Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Family Keylogger

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 18.09.2005, 18:10   #1
SilverFenix
 
Family Keylogger - Standard

Family Keylogger



Also, der tuneup process manager sagt das ich einen family keylogger auf meinen pc habe..und zwar:

startup Name; FamilyKeyLogger

Process Name; cisvc.exe


Details;

"Family Keylogger - is your best choice, if you want to know what other users on your machine are typing". Note! - this is not the cisvc.exe service..


To remove use Wintask Pro 5

Wenn ich aber wintask pro 5 installieren möchte krieg ich diesen fehler:

Initializing download directory...
Cleaning out old files...
Preparing file...
Opening internet device...
Connecting to server...
Sending request...
Problem encountered with internet connection. (ARM1055,403) <---

Logfile of HijackThis v1.99.1
Scan saved at 17:54:02, on 18.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Programme\AVPersonal\AVGUARD.EXE
E:\Programme\FRITZ!DSL\IGDCTRL.EXE
E:\Programme\AVPersonal\AVWUPSRV.EXE
E:\WINDOWS\System32\cisvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\System32\svchost.exe
E:\Programme\Microsoft AntiSpyware\gcasServ.exe
E:\Programme\AVPersonal\AVGNT.EXE
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Programme\TuneUp Utilities 2006\MemOptimizer.exe
E:\Programme\FRITZ!DSL\StCenter.exe
E:\Programme\FRITZ!DSL\FwebProt.exe
E:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\cidaemon.exe
E:\Programme\MSN Messenger\msnmsgr.exe
E:\Programme\Mozilla Firefox\firefox.exe
E:\Programme\Winamp\winamp.exe
E:\Dokumente und Einstellungen\Timon\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ***://www.msn.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ***://www.msn.de/
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - E:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - E:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: GMX Toolbar - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - E:\Programme\GMX\GMX Toolbar\toolbar.dll
O4 - HKLM\..\Run: [gcasServ] "E:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVGCtrl] E:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "E:\Programme\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - Startup: Adobe Gamma.lnk = E:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: FRITZ!DSL Protect.lnk = E:\Programme\FRITZ!DSL\FwebProt.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = E:\Programme\FRITZ!DSL\StCenter.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: e:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: e:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: e:\programme\fritz!dsl\sarah.dll
O10 - Unknown file in Winsock LSP: e:\programme\fritz!dsl\sarah.dll
O16 - DPF: ppctlcab - ***://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - ***://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {14F65762-96FB-44B9-8DAC-93845F377A0E} (FileSharingCtrl Class) - ***://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/de/filesharingctrl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - ***://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - ***://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - ***://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - ***://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {6211AC26-A1B4-422A-AC52-1E70B7D24465} (FileSharingCtrl Class) - ***://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/nl/filesharingctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - ***://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1100713015216
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - ***://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - ***://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - ***://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D8135DD1-9FC4-4422-BA02-ADB87CD4D75D} (Detector Class) - ***://portal.ib-groep.nl/wass/elkservlets/public/code/SysInfo.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - ***://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - ***://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - E:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - E:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AVM IGD CTRL Service - AVM Berlin - E:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - E:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

[edit]
links entfernt
[/edit]

Geändert von GUA (18.09.2005 um 20:47 Uhr)

Alt 18.09.2005, 20:18   #2
felix1
/// Helfer-Team
 
Family Keylogger - Standard

Family Keylogger



Alles bischen unklar, deshalb mache genau nach Anleitung und poste das mit der Datei find.bat erzeugte Logfile:
http://www.trojaner-board.de/showthread.php?t=17492
__________________


Alt 20.09.2005, 10:11   #3
SilverFenix
 
Family Keylogger - Standard

Family Keylogger



hm, da steht das man das entpacken muss in c:\bases_x, muss das wirklich in c oder auf der platform wo man windows installiert hat? weil bei mir erstellt er keine mwav.log
__________________

Alt 20.09.2005, 18:09   #4
SilverFenix
 
Family Keylogger - Standard

Family Keylogger



Ach schon gut jetzt schnall ich das :P werde morgen früh oder so mal scannen un dann log posten.

Alt 21.09.2005, 15:21   #5
SilverFenix
 
Family Keylogger - Standard

Family Keylogger



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "infected"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sun Sep 18 23:41:47 2005 => System found infected with zipitpro Spyware/Adware (E:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
Sun Sep 18 23:41:48 2005 => System found infected with eUniverse/Keenvalue variant Spyware/Adware (BHO.dll)! Action taken: No Action Taken.
Sun Sep 18 23:45:42 2005 => Total Disinfected Files: 0
Mon Sep 19 18:15:53 2005 => System found infected with zipitpro Spyware/Adware (E:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
Mon Sep 19 18:15:54 2005 => System found infected with eUniverse/Keenvalue variant Spyware/Adware (BHO.dll)! Action taken: No Action Taken.
Mon Sep 19 18:31:25 2005 => Scanning Folder: E:\Programme\AVPersonal\INFECTED\*.*
Mon Sep 19 19:34:29 2005 => Total Disinfected Files: 0
Wed Sep 21 10:57:04 2005 => System found infected with zipitpro Spyware/Adware (E:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.
Wed Sep 21 10:57:05 2005 => System found infected with eUniverse/Keenvalue variant Spyware/Adware (BHO.dll)! Action taken: No Action Taken.
Wed Sep 21 11:12:39 2005 => Scanning Folder: E:\Programme\AVPersonal\INFECTED\*.*
Wed Sep 21 12:45:25 2005 => Total Disinfected Files: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Funde für "tagged"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sun Sep 18 23:42:19 2005 => File E:\WINDOWS\pludll.exe tagged as "not-a-virus:AdWare.Webdir.a". Action Taken: No Action Taken.
Mon Sep 19 18:25:10 2005 => File E:\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Mon Sep 19 19:06:01 2005 => File E:\System Volume Information\_restore{24AF7D88-63C5-4643-B7C4-86741D1D54A9}\RP184\A0065366.dll tagged as "not-a-virus:AdWare.Webdir.a". Action Taken: No Action Taken.
Mon Sep 19 19:19:27 2005 => File E:\System Volume Information\_restore{24AF7D88-63C5-4643-B7C4-86741D1D54A9}\RP213\A0068735.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Wed Sep 21 11:06:26 2005 => File E:\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Wed Sep 21 11:46:02 2005 => File E:\System Volume Information\_restore{24AF7D88-63C5-4643-B7C4-86741D1D54A9}\RP184\A0065366.dll tagged as "not-a-virus:AdWare.Webdir.a". Action Taken: No Action Taken.
Wed Sep 21 11:58:47 2005 => File E:\System Volume Information\_restore{24AF7D88-63C5-4643-B7C4-86741D1D54A9}\RP213\A0068735.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
Wed Sep 21 12:31:31 2005 => File E:\WINDOWS\pludll.exe tagged as "not-a-virus:AdWare.Webdir.a". Action Taken: No Action Taken.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
Sun Sep 18 23:41:30 2005 => Offending Folder found: E:\PROGRA~1\limewire
Sun Sep 18 23:41:30 2005 => Offending Folder found: E:\DOKUME~1\*****\STARTM~1\PROGRA~1\limewire
Sun Sep 18 23:41:30 2005 => Offending Folder found: E:\DOKUME~1\*****\FAVORI~1\going places
Sun Sep 18 23:41:47 2005 => Offending file found: E:\WINDOWS\iun6002.exe
Sun Sep 18 23:45:42 2005 => Total Virus(es) Found: 6
Mon Sep 19 18:15:35 2005 => Offending Folder found: E:\PROGRA~1\limewire
Mon Sep 19 18:15:35 2005 => Offending Folder found: E:\DOKUME~1\*****\STARTM~1\PROGRA~1\limewire
Mon Sep 19 18:15:36 2005 => Offending Folder found: E:\DOKUME~1\*****\FAVORI~1\going places
Mon Sep 19 18:15:53 2005 => Offending file found: E:\WINDOWS\iun6002.exe
Mon Sep 19 19:34:29 2005 => Total Virus(es) Found: 8
Wed Sep 21 10:56:45 2005 => Offending Folder found: E:\PROGRA~1\limewire
Wed Sep 21 10:56:45 2005 => Offending Folder found: E:\DOKUME~1\*****\STARTM~1\PROGRA~1\limewire
Wed Sep 21 10:56:46 2005 => Offending Folder found: E:\DOKUME~1\*****\FAVORI~1\going places
Wed Sep 21 10:57:04 2005 => Offending file found: E:\WINDOWS\iun6002.exe
Wed Sep 21 12:45:24 2005 => Total Virus(es) Found: 9
Sun Sep 18 23:45:42 2005 => Total Errors: 31
Mon Sep 19 19:34:29 2005 => Total Errors: 140
Wed Sep 21 12:45:25 2005 => Total Errors: 140
Sun Sep 18 23:45:42 2005 => Time Elapsed: 00:05:40
Mon Sep 19 19:34:29 2005 => Time Elapsed: 01:19:44
Wed Sep 21 12:45:25 2005 => Time Elapsed: 01:49:31
Sun Sep 18 23:45:42 2005 => Total Objects Scanned: 25666
Mon Sep 19 19:34:29 2005 => Total Objects Scanned: 64840
Wed Sep 21 12:45:24 2005 => Total Objects Scanned: 81225
Sun Sep 18 23:39:24 2005 => Virus Database Date: 2005/09/18
Sun Sep 18 23:45:42 2005 => Virus Database Date: 2005/09/18
Sun Sep 18 23:47:32 2005 => Virus Database Date: 2005/09/18
Mon Sep 19 18:13:48 2005 => Virus Database Date: 2005/09/18
Mon Sep 19 19:34:29 2005 => Virus Database Date: 2005/09/18
Mon Sep 19 19:34:49 2005 => Virus Database Date: 2005/09/18
Wed Sep 21 10:55:34 2005 => Virus Database Date: 2005/09/18
Wed Sep 21 12:45:25 2005 => Virus Database Date: 2005/09/18
Wed Sep 21 15:03:10 2005 => Virus Database Date: 2005/09/18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~
~~~~~~~ © Haui ;-) ~~~~~~~
~~~~~~~ Dank an Cidre ~~~~~~~

HILFE


Antwort

Themen zu Family Keylogger
adobe, antispyware, antivir, bho, desktop, download, dsl, einstellungen, excel, explorer, fehler, firefox, hijack, hijackthis, internet, internet explorer, microsoft, mozilla, mozilla firefox, nvidia, programme, rundll, software, system, tuneup utilities, unknown file in winsock lsp, windows, windows xp



Ähnliche Themen: Family Keylogger


  1. Keylogger?
    Log-Analyse und Auswertung - 06.10.2014 (15)
  2. "Selbstinstallation" von Winrar und Keylogger "The best Keylogger" möglich?
    Plagegeister aller Art und deren Bekämpfung - 26.06.2014 (19)
  3. Keylogger?
    Log-Analyse und Auswertung - 24.02.2014 (7)
  4. Keylogger...
    Log-Analyse und Auswertung - 06.01.2011 (2)
  5. Keylogger Trojan-Spy.Win32.KeyLogger.cqd in Windows32
    Plagegeister aller Art und deren Bekämpfung - 05.08.2010 (1)
  6. WoW Keylogger: Keylogger : TR\FakeAV.C[Trojan]
    Log-Analyse und Auswertung - 20.01.2010 (11)
  7. Keylogger !?
    Log-Analyse und Auswertung - 07.09.2009 (1)
  8. ist das ein keylogger?
    Plagegeister aller Art und deren Bekämpfung - 31.08.2009 (4)
  9. Lavasoft Adaware erkennt Malware Family // Probleme mit WIN32.TrojanDelf
    Log-Analyse und Auswertung - 09.04.2009 (19)
  10. xp advanced keylogger Commercial KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 03.08.2007 (4)
  11. KeyLogger...
    Log-Analyse und Auswertung - 20.04.2007 (20)
  12. Keylogger ? !
    Mülltonne - 14.04.2007 (9)
  13. My Keylogger
    Plagegeister aller Art und deren Bekämpfung - 20.09.2006 (1)
  14. Family Keylogger= "false positive" ?
    Plagegeister aller Art und deren Bekämpfung - 29.03.2006 (3)
  15. family keylogger Commercial KeyLogger
    Plagegeister aller Art und deren Bekämpfung - 29.03.2006 (17)
  16. "family Keylogger" auch nach Neuinstallation
    Plagegeister aller Art und deren Bekämpfung - 23.03.2006 (7)
  17. Evc.family - kennt den jemand?
    Plagegeister aller Art und deren Bekämpfung - 16.05.2003 (10)

Zum Thema Family Keylogger - Also, der tuneup process manager sagt das ich einen family keylogger auf meinen pc habe..und zwar: startup Name; FamilyKeyLogger Process Name; cisvc.exe Details; "Family Keylogger - is your best choice, - Family Keylogger...
Archiv
Du betrachtest: Family Keylogger auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.