![]() |
|
Log-Analyse und Auswertung: Spyware Problem!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() Spyware Problem! Hallo Forummitglieder, ich hab ein rießen Problem. Bei mir werden andauernd ungewollt Werbeseiten geöffnet bzw. Seiten wo mir gesagt wird das mein Computer infiziert ist. Da kommt dann in den Firefox Browser ein WindowsXP fenster wo der virtuel nach Spyware sucht und ca. 42 oder so findet. Meisten fordert er mich auch auf irgendetwas herunterzuladen. Bitte helft mir diese Spyware loszuwerden. Sodass keine Werbefenster mehr geöffnet werden. Hier meine Logfile Datei: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:23:13, on 03/05/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Spiele\Program Files (x86)\Steam\Steam.exe C:\Windows\System32\spool\drivers\x64\3\E_FATIBVE.EXE C:\Windows\System32\spool\drivers\x64\3\E_FATIBVE.EXE C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Anwendungen\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Anwendungen\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Anwendungen\Program Files (x86)\Xfire\xfire.exe C:\Anwendungen\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe C:\Anwendungen\Program Files (x86)\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: Techno4ever Toolbar - {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Program Files (x86)\Techno4ever\tbTec1.dll F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ANWEND~1\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll O2 - BHO: Techno4ever Toolbar - {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Program Files (x86)\Techno4ever\tbTec1.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Techno4ever Toolbar - {fb7d98cb-b228-4ecb-acac-e7101156338e} - C:\Program Files (x86)\Techno4ever\tbTec1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [avgnt] "C:\Anwendungen\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files (x86)\ICQLite\ICQLite.exe" -minimize O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-2SANG.exe" /REG O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "c:\spiele\program files (x86)\steam\steam.exe" -silent O4 - HKCU\..\Run: [\\ARBEIT\EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Users\***\AppData\Local\Temp\E_SF5D2.tmp" /EF "HKCU" O4 - HKCU\..\Run: [\\CK-FKK55XSWHDCY\EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Users\***\AppData\Local\Temp\E_SDA0E.tmp" /EF "HKCU" O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SF0F9.tmp" /EF "HKCU" O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Anwendungen\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [\ARBEIT\EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Users\***\AppData\Local\Temp\E_SF5D2.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Program Files (x86)\Zilla Popup Killer\ZillaPop.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files (x86)\ICQLite\ICQLite.exe -trayboot O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Xfire.lnk = C:\Anwendungen\Program Files (x86)\Xfire\xfire.exe O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: eBay Startseite - {8B69DB2E-015D-4c4f-B97E-95EF5326BDA8} - h**p://adfarm.mediaplex.com/ad/ck/707-1170-5704-77?RedirectEnter&partner=36420&loc=h**p://pages.ebay.de (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ANWEND~1\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ANWEND~1\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O15 - Trusted Zone: http://www.google.de O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - h**p://static.ak.schuelervz.net/photouploader/ImageUploader4.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - h**p://treff-mogelpower.spaces.live.com/PhotoUpload/VistaMsnPUpldde-de.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: bw+0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {5DECA9CA-BC61-4C3A-89BA-A67A03379B74} - C:\Anwendungen\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll Fortsetzung folgt... |
Themen zu Spyware Problem! |
ad-aware, antivir, avira, bho, browser, c:\windows\temp, computer, desktop, drivers, ebay, firefox, google, helper, hijack, hijackthis, internet, internet explorer, local\temp, logfile, mozilla, mozilla firefox, object, problem, programdata, senden, shockwave, software, spyware, system, urlsearchhook, vista, werbefenster, windows sidebar, windows\temp |