Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Spyeye - keylogger noch da?

Spyeye - keylogger noch da?


Plagegeister aller Art und deren Bekämpfung: Spyeye - keylogger noch da?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.02.2011, 23:03   #1
Meani
 
Spyeye - keylogger noch da? - Standard

Spyeye - keylogger noch da?


GMER ist 2 mal abgestürzt (Bluescreen während Scan)

Hab nach dem nach dem 2. Mal dennoch das Program noch mal geöffnet und den Log kopiert. Kann natürlich sein, dass er nicht vollst. ist, da der Scan ja nicht richtig beendet wurde.

GMER Log
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit quick scan 2011-02-12 22:59:56
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541612J9SA00 rev.SBDOC7DP
Running: b1q62cld.exe; Driver: C:\Users\user\AppData\Local\Temp\pxldapog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Alt 12.02.2011, 23:14   #2
Meani
 
Spyeye - keylogger noch da? - Standard

Spyeye - keylogger noch da?


Osam Log

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:13:04 on 12.02.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\user\AppData\Local\Temp\catchme.sys  (File not found)
"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\Windows\system32\Drivers\DgiVecp.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"pxldapog" (pxldapog) - ? - C:\Users\user\AppData\Local\Temp\pxldapog.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{B1759355-3EEC-4C1E-B0F1-B719FE26E377} "Google Dictionary Compression filter" - "Google Inc." - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\VISSHE.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\MLSHEXT.DLL
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{0CCA191D-13A6-4E29-B746-314DEE697D83} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader5.ocx / hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} "Java Plug-in 1.4.2_19" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_23" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_23.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
{F27237D7-93C8-44C2-AC6E-D6057B9A918F} "JuniperSetupClientControl Class" - "Juniper Networks" - C:\Windows\Downloaded Program Files\JuniperSetupClient.ocx / https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\Windows\Downloaded Program Files\MsnPUpld.dll / hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
"PartyPoker.com" - ? - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{77BF5300-1474-4EC7-9980-D32B190E9B07} "Skype" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} "Veoh Web Player Video Finder" - "Veoh Networks Inc" - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" - "Google Inc." - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} "Skype add-on (mastermind)" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
{02478D38-C3F9-4efb-9B51-7695ECA05670} "{02478D38-C3F9-4efb-9B51-7695ECA05670}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"E_SPSU01.lnk" - "SEIKO EPSON Corporation" - C:\Windows\System32\spool\drivers\w32x86\3\E_SPSU01.EXE  (Shortcut exists | File exists)
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple, Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Juniper Network Connect Service" (dsNcService) - "Juniper Networks" - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
__________________
Alt 12.02.2011, 23:16   #3
Meani
 
Spyeye - keylogger noch da? - Standard

Spyeye - keylogger noch da?


Schließlich MBR-Check

Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	Intel Corporation
BIOS Manufacturer:		Phoenix Technologies LTD
System Manufacturer:		TOSHIBA
System Product Name:		Satellite Pro A100
Logical Drives Mask:		0x0000000c

Kernel Drivers (total 146):
  0x8240E000 \SystemRoot\system32\ntoskrnl.exe
  0x827B9000 \SystemRoot\system32\hal.dll
  0x83003000 \SystemRoot\system32\kdcom.dll
  0x8300A000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8307A000 \SystemRoot\system32\PSHED.dll
  0x8308B000 \SystemRoot\system32\BOOTVID.dll
  0x83093000 \SystemRoot\system32\CLFS.SYS
  0x830D4000 \SystemRoot\system32\CI.dll
  0x831B4000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x83230000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8323D000 \SystemRoot\system32\drivers\acpi.sys
  0x83283000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x8328C000 \SystemRoot\system32\drivers\msisadrv.sys
  0x83294000 \SystemRoot\system32\drivers\pci.sys
  0x832BB000 \SystemRoot\System32\drivers\partmgr.sys
  0x832CA000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x832CD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x832D7000 \SystemRoot\system32\drivers\volmgr.sys
  0x832E6000 \SystemRoot\System32\drivers\volmgrx.sys
  0x83330000 \SystemRoot\system32\drivers\intelide.sys
  0x83337000 \SystemRoot\system32\drivers\PCIIDEX.SYS
  0x83345000 \SystemRoot\system32\DRIVERS\pcmcia.sys
  0x83372000 \SystemRoot\System32\drivers\mountmgr.sys
  0x83382000 \SystemRoot\system32\drivers\atapi.sys
  0x8338A000 \SystemRoot\system32\drivers\ataport.SYS
  0x833A8000 \SystemRoot\system32\drivers\fltmgr.sys
  0x833DA000 \SystemRoot\system32\drivers\fileinfo.sys
  0x88401000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x88472000 \SystemRoot\system32\drivers\ndis.sys
  0x8857D000 \SystemRoot\system32\drivers\msrpc.sys
  0x885A8000 \SystemRoot\system32\drivers\NETIO.SYS
  0x885E3000 \SystemRoot\System32\drivers\tcpip.sys
  0x886CD000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x886E8000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8880E000 \SystemRoot\system32\drivers\volsnap.sys
  0x88847000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
  0x8884C000 \SystemRoot\System32\Drivers\spldr.sys
  0x88854000 \SystemRoot\System32\Drivers\mup.sys
  0x88863000 \SystemRoot\System32\drivers\ecache.sys
  0x8888A000 \SystemRoot\system32\drivers\disk.sys
  0x8889B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x888BC000 \SystemRoot\system32\drivers\crcdisk.sys
  0x888E5000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x888F0000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x888F9000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x88908000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8C403000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8CB49000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8CBE9000 \SystemRoot\System32\drivers\watchdog.sys
  0x8890C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8CC06000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
  0x8CF8F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8CF9A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8CFD8000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8CFE7000 \SystemRoot\system32\DRIVERS\ohci1394.sys
  0x88999000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
  0x889A7000 \SystemRoot\system32\DRIVERS\sdbus.sys
  0x889C1000 \SystemRoot\system32\DRIVERS\e100b325.sys
  0x889E8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8CBF5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x889FB000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x8CFF7000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x88A2A000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x88A35000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8CFF9000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
  0x88A4D000 \SystemRoot\system32\DRIVERS\dsNcAdpt.sys
  0x88A58000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x88A87000 \SystemRoot\system32\DRIVERS\storport.sys
  0x88AC8000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x88AD3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x88AEA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x88AF5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x88B18000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x88B27000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x88B3B000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x88B50000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8CFFC000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x88B60000 \SystemRoot\system32\DRIVERS\ks.sys
  0x88B8A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x88B94000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x88BA1000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x88BD6000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x8D803000 \SystemRoot\system32\drivers\HdAudio.sys
  0x8D842000 \SystemRoot\system32\drivers\portcls.sys
  0x8D86F000 \SystemRoot\system32\drivers\drmk.sys
  0x8D894000 \SystemRoot\system32\DRIVERS\AGRSM.sys
  0x8D98F000 \SystemRoot\system32\drivers\modem.sys
  0x8D99C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x8D9A5000 \SystemRoot\System32\Drivers\Null.SYS
  0x8D9AC000 \SystemRoot\System32\Drivers\Beep.SYS
  0x8D9BC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x8D9C3000 \SystemRoot\System32\drivers\vga.sys
  0x8D9CF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x8D9F0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x8D9F8000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x8DA00000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x8DA0B000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x8DA19000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x8DA22000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x8DA38000 \SystemRoot\system32\DRIVERS\smb.sys
  0x8DA4C000 \SystemRoot\system32\drivers\afd.sys
  0x8DA94000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x8DAC6000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x8DADC000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x8DAEA000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x8DAFD000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0x8DB03000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x8DB3F000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x8DB49000 \SystemRoot\System32\Drivers\dfsc.sys
  0x8DB60000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x8DB86000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x8DB93000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x8DB9E000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x8DBA6000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x8DBAF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x95C60000 \SystemRoot\System32\win32k.sys
  0x8DBBF000 \SystemRoot\System32\drivers\Dxapi.sys
  0x8DBC9000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x8DBD1000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x95E80000 \SystemRoot\System32\TSDDD.dll
  0x95EA0000 \SystemRoot\System32\cdd.dll
  0x8DBE0000 \SystemRoot\system32\drivers\luafv.sys
  0x88BE7000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x9A404000 \SystemRoot\system32\drivers\spsys.sys
  0x9A4B4000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x9A4C4000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x9A4EE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9A4F8000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9A50B000 \SystemRoot\system32\drivers\HTTP.sys
  0x9A578000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x9A595000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x9A5AE000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x9A5C3000 \SystemRoot\system32\drivers\mrxdav.sys
  0x9A5E4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x9A603000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x9A63C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x9A654000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x9A67C000 \SystemRoot\System32\DRIVERS\srv.sys
  0x9A6E2000 \SystemRoot\system32\DRIVERS\asyncmac.sys
  0x9A6FA000 \SystemRoot\system32\drivers\peauth.sys
  0x9A7D8000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x9A7E2000 \??\C:\Windows\system32\Drivers\SSPORT.sys
  0x9A7E9000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x9A6CA000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x888C5000 \??\C:\Users\user\AppData\Local\Temp\pxldapog.sys
  0x77370000 \Windows\System32\ntdll.dll

Processes (total 59):
       0 System Idle Process
       4 System
     400 C:\Windows\System32\smss.exe
     520 csrss.exe
     572 C:\Windows\System32\wininit.exe
     584 csrss.exe
     616 C:\Windows\System32\services.exe
     668 C:\Windows\System32\winlogon.exe
     684 C:\Windows\System32\lsass.exe
     692 C:\Windows\System32\lsm.exe
     832 C:\Windows\System32\svchost.exe
     912 C:\Windows\System32\svchost.exe
    1052 C:\Windows\System32\svchost.exe
    1076 C:\Windows\System32\svchost.exe
    1096 C:\Windows\System32\svchost.exe
    1200 C:\Windows\System32\audiodg.exe
    1236 C:\Windows\System32\SLsvc.exe
    1276 C:\Windows\System32\svchost.exe
    1488 C:\Windows\System32\svchost.exe
    1700 C:\Windows\System32\spoolsv.exe
    1724 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1736 C:\Windows\System32\svchost.exe
    2004 C:\Windows\System32\dwm.exe
    2016 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    2044 C:\Windows\System32\taskeng.exe
     200 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
     312 C:\Program Files\Bonjour\mDNSResponder.exe
     344 C:\Windows\explorer.exe
     492 C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    1396 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1044 C:\Windows\System32\svchost.exe
     632 C:\Windows\System32\svchost.exe
    2052 C:\Windows\System32\svchost.exe
    2076 C:\Windows\System32\SearchIndexer.exe
    2404 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2440 C:\Windows\System32\rundll32.exe
    2452 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2472 C:\Windows\System32\rundll32.exe
    2480 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2572 C:\Program Files\Windows Sidebar\sidebar.exe
    2596 C:\Program Files\Skype\Phone\Skype.exe
    2604 C:\Windows\ehome\ehtray.exe
    2696 C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    2760 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2812 C:\Windows\ehome\ehmsas.exe
    3440 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3976 C:\Windows\System32\svchost.exe
    2388 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3616 C:\Program Files\Windows Defender\MSASCui.exe
    3028 C:\Windows\System32\svchost.exe
    1756 C:\Program Files\Mozilla Firefox\firefox.exe
    3064 C:\Windows\System32\taskeng.exe
    3776 C:\Users\user\Desktop\osam_autorun_manager_5_0_portable\osam.exe
    3936 C:\Windows\System32\taskeng.exe
    2560 C:\Windows\System32\notepad.exe
    2660 C:\Windows\System32\SearchProtocolHost.exe
    3660 C:\Windows\System32\SearchFilterHost.exe
    2276 C:\Users\user\Desktop\MBRCheck.exe
    2176 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000  (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541612J9SA00, Rev: SBDOC7DP

      Size  Device Name          MBR Status
  --------------------------------------------
    111 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
__________________
Antwort

Themen zu Spyeye - keylogger noch da?
anschluss, anti-malware, antworten, appdata, aufsetzen, dateien, doppel, doppelt, explorer, forum, gelöscht, infizierte, keylogger, leute, microsoft, neu, neu aufsetzen, problem, rechner, roaming, security, service, software, start, start menu, trojan.spyeyes, version, worte


« Trojaner Postbank 40 Tans | Malware System Tool »


Ähnliche Themen: Spyeye - keylogger noch da?


  1. Noch 30 infizierte Datein/Programme auf PC inkl: Keylogger und Verschlüsselungstrojaner
    Mülltonne - 11.06.2012 (1)
  2. Spyeye - was nun?
    Plagegeister aller Art und deren Bekämpfung - 18.08.2011 (5)
  3. Tr/Spyeye.ad
    Plagegeister aller Art und deren Bekämpfung - 25.05.2011 (3)
  4. Trojaner spyeye
    Plagegeister aller Art und deren Bekämpfung - 24.05.2011 (1)
  5. wahrscheinlich spyeye!
    Plagegeister aller Art und deren Bekämpfung - 05.02.2011 (19)
  6. portwexexe.exe (spyeye)
    Plagegeister aller Art und deren Bekämpfung - 28.01.2011 (27)
  7. TR/Spyeye.H.2, DR/Ransom.Losya.I.5, TR/Spy.Spyeye.F und JAVA/OpenConnect.CF
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (13)
  8. Keylogger Trojan-Spy.Win32.KeyLogger.cqd in Windows32
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (1)
  9. WoW Keylogger: Keylogger : TR\FakeAV.C[Trojan]
    Log-Analyse und Auswertung - 20.01.2010 (11)
  10. Keylogger noch da?
    Log-Analyse und Auswertung - 22.12.2009 (15)
  11. Keylogger noch da ?
    Mülltonne - 19.11.2009 (1)
  12. kann ein keylogger nach einer Kompletten system formatierung noch da sein
    Plagegeister aller Art und deren Bekämpfung - 05.09.2009 (6)
  13. Immer noch nicht weg,obwohl ich alle Punkte durchg. bin ->Trojan-Keylogger.WIN32.Fung
    Plagegeister aller Art und deren Bekämpfung - 01.11.2008 (2)
  14. Keylogger noch drauf?! Bitte um hilfe
    Log-Analyse und Auswertung - 02.02.2008 (2)
  15. Keylogger noch drauch?! Bitte um hilfe
    Mülltonne - 02.02.2008 (0)
  16. xp advanced keylogger Commercial KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 03.08.2007 (4)
  17. family keylogger Commercial KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 29.03.2006 (17)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Spyeye - keylogger noch da? - GMER ist 2 mal abgestürzt (Bluescreen während Scan) Hab nach dem nach dem 2. Mal dennoch das Program noch mal geöffnet und den Log kopiert. Kann natürlich sein, dass er - Spyeye - keylogger noch da?...
Archiv
Du betrachtest: Spyeye - keylogger noch da? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19