Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Verdacht eines Keyloggers (https://www.trojaner-board.de/83326-verdacht-keyloggers.html)

Alex1994 25.02.2010 18:43
Verdacht eines Keyloggers
 
Hi
Habe einen Verdacht: Es kann sein, dass auf meinem PC ein Keylogger ist. Bin mir jedoch nicht sicher. Möchte Klarheit haben. Mit welchem Programm kann an ihn aufspüren bzw löschen?
Mein Antivirenprogramm G Data findet nichts.

Alex1994 25.02.2010 21:03
Ich habe mal den KL Detector drüberlaufen lassen: KL-Detector: detect keylogger on your computer! (it is a keylogger detector - NOT a keylogger remover)
Log:
Code:
No suspicious files were found in your hard disk :)


You MAY want to take a look at:
C:\Users\Alex\
C:\Windows\Temp\
C:\Windows\
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\
C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\
Code:
Below are some file operations that were done during the monitoring process.
Review them carefully and check for suspicious files.


C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Logs\Scheduler.log
was modified.

C:\Users\Alex\ntuser.dat.LOG1
was modified.

C:\Users\Alex\NTUSER.DAT
was modified.

C:\Users\Alex\NTUSER.DAT
was modified.

C:\Windows\Temp\TMP00000042B25A8B2102BE3CBD
was created.

C:\Windows\Temp\TMP00000042B25A8B2102BE3CBD
was modified.

C:\Windows\Temp\TMP00000042B25A8B2102BE3CBD
was removed.

C:\Users\Alex\ntuser.dat.LOG1
was modified.

C:\Windows\Temp
was modified.

C:\Users\Alex\NTUSER.DAT
was modified.

C:\Users\Alex\NTUSER.DAT
was modified.

C:\Windows\Prefetch\WORDPAD.EXE-D7FD7414.pf
was created.

C:\Windows\Prefetch
was modified.

C:\Windows\Prefetch\WORDPAD.EXE-D7FD7414.pf
was modified.

C:\Users\Alex\ntuser.dat.LOG1
was modified.

C:\Users\Alex\NTUSER.DAT
was modified.

C:\Users\Alex\NTUSER.DAT
was modified.

C:\Users\Alex\ntuser.dat.LOG1
was modified.

C:\Users\Alex\NTUSER.DAT
was modified.

C:\Users\Alex\NTUSER.DAT
was modified.

C:\Windows\Temp\TMP000000436DD8529EF694CE29
was created.

C:\Windows\Temp\TMP000000436DD8529EF694CE29
was modified.

C:\Windows\Temp\TMP000000436DD8529EF694CE29
was removed.

C:\Users\Alex\ntuser.dat.LOG1
was modified.

C:\Windows\Temp
was modified.

C:\Windows\Prefetch\MSPAINT.EXE-76E10B24.pf
was created.

C:\Windows\Prefetch\MSPAINT.EXE-76E10B24.pf
was modified.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\parent.lock
was created.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.

C:\Users\Alex\AppData\Local\Mozilla\Firefox\Mozilla Firefox\update.test
was created.

C:\Users\Alex\AppData\Local\Mozilla\Firefox\Mozilla Firefox
was modified.

C:\Users\Alex\AppData\Local\Mozilla\Firefox\Mozilla Firefox
was modified.

C:\Program Files (x86)\Mozilla Firefox
was modified.

C:\Users\Alex\AppData\Local\Mozilla\Firefox\Profiles\doj45035.default\XUL.mfl
was modified.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\cookies.sqlite-journal
was created.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.

C:\Windows\Temp\AvkHttp62394689.tmp
was created.

C:\Windows\Temp
was modified.

C:\ProgramData\G DATA\ISDB
was modified.

C:\ProgramData\G DATA\ISDB\avS.isdb.tmp
was modified.

C:\ProgramData\G DATA\ISDB
was modified.

C:\ProgramData\G DATA\ISDB
was modified.

C:\ProgramData\G DATA\ISDB\avSU.isdb.tmp
was modified.

C:\ProgramData\G DATA\ISDB
was modified.

C:\ProgramData\G DATA\ISDB
was modified.

C:\Windows\Temp\AvkHttp62394689.tmp
was removed.

C:\Users\Alex\ntuser.dat.LOG1
was modified.

C:\Users\Alex\NTUSER.DAT
was modified.

C:\Users\Alex\NTUSER.DAT
was modified.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\urlclassifierkey3.txt
was modified.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\urlclassifierkey3.txt
was modified.

C:\Users\Alex\AppData\Local\Mozilla\Firefox\Profiles\doj45035.default\urlclassifier3.sqlite-journal
was removed.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\sessionstore.js
was created.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\sessionstore.js
was modified.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp\AvkHttp62396049.tmp
was renamed to
C:\Windows\Temp\AvkHttp62396049.gz

C:\Windows\Temp\AvkHttp62396049.gz
was removed.

C:\Windows\Temp\AvkHttp62396049.tmp
was removed.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp\AvkHttp62396049.tmp
was renamed to
C:\Windows\Temp\AvkHttp62396049.gz

C:\Windows\Temp\AvkHttp62396049.tmp
was removed.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp\AvkHttp62396049.tmp
was modified.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp\AvkHttp62396049.tmp
was modified.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp
was modified.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp\AvkHttp62396049.tmp
was modified.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp\AvkHttp62396049.tmp
was modified.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp\AvkHttp62396049.tmp
was modified.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62396049.tmp
was removed.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp\AvkHttp62396049.tmp
was modified.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp
was modified.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp\AvkHttp62396049.tmp
was modified.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62396049.tmp
was created.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62394689.tmp
was created.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62394689.tmp
was modified.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62394689.gz
was removed.

C:\Windows\Temp\AvkHttp62394689.tmp
was removed.

C:\Users\Alex\AppData\Local\Mozilla\Firefox\Profiles\doj45035.default
was modified.

C:\Users\Alex\AppData\Local\Mozilla\Firefox\Profiles\doj45035.default\Cache\45B62A9Dd01
was modified.

C:\Windows\Temp\AvkHttp62394689.tmp
was created.

C:\Windows\Temp
was modified.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62386529.tmp
was created.

C:\Windows\Temp
was modified.

C:\Windows\Prefetch\FIREFOX.EXE-18ACFCFF.pf
was modified.

C:\Windows\Prefetch\FIREFOX.EXE-18ACFCFF.pf
was modified.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\downloads.sqlite-journal
was created.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\sessionstore-1.js
was created.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.

C:\Windows\Temp\AvkHttp62394689.tmp
was created.

C:\Windows\Temp\AvkHttp62394689.tmp
was renamed to
C:\Windows\Temp\AvkHttp62394689.gz

C:\Windows\Temp\AvkHttp62394689.tmp
was removed.

C:\Windows\Temp\AvkHttp62392649.tmp
was created.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62385849.tmp
was created.

C:\Windows\Temp\AvkHttp62385849.tmp
was modified.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62394689.tmp
was created.

C:\Windows\Temp\AvkHttp62394689.tmp
was renamed to
C:\Windows\Temp\AvkHttp62394689.gz

C:\Windows\Temp\AvkHttp62394689.gz
was removed.

C:\Windows\Temp\AvkHttp62394689.tmp
was removed.

C:\Windows\Temp\AvkHttp62394689.tmp
was created.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62392649.tmp
was created.

C:\Windows\Temp\AvkHttp62392649.tmp
was modified.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62385849.tmp
was created.

C:\Windows\Temp\AvkHttp62385849.tmp
was modified.

C:\Windows\Temp
was modified.

C:\Windows\Temp\AvkHttp62392649.tmp
was created.

C:\Windows\Temp\AvkHttp62394689.tmp
was renamed to
C:\Windows\Temp\AvkHttp62394689.gz

C:\Windows\Temp\AvkHttp62394689.tmp
was removed.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\places.sqlite-journal
was modified.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\places.sqlite-journal
was modified.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\places.sqlite-journal
was modified.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\sessionstore-1.js
was created.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\formhistory.sqlite-journal
was created.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\prefs-1.js
was created.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\places.sqlite-journal
was modified.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\places.sqlite-journal
was modified.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default\parent.lock
was removed.

C:\Windows\Temp
was modified.

C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\doj45035.default
was modified.

Alex1994 28.02.2010 14:07
Kann mir jemand helfen?

rainboww 28.02.2010 17:20
:hallo:


mhm.... hol dir mal pc spyware doctor mit neusten updates und zeige danach die logfiles und schreib mich mal an nachdem du die logfiles gepostet hast

Alex1994 02.03.2010 16:03
habs jetz mal da runtergeladen: http://www.chip.de/downloads/Spyware-Doctor-2010_16990636.html
Finde aber keine Log File

rainboww 02.03.2010 18:46
Zitat:
Zitat von Alex1994 (Beitrag 506998)
habs jetz mal da runtergeladen: http://www.chip.de/downloads/Spyware-Doctor-2010_16990636.html
Finde aber keine Log File
oh ja sry fürs lange off sein

das logfile posten heißt die threats die er gefunden hat hier posten bitte 1 zu 1

Alex1994 03.03.2010 17:33
Wie gesagt. Das Programm gibt mir kein LogFile
Aber hier eij Bild:
http://www.imagebanana.com/img/z72oa...fzeichnen5.JPG

Alex1994 07.03.2010 16:19
Kann mir jemand weiterhelfen?

rainboww 08.03.2010 16:40
ok hol dir mal Dr.webcureit

ausführen und danach restart


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:07 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131