam-log-2009-08-04 (18-20-56).txt
07.10.2009  14:38            16.384 ~DFAA03.tmp
07.10.2009  14:27           498.560 JBWCIZ.exe
07.10.2009  12:29            59.964 Adobelm_Cleanup.0001
07.10.2009  09:40                 3 Twain001.Mtx
07.10.2009  08:36            12.808 pcsuitecheck_new.xml
07.10.2009  07:57           957.876 WCESLog.log
06.10.2009  17:10                 0 sqlite_Qy4rQLi8eW9auae
06.10.2009  17:10             2.048 sqlite_fOAIEQdCpl6cEGG
06.10.2009  17:10                 0 sqlite_7cJqiCeYjhksImA
06.10.2009  17:10                 0 sqlite_dM9sVCldm1Y9WBI
06.10.2009  17:10                 0 sqlite_eLuBqDU6GjlfTE9
06.10.2009  13:14         8.948.756 nsmail.eml
06.10.2009  09:51                 0 JET6B1F.tmp
06.10.2009  08:35            23.744 scratch.html
06.10.2009  08:34            15.353 NGLALog.txt
06.10.2009  08:34            16.384 ~DFDF3D.tmp
06.10.2009  08:34               375 WCESCOMM.LOG
06.10.2009  08:28            35.142 java_install_reg.log
05.10.2009  21:08            16.384 ~DF577F.tmp
05.10.2009  12:13            18.653 LVCOMSX.LOG
04.10.2009  14:08            21.504 Einladung Hessenpark.doc
04.10.2009  12:01            31.744 vjrko9xn.doc
04.10.2009  11:47                 2 MMCULog2.txt
02.10.2009  16:14                 0 sPotEFdl.htm.part
29.09.2009  12:39            16.384 ~DFCADE.tmp
23.09.2009  16:52            40.483 Art-400074363240-2-1.html
23.09.2009  16:52            30.227 Art-400074363240-2.html
23.09.2009  16:52            13.111 Art-400074363240-1.html
22.09.2009  10:51            16.384 ~DFFE03.tmp
21.09.2009  20:53            23.887 Halle_9.pdf
19.09.2009  11:01                 0 rekq6OVI.wmv.part
17.09.2009  15:40           139.169 C200_T373.pdf
14.09.2009  14:51            16.384 ~DFB46C.tmp
14.09.2009  14:38            16.384 ~DFF8EC.tmp
12.09.2009  19:51            16.384 ~DF1BB7.tmp
11.09.2009  12:54                 0 e.exe
03.09.2009  18:09            16.384 ~DF9C03.tmp
03.09.2009  17:44            29.454 Art-400070599249-2.html
03.09.2009  17:44            40.823 Art-400070599249-2-1.html
03.09.2009  17:43            13.045 Art-400070599249-1.html
02.09.2009  15:15                 0 ew31998.tmp
02.09.2009  15:04                 0 sz01980.tmp
31.08.2009  14:06                 0 +ChiKg3E.pdf.part
31.08.2009  14:04                 0 rY8XZiyk.pdf.part
28.08.2009  16:22             7.857 TWAIN.LOG
28.08.2009  16:20                 0 hpp9BF.tmp
28.08.2009  16:20               156 Twunk001.MTX
28.08.2009  15:52                 0 hpp8BF.tmp
28.08.2009  15:47                 0 hpp8B8.tmp
27.08.2009  07:41                 0 hpp4E0.tmp
24.08.2009  23:11                 0 cIn_RiYz.wma.part
19.08.2009  22:49                 0 ACD684.tmp.wav
17.08.2009  17:32            16.384 ~DFCE29.tmp
14.08.2009  15:36            16.384 ~DF97D7.tmp
13.08.2009  11:08           573.435 GZW2_Xww.zip.part
12.08.2009  19:58            16.384 ~DF1228.tmp
12.08.2009  19:51             1.302 NclRegPermissions(1).log
12.08.2009  19:38            27.648 Naturwissenschaftler_Siemens.doc
11.08.2009  00:02         1.058.167 4SrtE6kn.exe.part
10.08.2009  23:47           150.718 aj2oagkc.pdf
10.08.2009  22:31           429.931 OKUEXC55.pdf.part
10.08.2009  21:55               752 jar_cache4738335836214367725.tmp
08.08.2009  13:09            16.384 ~DFEBCB.tmp
06.08.2009  18:02            16.384 ~DF6475.tmp
05.08.2009  13:54            59.964 SolidWorksLicTemp.0001
02.08.2009  18:28         9.274.748 cqVyjDGB.zip.part
29.07.2009  13:56                 0 Iv38OdAK.avi.part
28.07.2009  12:52            16.384 ~DFE17F.tmp
28.07.2009  10:36             2.322 _coInst.log
28.07.2009  10:36             2.364 vminst.log
27.07.2009  17:06            76.118 Microsoft .NET Framework 3.5-KB963707_20090727_150636578.html
27.07.2009  17:06           424.484 Microsoft .NET Framework 3.5-KB963707_20090727_150636578-Msi0.txt
27.07.2009  17:03            16.384 ~DFC7B.tmp
25.07.2009  15:57                 0 hpp518.tmp
24.07.2009  20:58         4.109.612 4B8_BS4N.aspx.part
21.07.2009  14:00                 0 G+dBWHNe.mpg.part
21.07.2009  13:58                 0 Sdclzvje.wmv.part
17.07.2009  19:37         3.134.527 68fmwcQC.exe.part
17.07.2009  09:02            16.384 ~DFAB1C.tmp
17.07.2009  08:53            16.384 ~DF9914.tmp
16.07.2009  19:06           261.495 telefon.pdf
10.07.2009  20:43         4.761.088 n8aKSAbv.exe.part
10.07.2009  13:33         1.725.561 dSinfo1b.zip
10.07.2009  10:52           531.707 EVOdemux-0.627.zip
09.07.2009  22:02            27.455 support-1.zip
07.07.2009  17:27            16.384 ~DF6C7A.tmp
02.07.2009  14:41                 0 90Uz+5w1.htm.part
02.07.2009  07:40                 0 hpp2EF6.tmp
01.07.2009  19:05                 0 ACD2D9E.tmp.wav
01.07.2009  19:05                 0 ACD2D9D.tmp.wav
25.06.2009  15:39                 0 hpp1C3A.tmp
24.06.2009  15:12                 0 Twunk002.MTX
24.06.2009  09:22            58.196 9mko0rfp.pdf
18.06.2009  18:08           248.966 AtHjYyfR.zip.part
16.06.2009  23:39               558 jar_cache6019926857806319974.tmp
16.06.2009  22:59               906 jar_cache5803736771876292695.tmp
16.06.2009  22:59               217 jar_cache7223159316739195244.tmp
16.06.2009  22:59                58 jar_cache5931005199179569199.tmp
16.06.2009  22:59                43 jar_cache3971529711113456204.tmp
16.06.2009  22:58               639 jar_cache5841262206052608136.tmp
16.06.2009  22:58             1.007 jar_cache7248878198997233585.tmp
16.06.2009  22:58               603 jar_cache3676237488893072702.tmp
16.06.2009  22:58               645 jar_cache1945501006927102048.tmp
15.06.2009  12:16            16.384 ~DFD700.tmp
14.06.2009  08:33               577 +KALBBrE.osm.part
14.06.2009  08:33               577 9+mP8Efl.osm.part
14.06.2009  08:33               577 data.osm
12.06.2009  13:08            16.384 ~DFAFA5.tmp
11.06.2009  16:34            11.280 SCSILog0.txt
06.06.2009  19:26         1.023.444 WCESMgr.log
04.06.2009  10:11       315.488.185 ibu123.zip
03.06.2009  08:29            32.768 ~DF5B65.tmp
02.06.2009  12:15            41.938 OSR-1.pdf
02.06.2009  12:12            36.345 OSR.pdf
29.05.2009  14:02             1.360 wmplog02.sqm
29.05.2009  12:45                 0 QrVJcGAK.mpg.part
29.05.2009  12:33                 0 xRbiDgUD.wmv.part
29.05.2009  12:30                 0 jWKGrrZ0.wmv.part
29.05.2009  12:30                 0 ncjT_Vj4.wmv.part
29.05.2009  12:30                 0 UFvmyxvC.wmv.part
29.05.2009  12:29                 0 xMKQ14ZL.mpg.part
29.05.2009  11:53                 0 oHGwJ9wU.mpg.part
29.05.2009  11:52                 0 Pjl4hVsF.mpg.part
29.05.2009  11:52                 0 NG6KzFhS.mpg.part
29.05.2009  11:50                 0 lHZLsKsT.wmv.part
29.05.2009  11:28                 0 VLv7nLfJ.wmv.part
28.05.2009  19:11                 0 u0to9IU2.ts.part
28.05.2009  17:29         3.690.586 pnW_qkqN.exe.part
28.05.2009  12:58             2.891 clx.dro
28.05.2009  12:58             1.003 IDAPI32.CFG
28.05.2009  12:57               753 bdemerge.ini
28.05.2009  12:55           401.920 borlndlm.dll
28.05.2009  12:55                 0 ~B41.tmp
27.05.2009  14:35         6.317.568 TOBITCLT.DLL
26.05.2009  10:23                 0 cag3PIwv.mpg.part
25.05.2009  14:13                 0 m4ssCNQF.wmv.part
25.05.2009  14:13                 0 MTN_HNWR.wmv.part
25.05.2009  13:29                 0 KEqQslS6.mpg.part
25.05.2009  13:24                 0 L9XhHjC2.wmv.part
25.05.2009  12:47                 0 c4n79.tmp
25.05.2009  12:46                 0 pjl78.tmp
25.05.2009  12:45                 0 lqa77.tmp
25.05.2009  12:44                 0 yk976.tmp
25.05.2009  12:43                 0 rqj75.tmp
25.05.2009  12:41                 0 vct74.tmp
25.05.2009  12:40                 0 ytf73.tmp
25.05.2009  10:47            16.384 ~DF7A25.tmp
24.05.2009  09:55                 0 MEdAvY2U.mpg.part
23.05.2009  14:03            96.521 RE 098519.pdf
20.05.2009  22:34                 0 NUiM6Pmd.mpg.part
20.05.2009  22:30                 0 KrBY6yXr.wmv.part
20.05.2009  10:37                 0 9dz6F0.tmp
20.05.2009  10:09         1.544.928 H+O3y3pS.wmv.part
20.05.2009  10:07        10.833.103 J7LE27+1.wmv.part
20.05.2009  10:03         8.262.272 y2skHwxj.wmv.part
20.05.2009  10:02         8.970.187 osIAf8mH.wmv.part
19.05.2009  14:37         7.753.411 zeTvwnN8.wmv.part
18.05.2009  14:46                 0 sltzoJtm.wmv.part
18.05.2009  14:33                 0 PxBvthPc.wmv.part
18.05.2009  14:27                 0 neqhHOi_.wmv.part
18.05.2009  14:26                 0 zjthSb8q.wmv.part
18.05.2009  14:18                 0 8f2o4ctu.wmv.part
18.05.2009  14:15                 0 ZOiT+5G1.wmv.part
18.05.2009  14:15                 0 BqI4lHZh.wmv.part
18.05.2009  14:01                 0 6i8201.tmp
18.05.2009  13:54                 0 bl11FE.tmp
18.05.2009  13:52                 0 qb71FD.tmp
18.05.2009  13:30                 0 ws81F9.tmp
18.05.2009  13:29                 0 g9m1F8.tmp
17.05.2009  23:08            16.384 ~DF9998.tmp
17.05.2009  23:01                 0 sqlite_s66uZ7pwGi7dCqN
17.05.2009  23:01                 0 sqlite_85ahvcbkKlkUodm
17.05.2009  23:01                 0 sqlite_sCVxLk6bpKHBEh4
17.05.2009  23:01                 0 sqlite_eb6f3dSTNfeujkK
17.05.2009  23:01                 0 sqlite_WezgBf3Sh376KkX
17.05.2009  23:01                 0 sqlite_acQPlrabMfdAa1O
17.05.2009  23:01            16.384 ~DF9D33.tmp
17.05.2009  20:31            16.384 ~DFF4FD.tmp
13.05.2009  21:30                 0 ACDC6D.tmp
11.05.2009  17:39                 0 ACD668.tmp.wav
11.05.2009  17:39                 0 ACD667.tmp.wav
11.05.2009  17:18             1.416 wmplog01.sqm
11.05.2009  16:23             1.680 wmplog00.sqm
09.05.2009  11:52             8.200 etilqs_ijh4ZnZhQ0ZNAbtupSHk
08.05.2009  22:43            36.864 ~DFAE3D.tmp
07.05.2009  16:52             2.048 sqlite_s7Qx1nQCcQ54RG3
07.05.2009  15:23                 0 sqlite_yhX1V9mIoIr3YAd
07.05.2009  15:23             2.048 sqlite_QgATWSrvoW1WyUw
07.05.2009  15:23             2.048 sqlite_dFmjPfV3bmTeusg
07.05.2009  15:23                 0 sqlite_nVsWEXAWZsVl9V9
07.05.2009  15:23                 0 sqlite_0UQoAPVy8xlQXoA
07.05.2009  15:23                 0 sqlite_jgKsiUbozjjR4wT
06.05.2009  11:15            83.484 Art-160331672300-3.html
06.05.2009  11:14            14.481 Art-160331672300-1.html
05.05.2009  19:12            69.208 Art-170326458884-3.html
05.05.2009  19:10            14.503 Art-170326458884-1.html
04.05.2009  17:33                 0 Rb3xUbiB.lnk
03.05.2009  20:13                 0 JET3F20.tmp
26.04.2009  19:36            71.770 Art-170324758553-3.html
26.04.2009  19:36            29.906 Art-170324758553-2.html
26.04.2009  19:36            41.428 Art-170324758553-2-1.html
26.04.2009  19:35            12.993 Art-170324758553-1.html
26.04.2009  17:01         3.088.384 Zrlax2kA.exe.part
23.04.2009  12:29            16.384 ~DFB1F4.tmp
23.04.2009  12:24            65.536 mso2C7.mdb
22.04.2009  15:32                 0 eel1274.tmp
22.04.2009  15:29                 0 yqo1272.tmp
22.04.2009  15:29                 0 w8n1271.tmp
22.04.2009  15:27                 0 smr1270.tmp
22.04.2009  15:26                 0 1dt126F.tmp
22.04.2009  15:26                 0 fep126E.tmp
22.04.2009  15:26                 0 e9y126D.tmp
22.04.2009  15:13                 0 27m126C.tmp
21.04.2009  08:08                 0 ACDE69.tmp.wav
20.04.2009  12:01                 0 ACDC1A.tmp.wav
20.04.2009  11:51                 0 ACDC00.tmp.wav
20.04.2009  11:51                 0 ACDBFF.tmp.wav
20.04.2009  11:51                 0 ACDBFE.tmp.wav
20.04.2009  11:51                 0 ACDBFD.tmp.wav
20.04.2009  11:51                 0 ACDBFC.tmp.wav
17.04.2009  19:19                 2 nsi43C.tmp
17.04.2009  19:19                 0 utt439.tmp
17.04.2009  19:19           667.848 utt439.tmp.exe
17.04.2009  17:13                 0 utt403.tmp
17.04.2009  17:13                70 utt403.tmp.bat
17.04.2009  17:13                 0 utt402.tmp
17.04.2009  15:38                 0 CogILcCH.svg.part
17.04.2009  15:38                 0 4_LFCliH.svg.part
17.04.2009  15:38                 0 C_BLnyv1.svg.part
17.04.2009  15:38                 0 DurAFZG6.svg.part
17.04.2009  15:38                 0 NcOkeFD3.svg.part
17.04.2009  15:38                 0 T4bnhCqg.svg.part
17.04.2009  15:38                 0 cGhEWGNX.svg.part
17.04.2009  15:38                 0 llaFWrHX.svg.part
17.04.2009  15:38                 0 yTPHMnkf.svg.part
17.04.2009  15:38                 0 zg2UO9Ue.svg.part
17.04.2009  15:38                 0 aUwrOm7S.svg.part
17.04.2009  15:38                 0 DDHzyhaY.svg.part
17.04.2009  15:38                 0 b8Cc39w9.svg.part
17.04.2009  15:38                 0 N0IRXI9J.svg.part
17.04.2009  15:38                 0 ZzZyGLZq.svg.part
17.04.2009  15:38                 0 3XKUMqsz.svg.part
17.04.2009  15:38                 0 0HWHolmF.svg.part
17.04.2009  15:38                 0 wy3MNs_A.svg.part
17.04.2009  15:38                 0 SBB2p1t5.svg.part
17.04.2009  15:38                 0 kr8aDXXo.svg.part
17.04.2009  15:38                 0 drv8B7Eh.svg.part
17.04.2009  15:38                 0 ZIrBmLTJ.svg.part
17.04.2009  15:38                 0 xlwbki5Y.svg.part
17.04.2009  15:38                 0 2sfm5Faf.svg.part
17.04.2009  15:38                 0 CBv3H5TJ.svg.part
17.04.2009  15:38                 0 Ya2lEogD.svg.part
17.04.2009  15:38                 0 rMRgasRR.svg.part
17.04.2009  15:38                 0 ZSND8rNc.svg.part
17.04.2009  15:38                 0 wjYsNvYp.svg.part
16.04.2009  12:46            28.410 ColorProfile.log
16.04.2009  12:44               174 addonscheck.xml
16.04.2009  12:43            16.384 ~DFCC1F.tmp
16.04.2009  12:28            16.384 ~DF7673.tmp
16.04.2009  11:16            16.384 ~DF6B1F.tmp
15.04.2009  20:51            16.384 ~DF5F14.tmp
15.04.2009  13:51            16.384 ~DF752F.tmp
14.04.2009  09:19                 0 hiiTOddk.wmv.part
14.04.2009  08:50                 0 _kwvS8DR.mpg.part
14.04.2009  08:48                 0 jkmzrGwv.wmv.part
10.04.2009  13:46            16.384 ~DFD5A9.tmp
09.04.2009  14:46                 0 ACD149E.tmp.wav
09.04.2009  14:46                 0 ACD149D.tmp.wav
09.04.2009  14:29                 0 ACD149C.tmp.wav
09.04.2009  14:29                 0 ACD149B.tmp.wav
09.04.2009  14:13                 0 3G+DvwXk.mpg.part
09.04.2009  14:13                 0 WAWPTN5M.wmv.part
09.04.2009  14:13                 0 Ww2Sl+jp.wmv.part
09.04.2009  14:13                 0 2HkNj_Ky.wmv.part
09.04.2009  14:12                 0 WigHpvH9.wmv.part
09.04.2009  11:33                 0 cnaouQKV.avi.part
09.04.2009  11:33                 0 ZatAz824.avi.part
09.04.2009  11:32                 0 12z6_gdu.avi.part
09.04.2009  10:56                 0 5HkRmiRN.wmv.part
09.04.2009  10:44                 0 DgzwLs9V.wmv.part
09.04.2009  10:08                 0 fHxqr+Dd.mpg.part
09.04.2009  09:55                 0 C0aGmiBs.wmv.part
08.04.2009  09:39            16.384 ~DF4460.tmp
07.04.2009  12:29            16.384 ~DFEB8D.tmp
04.04.2009  14:38                 0 z50D6.tmp
04.04.2009  14:38                 0 egoD5.tmp
04.04.2009  12:41            16.384 ~DF674A.tmp
02.04.2009  16:16                 0 tpw351.tmp
02.04.2009  16:15                 0 a4w350.tmp
02.04.2009  14:59                 0 UPJn1wL9.htm.part
01.04.2009  21:00                 0 ZMFG6GYL.mpg.part
01.04.2009  17:36                 0 XV3Eelzf.avi.part
01.04.2009  14:07                 0 TkHxAqmr.mpg.part
             529 Datei(en)  1.139.826.248 Bytes
               0 Verzeichnis(se), 15.228.420.096 Bytes frei
         
Fortsetzung folgt...

Alt 08.10.2009, 16:18   #5
dgdg
Gast
 
Problem mit Trojaner/Keylogger - Standard

CCleaner-Log und Gmer-Log Teil 1



Installierte Programme (CCleaner):

Code:
ATTFilter
7-Zip 4.57
AC3Filter (remove only)
ACDSee 4.0
ACDSee 4.0 Service Release 1
Acronis True Image Home
Adobe Acrobat 7.0 Professional
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 6.0
Adobe SVG Viewer 3.0
Advanced MP3 Catalog Pro 3.03
AGFEO TK-Suite Basic 3
AnyDVD
ATI - Dienstprogramm zur Deinstallation der Software
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
Autostart ok-s 2.0
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
AVRStudio4
Beck @CHIPTOOL V5.10.0.1
Beck Postmake 2 (Version 2.3.0.1)
Biet-O-Matic v2.6.2
BitTorrent
BJ Network Tool
Bluesoleil2.7.0.13 VoIP Release 071227
Borland Delphi 7
BT747 Desktop
CamStudio
Canon PIXMA iP4000R
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Catalyst Control Center - Branding
CCleaner (remove only)
CoDeSys for Automation Alliance
DataLogV2.5
DATAstreet Hessen 2000
Destinator Console
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DNA
Dr. Hardware 2009 9.9.0d
DVBViewer Pro
DVBViewer Recording Service
DVBViewer TE
eDrawings 2008
EventGhost 0.3.7.r1194
EveryWAN Remote Support Personal Edition
Exact Audio Copy 0.99pb4
FileZilla Server (remove only)
FreeOTFE
FreePDF XP (Remove only)
Freez Screen Video Capture v1.2
Garmin City Navigator Europe NT v9
Garmin Communicator Plugin
Garmin MapSource
Garmin WebUpdater
Generic color icon driver
GnuWin32: Wget-1.11.4-1
Google Earth
Google Earth Plug-in
Google Updater
GPL Ghostscript 8.62
GPL Ghostscript Fonts
GPS-Track-Analyse.NET
GX::Transcoder v5.0
Hama USB Mass Storage Device
Hex Wizard 1.22
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Photosmart Kameras 9.0
HP Scanjet 3800 series 7.0
HP Solution Center 9.0
HP Update
HP USB Disk Storage Format Tool
Indeo® Software
Java(TM) 6 Update 11
JMB36X Raid Configurer
Logitech iTouch Software
Logitech QuickCam-Software
Logitech® Camera-Treiber
LogMeIn
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 SR-1 Premium
Microsoft SQL Server Desktop Engine (PINNACLESYS)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.3)
Mozilla Sunbird (0.9)
Mozilla Thunderbird (2.0.0.23)
MP3-Tag-Editor
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
Nero 8
nLite 1.4.9.1
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
O&O Defrag Professional Edition
OCR Software by I.R.I.S 7.0
ODBC
OSMtracker 0.6.1
Paint Shop Pro 7
Paradigm C++ Beck IPC Edition
PC Connectivity Solution
Pinnacle Hollywood FX for Studio
Pinnacle MediaServer
Pinnacle ShowCenter
PowerDVD Ultra
Process Tamer 2.11.01
RAIDar 4.1.4
Realtek High Definition Audio Driver
RedMon - Redirection Port Monitor
RMVB Converter 1.8
Security Update for Windows Search 4 - KB963093
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
Slotman
Sonic CinePlayer DVD Pack
Spb Backup
Spb Backup 2.0
Studio 9
Sun xVM VirtualBox
SUPER © Version 2008.bld.32 (July 8, 2008)
Target 3001! V14 discover
TechniSat DVB-PC TV Star
Tera Term Pro
TightVNC 1.3.9
Top50 Viewer
Total Commander (Remove or Repair)
Tux Paint 0.9.19
Tweak UI
Unlocker 1.8.7
VAD Laplace Webcam
VirtualCloneDrive
VLC media player 1.0.0
VMware Workstation
Winamp
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Windows-Treiberpaket - Nokia Modem  (05/22/2008 3.8)
Windows-Treiberpaket - Nokia Modem  (05/22/2008 7.00.0.1)
Windows-Treiberpaket - Nokia Modem  (10/27/2008 3.9)
Windows-Treiberpaket - Nokia Modem  (10/27/2008 7.01.0.1)
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
WinPcap 4.0.2
WinRAR
WinZip
Wireshark 1.0.0
WsWin V2.93.13 - 2007-04-22
X10 Hardware(TM)
XNavigator
ZOC Terminal 5.1
         
Gmer - Teil 1:

Code:
ATTFilter
GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-07 16:13:15
Windows 5.1.2600 Service Pack 3
Running: tq197v08.exe; Driver: C:\DOKUME~1\detlef\LOKALE~1\Temp\fxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT            F7A63CC6                                                                                                             

                 ZwCreateKey
SSDT            F7A63CBC                                                                                                             

                 ZwCreateThread
SSDT            F7A63CCB                                                                                                             

                 ZwDeleteKey
SSDT            F7A63CD5                                                                                                             

                 ZwDeleteValueKey
SSDT            F7A63CDA                                                                                                             

                 ZwLoadKey
SSDT            F7A63CA8                                                                                                             

                 ZwOpenProcess
SSDT            F7A63CAD                                                                                                             

                 ZwOpenThread
SSDT            F7A63CE4                                                                                                             

                 ZwReplaceKey
SSDT            F7A63CDF                                                                                                             

                 ZwRestoreKey
SSDT            F7A63CD0                                                                                                             

                 ZwSetValueKey
SSDT            F7A63CB7                                                                                                             

                 ZwTerminateProcess

INT 0x01        \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.)               

                 B962D59A
INT 0x03        \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.)               

                 B962D655
INT 0x06        \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems)      

                 A9E1616D
INT 0x0E        \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems)      

                 A9E15FC2

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetReadFile                                                           

                 408C654B 5 Bytes  JMP 13159E5C 
.text           C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetCloseHandle                                                        

                 408C9088 5 Bytes  JMP 1315A05C 
.text           C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetQueryDataAvailable                                                 

                 408CBF83 5 Bytes  JMP 13159C7C 
.text           C:\WINDOWS\Explorer.EXE[2696] WININET.dll!HttpOpenRequestA                                                           

                 408CD508 5 Bytes  JMP 13158964 
.text           C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetConnectA                                                           

                 408CDEAE 5 Bytes  JMP 1315880C 
.text           C:\WINDOWS\Explorer.EXE[2696] WININET.dll!HttpSendRequestW                                                           

                 408CFABE 5 Bytes  JMP 13159688 
.text           C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetOpenA                                                              

                 408DD688 5 Bytes  JMP 131587C0 
.text           C:\WINDOWS\Explorer.EXE[2696] WININET.dll!HttpSendRequestA                                                           

                 408DEE81 5 Bytes  JMP 13159288 
.text           C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetReadFileExW                                                        

                 408E3341 5 Bytes  JMP 1315A00C 
.text           C:\WINDOWS\Explorer.EXE[2696] WININET.dll!InternetReadFileExA                                                        

                 408E3379 5 Bytes  JMP 13159FBC 
.text           C:\WINDOWS\system32\SearchIndexer.exe[3556] kernel32.dll!WriteFile                                                   

                 7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text           C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetReadFile                                          

                 408C654B 5 Bytes  JMP 13159E5C 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetCloseHandle                                       

                 408C9088 5 Bytes  JMP 1315A05C 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetQueryDataAvailable                                

                 408CBF83 5 Bytes  JMP 13159C7C 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!HttpOpenRequestA                                          

                 408CD508 5 Bytes  JMP 13158964 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetConnectA                                          

                 408CDEAE 5 Bytes  JMP 1315880C 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!HttpSendRequestW                                          

                 408CFABE 5 Bytes  JMP 13159688 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetOpenA                                             

                 408DD688 5 Bytes  JMP 131587C0 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!HttpSendRequestA                                          

                 408DEE81 5 Bytes  JMP 13159288 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetReadFileExW                                       

                 408E3341 5 Bytes  JMP 1315A00C 
.text           C:\Programme\Mozilla Firefox\firefox.exe[3964] wininet.dll!InternetReadFileExA                                       

                 408E3379 5 Bytes  JMP 13159FBC 
.text           C:\Programme\VirtualDub\VirtualDub.exe[4676] kernel32.dll!SetUnhandledExceptionFilter                                

                 7C84495D 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text           c:\programme\virtualdub\VirtualDub.exe[5920] kernel32.dll!SetUnhandledExceptionFilter                                

                 7C84495D 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\ADVAPI32.dll 

[KERNEL32.dll!SetUnhandledExceptionFilter]  [019E73CC] C:\Programme\Mozilla 

Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\ADVAPI32.dll 

[KERNEL32.dll!LoadLibraryA]                 [019E7376] C:\Programme\Mozilla 

Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]  

                 [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback 

Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\RPCRT4.dll 

[KERNEL32.dll!SetUnhandledExceptionFilter]    [019E73CC] C:\Programme\Mozilla 

Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\Secur32.dll 

[KERNEL32.dll!SetUnhandledExceptionFilter]   [019E73CC] C:\Programme\Mozilla 

Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 

                 [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback 

Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]  

                 [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback 

Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\WS2_32.dll 

[KERNEL32.dll!SetUnhandledExceptionFilter]    [019E73CC] C:\Programme\Mozilla 

Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\msvcrt.dll 

[KERNEL32.dll!SetUnhandledExceptionFilter]    [019E73CC] C:\Programme\Mozilla 

Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]  

                 [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback 

Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\WS2HELP.dll 

[KERNEL32.dll!SetUnhandledExceptionFilter]   [019E73CC] C:\Programme\Mozilla 

Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 

                 [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback 

Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\GDI32.dll 

[KERNEL32.dll!SetUnhandledExceptionFilter]     [019E73CC] C:\Programme\Mozilla 

Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]   

                 [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback 

Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]  

                 [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback 

Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\USER32.dll 

[KERNEL32.dll!SetUnhandledExceptionFilter]    [019E73CC] C:\Programme\Mozilla 

Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\SHELL32.dll 

[KERNEL32.dll!SetUnhandledExceptionFilter]   [019E73CC] C:\Programme\Mozilla 

Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 

                 [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback 

Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\SHLWAPI.dll 

[KERNEL32.dll!SetUnhandledExceptionFilter]   [019E73CC] C:\Programme\Mozilla 

Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 

                 [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback 

Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]   

                 [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback 

Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\ole32.dll 

[KERNEL32.dll!SetUnhandledExceptionFilter]     [019E73CC] C:\Programme\Mozilla 

Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\iphlpapi.dll 

[KERNEL32.dll!SetUnhandledExceptionFilter]  [019E73CC] C:\Programme\Mozilla 

Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\iphlpapi.dll 

[KERNEL32.dll!LoadLibraryA]                 [019E7376] C:\Programme\Mozilla 

Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 

                 [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback 

Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\USERENV.dll 

[KERNEL32.dll!SetUnhandledExceptionFilter]   [019E73CC] C:\Programme\Mozilla 

Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\NETAPI32.dll 

[KERNEL32.dll!SetUnhandledExceptionFilter]  [019E73CC] C:\Programme\Mozilla 

Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\NETAPI32.dll 

[KERNEL32.dll!LoadLibraryA]                 [019E7376] C:\Programme\Mozilla 

Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 

                 [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback 

Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\System32\CRYPT32.dll 

[KERNEL32.dll!SetUnhandledExceptionFilter]   [019E73CC] C:\Programme\Mozilla 

Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\WININET.dll 

[KERNEL32.dll!SetUnhandledExceptionFilter]   [019E73CC] C:\Programme\Mozilla 

Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT             C:\Programme\Mozilla Thunderbird\thunderbird.exe[5060] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 

                 [019E7376] C:\Programme\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback 

Library/Full Circle Software, Inc.)
         
Das war's.

Detlef


Alt 08.10.2009, 16:19   #6
dgdg
Gast
 
Problem mit Trojaner/Keylogger - Standard

Problem mit Trojaner/Keylogger



Gmer - Teil 2:

Code:
ATTFilter
---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                               

                 bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                              

                 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                               

                 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                               

                 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                               

                 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                               

                 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                                               

                 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                                               

                 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume4                                                                               

                 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume4                                                                               

                 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume5                                                                               

                 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume5                                                                               

                 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume6                                                                               

                 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume6                                                                               

                 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume7                                                                               

                 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume7                                                                               

                 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume8                                                                               

                 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume8                                                                               

                 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

Device          \Driver\usbhub \Device\USBPDO-20                                                                                     

                 hcmon.sys (VMware USB monitor/VMware, Inc.)

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume9                                                                               

                 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume9                                                                               

                 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

Device          \Driver\usbhub \Device\USBPDO-14                                                                                     

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\USBPDO-15                                                                                     

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\USBPDO-16                                                                                     

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\USBPDO-17                                                                                     

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\000000e0                                                                                      

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\000000d3                                                                                      

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\USBPDO-18                                                                                     

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\000000d4                                                                                      

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\000000d5                                                                                      

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\000000e3                                                                                      

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                     

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\000000e4                                                                                      

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                     

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\000000d8                                                                                      

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbehci \Device\USBFDO-2                                                                                     

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\000000d9                                                                                      

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                     

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                     

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                     

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                     

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbehci \Device\USBFDO-7                                                                                     

                 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbohci \Device\USBFDO-8                                                                                     

                 hcmon.sys (VMware USB monitor/VMware, Inc.)

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                             

                 bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                             

                 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                                

                 
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION                                 

                 

54701449ED860F14A0793E53A87358A14F16CB6D56395FB50376E0070FCE7C89B90BF1705CA1B1AC10B7AB206A93BE48D594AC857F7FFEBC9E127BECC74CFEBC9E12

7BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933FEBC9E127BECC74C5D575E7D6A3B

9808FA6E3A94FA97781E594676C9FD1C82F34281C4A348AA22FEF4ACB16856773536E00D317467C383A6B7EDB080B2B4B48352010378F2BAA3BDD8C889D6B9077931

CB1FC31C2090155ACE3A1B4E36B0CDA64CD10F0E5340FDC964C9A2382857DA2CACF3A4152C8BAB63C25BC52354CCB83EACA577DE1A4AA45B0601A52ED5E67F5A071D

BB4D6642B60E4CC5F1D4ACCA53D000F37A49CBEA8553430471C1CC3B7C14F3F4A113FDC89BCC3931191CB1EDEF08E8720F1042B5FD35312F965C6B57E0D41F14A51C

F53734B2EA1BE517AC7E53329DA1DBD8A8C66126FB1EDACFE2C82ABC48DACA7F2428CCF956C1B747BACA38C169C03EAE80397772E1B538CDB81C4E9045EAC63B33BC

A6FE85A92391C7A24C4B2954C6001FB07A083819DBEE47E43436FCAD842FA398F6C1149BEE401B5AB288CF27399F2DD119796435A6ADBDB9B7BB6CCB221F4662E568

B52417FECB4B8059E3468F4226C6F67FE236AFE91BB52A4FA3B67334C24611BBAD92C9E0C3D1BF3D7F81F483DBBD2C73420
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                    

                 
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                     

                 Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                   

                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b   

                 0xC8 0x28 0x51 0xAF ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                    

                 
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                     

                 Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                   

                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b   

                 0x71 0x3B 0x04 0x66 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                    

                 
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                     

                 Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                   

                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016   

                 0x7A 0x45 0x05 0xFD ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                    

                 
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                     

                 Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                   

                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48   

                 0x86 0x8C 0x21 0x01 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                    

                 
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                     

                 Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                   

                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472   

                 0xF5 0x1D 0x4D 0x73 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                    

                 
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                     

                 Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                   

                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d   

                 0xB0 0x18 0xED 0xA7 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                    

                 
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                     

                 Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                   

                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b   

                 0xFB 0xA7 0x78 0xE6 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                    

                 
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                     

                 Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                   

                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d   

                 0xAA 0x52 0xC6 0x00 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                    

                 
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                     

                 Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                   

                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3   

                 0x51 0xFA 0x6E 0x91 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                    

                 
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                     

                 Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                   

                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b   

                 0x3D 0xCE 0xEA 0x26 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                    

                 
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                     

                 Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                   

                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6   

                 0x2A 0xB7 0xCC 0xB5 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                    

                 
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                     

                 Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                   

                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2   

                 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----
         
Das war's.

Detlef

Alt 08.10.2009, 17:17   #7
dgdg
Gast
 
Problem mit Trojaner/Keylogger - Standard

Problem mit Trojaner/Keylogger



Ich habe auch nochmal Anti-Malware laufen lassen. Der hat noch ein paar faule Registry-Einträge entdeckt.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2925
Windows 5.1.2600 Service Pack 3

08.10.2009 18:14:45
mbam-log-2009-10-08 (18-14-45).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 229557
Laufzeit: 30 minute(s), 30 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safari.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Antwort

Themen zu Problem mit Trojaner/Keylogger
aktiv, aktuelle, booten, bräuchte, e-banking, einstellungen, firefox, firewall, geht aus, gesperrt, hallo zusammen, löschen, mail, meldung, neu, nicht sicher, nichts, online-banking, problem, rechner, rojaner gefunden, scan, scanner, server, tipps, tr/crypt.xpack.ge, version, windows




Ähnliche Themen: Problem mit Trojaner/Keylogger


  1. Keylogger und Trojaner
    Mülltonne - 24.02.2013 (1)
  2. Keylogger / Trojaner
    Log-Analyse und Auswertung - 07.01.2012 (1)
  3. Trojaner /Keylogger an Board?
    Plagegeister aller Art und deren Bekämpfung - 11.08.2011 (11)
  4. Trojaner: PSW.Keylogger.GE eingefangen am 16.05
    Plagegeister aller Art und deren Bekämpfung - 19.05.2011 (1)
  5. Keylogger Trojan-Spy.Win32.KeyLogger.cqd in Windows32
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (1)
  6. Trojaner / Keylogger ????
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (8)
  7. Trojaner/Keylogger
    Log-Analyse und Auswertung - 01.06.2010 (10)
  8. WoW Keylogger: Keylogger : TR\FakeAV.C[Trojan]
    Log-Analyse und Auswertung - 20.01.2010 (11)
  9. Problem mit keylogger auf meinem notebook
    Plagegeister aller Art und deren Bekämpfung - 14.01.2010 (3)
  10. Trojaner? Keylogger?
    Plagegeister aller Art und deren Bekämpfung - 07.12.2009 (2)
  11. trojaner, bzw keylogger im script...?!?!
    Plagegeister aller Art und deren Bekämpfung - 25.04.2009 (1)
  12. Trojaner / WoW Keylogger
    Log-Analyse und Auswertung - 11.11.2008 (13)
  13. Angst vor Trojaner/Keylogger
    Log-Analyse und Auswertung - 01.11.2008 (16)
  14. Problem: Lan-Verbindung/Hamachi gestört durch Anti-Keylogger 7.4?
    Alles rund um Windows - 11.12.2007 (1)
  15. xp advanced keylogger Commercial KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 03.08.2007 (4)
  16. Trojaner und Keylogger??
    Plagegeister aller Art und deren Bekämpfung - 19.06.2006 (4)
  17. family keylogger Commercial KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 29.03.2006 (17)

Zum Thema Problem mit Trojaner/Keylogger - Hallo zusammen, ich bin neu hier! Ich habe mich angemeldet, weil ich ein Problem mit einem Trojaner/Keylogger habe (hatte?) und mir nicht sicher bin, ob ich das Ding losgeworden bin. - Problem mit Trojaner/Keylogger...
Archiv
Du betrachtest: Problem mit Trojaner/Keylogger auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.