| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verdacht eines KeyloggersWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
25.02.2010, 18:43
| #1 |
 |  Verdacht eines Keyloggers Hi Habe einen Verdacht: Es kann sein, dass auf meinem PC ein Keylogger ist. Bin mir jedoch nicht sicher. Möchte Klarheit haben. Mit welchem Programm kann an ihn aufspüren bzw löschen? Mein Antivirenprogramm G Data findet nichts. |
|
25.02.2010, 21:03
| #2 |
| | Verdacht eines Keyloggers Ich habe mal den KL Detector drüberlaufen lassen: KL-Detector: detect keylogger on your computer! (it is a keylogger detector - NOT a keylogger remover)
__________________Log: Code:
ATTFilter No suspicious files were found in your hard disk :)
You MAY want to take a look at:
C:\Users\Alex\
C:\Windows\Temp\
C:\Windows\
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\
Code:
ATTFilter Below are some file operations that were done during the monitoring process.
Review them carefully and check for suspicious files.
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Logs\Scheduler.log
was modified.
C:\Users\Alex\ntuser.dat.LOG1
was modified.
C:\Users\Alex\NTUSER.DAT
was modified.
C:\Users\Alex\NTUSER.DAT
was modified.
C:\Windows\Temp\TMP00000042B25A8B2102BE3CBD
was created.
C:\Windows\Temp\TMP00000042B25A8B2102BE3CBD
was modified.
C:\Windows\Temp\TMP00000042B25A8B2102BE3CBD
was removed.
C:\Users\Alex\ntuser.dat.LOG1
was modified.
C:\Windows\Temp
was modified.
C:\Users\Alex\NTUSER.DAT
was modified.
C:\Users\Alex\NTUSER.DAT
was modified.
C:\Windows\Prefetch\WORDPAD.EXE-D7FD7414.pf
was created.
C:\Windows\Prefetch
was modified.
C:\Windows\Prefetch\WORDPAD.EXE-D7FD7414.pf
was modified.
C:\Users\Alex\ntuser.dat.LOG1
was modified.
C:\Users\Alex\NTUSER.DAT
was modified.
C:\Users\Alex\NTUSER.DAT
was modified.
C:\Users\Alex\ntuser.dat.LOG1
was modified.
C:\Users\Alex\NTUSER.DAT
was modified.
C:\Users\Alex\NTUSER.DAT
was modified.
C:\Windows\Temp\TMP000000436DD8529EF694CE29
was created.
C:\Windows\Temp\TMP000000436DD8529EF694CE29
was modified.
C:\Windows\Temp\TMP000000436DD8529EF694CE29
was removed.
C:\Users\Alex\ntuser.dat.LOG1
was modified.
C:\Windows\Temp
was modified.
C:\Windows\Prefetch\MSPAINT.EXE-76E10B24.pf
was created.
C:\Windows\Prefetch\MSPAINT.EXE-76E10B24.pf
was modified.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\parent.lock
was created.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.
C:\Users\Alex\AppData\Local\Mozilla\Firefox\Mozilla Firefox\update.test
was created.
C:\Users\Alex\AppData\Local\Mozilla\Firefox\Mozilla Firefox
was modified.
C:\Users\Alex\AppData\Local\Mozilla\Firefox\Mozilla Firefox
was modified.
C:\Program Files (x86)\Mozilla Firefox
was modified.
C:\Users\Alex\AppData\Local\Mozilla\Firefox\Profiles\doj45035.default\XUL.mfl
was modified.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\cookies.sqlite-journal
was created.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.
C:\Windows\Temp\AvkHttp62394689.tmp
was created.
C:\Windows\Temp
was modified.
C:\ProgramData\G DATA\ISDB
was modified.
C:\ProgramData\G DATA\ISDB\avS.isdb.tmp
was modified.
C:\ProgramData\G DATA\ISDB
was modified.
C:\ProgramData\G DATA\ISDB
was modified.
C:\ProgramData\G DATA\ISDB\avSU.isdb.tmp
was modified.
C:\ProgramData\G DATA\ISDB
was modified.
C:\ProgramData\G DATA\ISDB
was modified.
C:\Windows\Temp\AvkHttp62394689.tmp
was removed.
C:\Users\Alex\ntuser.dat.LOG1
was modified.
C:\Users\Alex\NTUSER.DAT
was modified.
C:\Users\Alex\NTUSER.DAT
was modified.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\urlclassifierkey3.txt
was modified.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\urlclassifierkey3.txt
was modified.
C:\Users\Alex\AppData\Local\Mozilla\Firefox\Profiles\doj45035.default\urlclassifier3.sqlite-journal
was removed.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\sessionstore.js
was created.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\sessionstore.js
was modified.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp\AvkHttp62396049.tmp
was renamed to
C:\Windows\Temp\AvkHttp62396049.gz
C:\Windows\Temp\AvkHttp62396049.gz
was removed.
C:\Windows\Temp\AvkHttp62396049.tmp
was removed.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp\AvkHttp62396049.tmp
was renamed to
C:\Windows\Temp\AvkHttp62396049.gz
C:\Windows\Temp\AvkHttp62396049.tmp
was removed.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp\AvkHttp62396049.tmp
was modified.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp\AvkHttp62396049.tmp
was modified.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp
was modified.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp\AvkHttp62396049.tmp
was modified.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp\AvkHttp62396049.tmp
was modified.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp\AvkHttp62396049.tmp
was modified.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62396049.tmp
was removed.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp\AvkHttp62396049.tmp
was modified.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp
was modified.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp\AvkHttp62396049.tmp
was modified.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62396049.tmp
was created.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62394689.tmp
was created.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62394689.tmp
was modified.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62394689.gz
was removed.
C:\Windows\Temp\AvkHttp62394689.tmp
was removed.
C:\Users\Alex\AppData\Local\Mozilla\Firefox\Profiles\doj45035.default
was modified.
C:\Users\Alex\AppData\Local\Mozilla\Firefox\Profiles\doj45035.default\Cache\45B62A9Dd01
was modified.
C:\Windows\Temp\AvkHttp62394689.tmp
was created.
C:\Windows\Temp
was modified.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62386529.tmp
was created.
C:\Windows\Temp
was modified.
C:\Windows\Prefetch\FIREFOX.EXE-18ACFCFF.pf
was modified.
C:\Windows\Prefetch\FIREFOX.EXE-18ACFCFF.pf
was modified.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\downloads.sqlite-journal
was created.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\sessionstore-1.js
was created.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.
C:\Windows\Temp\AvkHttp62394689.tmp
was created.
C:\Windows\Temp\AvkHttp62394689.tmp
was renamed to
C:\Windows\Temp\AvkHttp62394689.gz
C:\Windows\Temp\AvkHttp62394689.tmp
was removed.
C:\Windows\Temp\AvkHttp62392649.tmp
was created.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62385849.tmp
was created.
C:\Windows\Temp\AvkHttp62385849.tmp
was modified.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62394689.tmp
was created.
C:\Windows\Temp\AvkHttp62394689.tmp
was renamed to
C:\Windows\Temp\AvkHttp62394689.gz
C:\Windows\Temp\AvkHttp62394689.gz
was removed.
C:\Windows\Temp\AvkHttp62394689.tmp
was removed.
C:\Windows\Temp\AvkHttp62394689.tmp
was created.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62392649.tmp
was created.
C:\Windows\Temp\AvkHttp62392649.tmp
was modified.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62385849.tmp
was created.
C:\Windows\Temp\AvkHttp62385849.tmp
was modified.
C:\Windows\Temp
was modified.
C:\Windows\Temp\AvkHttp62392649.tmp
was created.
C:\Windows\Temp\AvkHttp62394689.tmp
was renamed to
C:\Windows\Temp\AvkHttp62394689.gz
C:\Windows\Temp\AvkHttp62394689.tmp
was removed.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\places.sqlite-journal
was modified.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\places.sqlite-journal
was modified.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\places.sqlite-journal
was modified.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\sessionstore-1.js
was created.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\formhistory.sqlite-journal
was created.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\prefs-1.js
was created.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\places.sqlite-journal
was modified.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\places.sqlite-journal
was modified.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\parent.lock
was removed.
C:\Windows\Temp
was modified.
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.
|
|
28.02.2010, 14:07
| #3 |
| | Verdacht eines Keyloggers Kann mir jemand helfen?
__________________ |
|
28.02.2010, 17:20
| #4 |
| | Verdacht eines Keyloggers mhm.... hol dir mal pc spyware doctor mit neusten updates und zeige danach die logfiles und schreib mich mal an nachdem du die logfiles gepostet hast |
|
02.03.2010, 16:03
| #5 |
| | Verdacht eines Keyloggers habs jetz mal da runtergeladen: http://www.chip.de/downloads/Spyware-Doctor-2010_16990636.html Finde aber keine Log File |
|
02.03.2010, 18:46
| #6 | |
| | Verdacht eines KeyloggersZitat:
das logfile posten heißt die threats die er gefunden hat hier posten bitte 1 zu 1 |
|
08.03.2010, 16:40
| #7 |
| | Verdacht eines Keyloggers ok hol dir mal Dr.webcureit ausführen und danach restart |
|
| Themen zu Verdacht eines Keyloggers |
| antivirenprogramm, data, g data, keylogger, löschen, nichts, programm, verdacht, welchem |
Hybrid-Darstellung
