Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Keylogger? log auswertungen

Keylogger? log auswertungen


Log-Analyse und Auswertung: Keylogger? log auswertungen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 29.04.2010, 20:27   #1
dark_04
 
Keylogger? log auswertungen - Standard

Keylogger? log auswertungen


huhu liebes board
ich habe die Beführchtung das ich einen Keylogger auf meinem Rechner habe.
Ich komme zu der Annahme da am Dienstag mein World of Warcraft Account gehackt wurde.
Der Account ist soweit wieder in Ordnung und das Passwort ist geändert, jedoch habe ich nun ständig disconects was vorher nicht der Fall war. Daher besteht die Vermutung das, irgendwie durch einen Keylogger auch das neue Passwort bekannt ist. Ich habe nun das Passwort bei einem Freund am rechner geändert und mich nicht weiter eingeloggt bisher.
Ich benutze kasperski pure, und hab es durchlaufen lassen -> kein fund
zudem habe ich spybot search & destroy einmal durchlaufen lassen jedoch gab es hier auch keine funde.
Auch habe ich meinen browser geupdatet (firefox) und es mit einem anderen browser versucht (opera).
Wie kann ich herausfinden ob ich nen Keylogger auf meinem Computer habe?
bzw wie entfernen ^^

Logs:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Sebastian at 2010-04-29 19:19:27
Microsoft Windows XP Professional Service Pack 3
System drive C: has 395 GB (83%) free of 477 GB
Total RAM: 3327 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:36, on 29.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Programme\Gemeinsame Dateien\InfoWatch\CryptoStorage\ProtectedObjectsSr v.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Opera\opera.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Sebastian\Eigene Dateien\Downloads\RSIT.exe
C:\Programme\Trend Micro\HijackThis\Sebastian.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://devilfruits.phpbb8.de/forum.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky PURE\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/microsof...?1237588046500
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://update.microsoft.com/microsof...?1237588023921
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6BF8F1D-8309-4CEE-BA7B-6E0E9B46C158}: NameServer = 195.50.140.114 195.50.140.252
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGR A~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky PURE\avp.exe
O23 - Service: Verwaltungsservice vom CryproStorage-System (CSObjectsSrv) - Infowatch - C:\Programme\Gemeinsame Dateien\InfoWatch\CryptoStorage\ProtectedObjectsSr v.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

--
End of file - 4244 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Programme\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"AVP"=C:\Programme\Kaspersky Lab\Kaspersky PURE\avp.exe [2009-12-25 340456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PlayNC Launcher"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationA gent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-12 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
C:\Programme\Brother\ControlCenter3\brctrcen.exe [2007-01-26 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe [2008-09-16 30023680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\PROGRA~1\ICQ6.5\ICQ.exe [2009-03-01 172792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Programme\ScanSoft\PaperPort\IndexSearch.exe [2007-01-29 46632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Programme\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Programme\Logitech\Video\ISStart.exe [2005-06-08 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Programme\Logitech\Video\LogiTray.exe [2005-06-08 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Programme\ScanSoft\PaperPort\pptd40nt.exe [2007-01-29 30248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Programme\Skype\Phone\Skype.exe [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Programme\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Exif Launcher S.lnk]
C:\PROGRA~1\FINEPI~1\QUICKD~1.EXE [2007-01-30 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^forteManager.l nk]
C:\PROGRA~1\LGSOFT~1\FORTEM~1\bin\Monitor.exe [2008-03-27 1126400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^Sebastian^Startmenü^Programme^Autost art^OpenOffice.org 3.1.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-08-18 384000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvk bd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-10-21 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-12-25 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=157

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5 \ICQ.exe:*:Enabled:ICQ6"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Skype\Plugin Manager\skypePM.exe"="C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Programme\World of Warcraft\Launcher.exe"="C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Programme\Chilirec\chilirec.exe"="C:\Programme \Chilirec\chilirec.exe:*:Enabledhilirec"
"C:\Programme\VIA\VIAudioi\HDADeck\HDeck.exe"="C:\ Programme\VIA\VIAudioi\HDADeck\HDeck.exe:*:Enabled :HDeck"
"C:\Programme\Opera\opera.exe"="C:\Programme\Opera \opera.exe:*:Enabledpera Internet Browser"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme \Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{441dda2c-1594-11de-90c1-95a963025899}]
shell\AutoRun\command - E:\setupSNK.exe


======List of files/folders created in the last 1 months======

2010-04-29 19:19:27 ----D---- C:\rsit
2010-04-29 14:24:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
2010-04-29 13:39:30 ----D---- C:\WINDOWS\ie8updates
2010-04-29 13:38:42 ----D---- C:\WINDOWS\WBEM
2010-04-29 13:37:35 ----HDC---- C:\WINDOWS\ie8
2010-04-29 12:28:02 ----D---- C:\Programme\Trend Micro
2010-04-29 12:27:53 ----D---- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Malwarebyt es
2010-04-29 12:27:43 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-04-29 12:27:43 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-04-28 20:19:00 ----D---- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Opera
2010-04-28 20:18:41 ----D---- C:\Programme\Opera
2010-04-28 02:06:16 ----D---- C:\Programme\Gemeinsame Dateien\InfoWatch
2010-04-28 02:06:15 ----D---- C:\Programme\Kaspersky Lab
2010-04-28 02:06:15 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2010-04-27 15:32:21 ----D---- C:\Programme\AVG
2010-04-27 15:32:04 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
2010-04-27 15:02:29 ----D---- C:\WINDOWS\system32\appmgmt
2010-04-19 17:17:07 ----D---- C:\Programme\Absolute Sound Recorder
2010-04-19 17:17:07 ----A---- C:\WINDOWS\system32\Msvcr70.dll
2010-04-19 17:11:03 ----D---- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Chilirec
2010-04-19 17:10:48 ----D---- C:\Programme\Chilirec
2010-04-19 17:01:52 ----D---- C:\Programme\Admiresoft
2010-04-15 18:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-15 18:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-15 18:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-04-15 18:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-15 18:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 18:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 18:00:28 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-11 16:47:27 ----D---- C:\Programme\Adobe
2010-03-31 18:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$

======List of files/folders modified in the last 1 months======

2010-04-29 18:28:56 ----D---- C:\WINDOWS\Temp
2010-04-29 15:16:04 ----D---- C:\WINDOWS\system32
2010-04-29 14:24:06 ----D---- C:\Programme\Google
2010-04-29 14:24:05 ----SHD---- C:\WINDOWS\Installer
2010-04-29 14:24:05 ----SD---- C:\WINDOWS\Tasks
2010-04-29 14:11:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-29 14:08:16 ----D---- C:\WINDOWS\Prefetch
2010-04-29 14:02:06 ----D---- C:\WINDOWS
2010-04-29 14:01:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-29 14:01:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-29 14:01:44 ----HD---- C:\WINDOWS\inf
2010-04-29 14:01:44 ----D---- C:\WINDOWS\system32\de-de
2010-04-29 14:01:44 ----D---- C:\WINDOWS\Help
2010-04-29 14:01:44 ----D---- C:\Programme\Internet Explorer
2010-04-29 14:01:43 ----D---- C:\Programme\Spybot - Search & Destroy
2010-04-29 13:43:17 ----SH---- C:\boot.ini
2010-04-29 13:43:17 ----A---- C:\WINDOWS\win.ini
2010-04-29 13:43:17 ----A---- C:\WINDOWS\system.ini
2010-04-29 13:43:15 ----D---- C:\WINDOWS\pss
2010-04-29 13:39:49 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-29 13:39:47 ----A---- C:\WINDOWS\imsins.BAK
2010-04-29 13:39:06 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-29 13:38:46 ----D---- C:\WINDOWS\system32\config
2010-04-29 13:38:45 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-04-29 13:38:35 ----D---- C:\WINDOWS\Media
2010-04-29 12:28:02 ----RD---- C:\Programme
2010-04-29 12:27:45 ----D---- C:\WINDOWS\system32\drivers
2010-04-29 01:17:27 ----D---- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Skype
2010-04-28 21:30:00 ----D---- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\skypePM
2010-04-28 02:59:06 ----D---- C:\Programme\Zoom Player
2010-04-28 02:12:01 ----SD---- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Microsoft
2010-04-28 02:07:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-28 02:06:16 ----D---- C:\Programme\Gemeinsame Dateien
2010-04-28 02:04:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
2010-04-27 15:21:33 ----D---- C:\WINDOWS\WinSxS
2010-04-27 14:34:59 ----D---- C:\Programme\Mozilla Firefox
2010-04-26 18:24:32 ----D---- C:\Programme\TeamSpeak 3 Client
2010-04-26 17:09:01 ----D---- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\teamspeak2
2010-04-15 14:03:50 ----HD---- C:\ASUS.000
2010-04-12 14:45:26 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2010-04-11 16:47:34 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2010-04-11 01:16:22 ----D---- C:\Programme\World of Warcraft
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver; C:\WINDOWS\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 39352]
R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-04-28 315408]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-10-21 3331584]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-10-21 89600]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1389056]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-01-31 211712]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-07-01 108800]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2008-09-08 874240]
R3 XDva347;XDva347; \??\C:\WINDOWS\system32\XDva347.sys []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys []
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys []
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys []
S3 BTHMODEM;Serieller Kommunikationstreiber für Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 273024]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 LGDDCDevice;LGDDCDevice; \??\C:\Programme\LG Soft India\forteManager\bin\I2CDriver.sys []
S3 LGII2CDevice;LGII2CDevice; \??\C:\Programme\LG Soft India\forteManager\bin\PII2CDriver.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys []
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva326;XDva326; \??\C:\WINDOWS\system32\XDva326.sys []
S3 XDva328;XDva328; \??\C:\WINDOWS\system32\XDva328.sys []
S3 XDva332;XDva332; \??\C:\WINDOWS\system32\XDva332.sys []
S3 XDva337;XDva337; \??\C:\WINDOWS\system32\XDva337.sys []
S3 XDva341;XDva341; \??\C:\WINDOWS\system32\XDva341.sys []
S3 XDva343;XDva343; \??\C:\WINDOWS\system32\XDva343.sys []
S3 XDva346;XDva346; \??\C:\WINDOWS\system32\XDva346.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-10-21 581632]
R2 AVP;Kaspersky PURE; C:\Programme\Kaspersky Lab\Kaspersky PURE\avp.exe [2009-12-25 340456]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System; C:\Programme\Gemeinsame Dateien\InfoWatch\CryptoStorage\ProtectedObjectsSr v.exe [2009-12-21 743992]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-07-25 153376]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-09-03 3347280]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-10-03 593920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


ROOTRPEAL LOG:


ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/04/29 21:10
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xACA73000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA61C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9221000 Size: 49152 File Visible: No Signed: -
Status: -

Name: XDva347.sys
Image Path: C:\WINDOWS\system32\XDva347.sys
Address: 0xA94D3000 Size: 65536 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\dokumente und einstellungen\all users\anwendungsdaten\kaspersky lab\avp9\report\01\00000002_events.dat
Status: Size mismatch (API: 103752, Raw: 103682)

Path: C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\cache\g_002A\opr0048F.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\cache\g_002A\opr0048G.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\cache\g_002A\opr0048H.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\cache\g_002A\opr0048I.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\cache\g_002A\opr0048J.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\cache\g_002A\opr0048L.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\cache\g_002A\opr0048M.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\cache\sesn\opr0048B.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\cache\sesn\opr0048C.tmp
Status: Visible to the Windows API, but not on disk.

Path: C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\Opera\Opera\cache\sesn\opr0048K.tmp
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad345598

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad345e18

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad34692e

#: 035 Function Name: NtCreateEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad346ea0

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad3460fa

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad344442

#: 043 Function Name: NtCreateMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad346d78

#: 044 Function Name: NtCreateNamedPipeFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad34519e

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad346c34

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad34535a

#: 051 Function Name: NtCreateSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad346fd2

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad348c14

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad345ab6

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad346cd6

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad348606

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad344a06

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad344d94

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad3495d6

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad344ed6

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad344f80

#: 084 Function Name: NtFsControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad34638e

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad348698

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad34441e

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad344430

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad348cc8

#: 111 Function Name: NtNotifyChangeKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad3450cc

#: 114 Function Name: NtOpenEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad346f42

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad345e9a

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad3445e8

#: 120 Function Name: NtOpenMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad346e10

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad348c3e

#: 126 Function Name: NtOpenSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad347074

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad3456c2

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad34502a

#: 161 Function Name: NtQueryMultipleValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad344c52

#: 167 Function Name: NtQuerySection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad348fe0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad3448a2

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad34892e

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad344b1a

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad3442bc

#: 194 Function Name: NtReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad3473fe

#: 195 Function Name: NtReplyWaitReceivePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad3472c4

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad3483a6

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad34be38

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad3494b8

#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad344254

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad346668

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad345cd4

#: 230 Function Name: NtSetInformationToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad347c56

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad348792

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad349120

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad34472a

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad349204

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad34932c

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad348532

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad345916

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad34586c

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad348e96

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad3459f6

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad356cb2

#: 227 Function Name: NtGdiMaskBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad356d7c

#: 237 Function Name: NtGdiPlgBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad356de6

#: 292 Function Name: NtGdiStretchBlt
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad356d16

#: 307 Function Name: NtUserAttachThreadInput
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad3568c6

#: 323 Function Name: NtUserCallOneParam
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad356c7e

#: 378 Function Name: NtUserFindWindowEx
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad356ab4

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad35682e

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad356bb6

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad35687a

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad356a06

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad35695c

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad3569b0

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad356b46

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad356a66

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad35677e

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xad3567d4

==EOF==

wurde hierher verwiesen, jemand meinte vllt rootkit infektion?
malewarebytes anit maleware hat nichts gefunden (soll ich den log posten?)

Alt 29.04.2010, 20:37   #2
dark_04
 
Keylogger? log auswertungen - Standard

Keylogger? log auswertungen


Malwarebytes log:
Datei mbam-log-2010-04-29__13-01-03_.tx empfangen 2010.04.29 11:28:38 (UTC)
Status: Beendet
Ergebnis: 0/40 (0%)


Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.04.29 -
AntiVir 8.2.1.224 2010.04.29 -
Antiy-AVL 2.0.3.7 2010.04.29 -
Authentium 5.2.0.5 2010.04.29 -
Avast 4.8.1351.0 2010.04.29 -
Avast5 5.0.332.0 2010.04.29 -
AVG 9.0.0.787 2010.04.29 -
BitDefender 7.2 2010.04.29 -
CAT-QuickHeal 10.00 2010.04.29 -
ClamAV 0.96.0.3-git 2010.04.29 -
Comodo 4710 2010.04.29 -
DrWeb 5.0.2.03300 2010.04.29 -
eSafe 7.0.17.0 2010.04.28 -
eTrust-Vet 35.2.7457 2010.04.29 -
F-Prot 4.5.1.85 2010.04.28 -
F-Secure 9.0.15370.0 2010.04.29 -
Fortinet 4.0.14.0 2010.04.27 -
GData 21 2010.04.29 -
Ikarus T3.1.1.80.0 2010.04.29 -
Jiangmin 13.0.900 2010.04.29 -
Kaspersky 7.0.0.125 2010.04.29 -
McAfee 5.400.0.1158 2010.04.29 -
McAfee-GW-Edition 6.8.5 2010.04.29 -
Microsoft 1.5703 2010.04.29 -
NOD32 5071 2010.04.29 -
Norman 6.04.12 2010.04.29 -
nProtect 2010-04-29.01 2010.04.29 -
Panda 10.0.2.7 2010.04.28 -
PCTools 7.0.3.5 2010.04.29 -
Prevx 3.0 2010.04.29 -
Rising 22.45.03.03 2010.04.29 -
Sophos 4.53.0 2010.04.29 -
Sunbelt 6235 2010.04.28 -
Symantec 20091.2.0.41 2010.04.29 -
TheHacker 6.5.2.0.272 2010.04.28 -
TrendMicro 9.120.0.1004 2010.04.29 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.29 -
VBA32 3.12.12.4 2010.04.28 -
ViRobot 2010.4.27.2295 2010.04.28 -
VirusBuster 5.0.27.0 2010.04.28 -
weitere Informationen
File size: 1058 bytes
MD5...: f83d4199ed0249a68db9dc6bc8b2fa82
SHA1..: dc14fd9c2442b974c8cf7f72bae9d679ec54c965
SHA256: ec43968e7dc3ce31b2f8b5b9915fff4f249f584269811b15c0792c024b8e72c2
ssdeep: 12:nfsg+H9k4sWUyARZBr9qYi20AtC/2Jp+n8Xh7FC1PXb/uzfXb/uo+AXb/utaX
b/W:0HSRrcYR0Ac11PKzKEKtaKQK4KgdKB
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
__________________
Alt 30.04.2010, 11:29   #3
dark_04
 
Keylogger? log auswertungen - Standard

Keylogger? log auswertungen


bitte um antwort :<
__________________
Antwort

Themen zu Keylogger? log auswertungen
adobe, browser, computer, einstellungen, entfernen, explorer, firefox, fontcache, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet browser, internet explorer, jusched.exe, kaspersky, monitor.exe, mozilla, nt.exe, realtek, registry, rootkit, security, skype.exe, software, symantec, system, teamspeak, usb, wie entfernen, windows, windows xp, xdva337


« HiJackThis Logfile Analysieren | ICQ link bekommen nun sagt anti vir virus und rechner spinnt »


Ähnliche Themen: Keylogger? log auswertungen


  1. Keylogger?
    Plagegeister aller Art und deren Bekämpfung - 04.12.2014 (8)
  2. Keylogger?
    Log-Analyse und Auswertung - 06.10.2014 (15)
  3. "Selbstinstallation" von Winrar und Keylogger "The best Keylogger" möglich?
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (19)
  4. Trojaner Win32/ransom.ej + Auswertungen
    Log-Analyse und Auswertung - 05.02.2012 (1)
  5. Logfile Auswertungen nach Virusmeldung(en)
    Log-Analyse und Auswertung - 13.12.2010 (4)
  6. Hijackthis zeigt verschiedene Auswertungen
    Plagegeister aller Art und deren Bekämpfung - 11.10.2010 (1)
  7. Keylogger Trojan-Spy.Win32.KeyLogger.cqd in Windows32
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (1)
  8. Keylogger!
    Log-Analyse und Auswertung - 08.06.2010 (1)
  9. Keylogger?
    Plagegeister aller Art und deren Bekämpfung - 19.04.2010 (1)
  10. WoW Keylogger: Keylogger : TR\FakeAV.C[Trojan]
    Log-Analyse und Auswertung - 20.01.2010 (11)
  11. Keylogger
    Plagegeister aller Art und deren Bekämpfung - 26.11.2008 (0)
  12. Keylogger?
    Plagegeister aller Art und deren Bekämpfung - 25.11.2008 (0)
  13. Bitte um Auswertungen nach fetter Infektion
    Log-Analyse und Auswertung - 11.07.2008 (6)
  14. xp advanced keylogger Commercial KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 03.08.2007 (4)
  15. My Keylogger
    Plagegeister aller Art und deren Bekämpfung - 20.09.2006 (1)
  16. family keylogger Commercial KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 29.03.2006 (17)
  17. Hijacks von Google auswertungen
    Log-Analyse und Auswertung - 23.01.2006 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Keylogger? log auswertungen - huhu liebes board ich habe die Beführchtung das ich einen Keylogger auf meinem Rechner habe. Ich komme zu der Annahme da am Dienstag mein World of Warcraft Account gehackt wurde. - Keylogger? log auswertungen...
Archiv
Du betrachtest: Keylogger? log auswertungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131