Gorx
Lt. Junior Grade
- Registriert
- Dez. 2004
- Beiträge
- 482
ich hab mir die spyware Namens "SpySpotter" eingefangen. Das Teil ist SEHR hartnäckig, es öffnet permanent Fenster, Werbung!
Ich habs mit allen aktuellen spyware-lösch-programmen probiert!
Hier mal der HiJackThis Log, ich erkenn da nichts ungewöhliches:
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\csrss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\System32\SCardSvr.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\rundll32.exe
G:\Programme\Norton GoBack\GBPoll.exe
G:\WINDOWS\SCARDS32.exe
G:\PROGRA~1\NORTON~2\NORTON~3\GHOSTS~2.EXE
G:\Programme\Norton GoBack\GBTray.exe
G:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
G:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
G:\WINDOWS\System32\alg.exe
G:\Programme\Steganos AntiSpyware 7\aspy7.exe
G:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\WINDOWS\system32\ZoneLabs\isafe.exe
G:\Programme\tools\PestPatrol\ppcontrol.exe
G:\Programme\tools\PestPatrol\PPActiveDetection.exe
G:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
G:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\dokumente und Einstellungen\home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\81AJSD6J\stinger[1].exe
c:\dokumente und Einstellungen\home\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lehrer-online.de/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TwkSCardSrv] G:\WINDOWS\SCARDS32.exe search
O4 - HKLM\..\Run: [Zone Labs Client] G:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PPMemCheck] G:\Programme\tools\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] G:\Programme\tools\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] G:\Programme\tools\PestPatrol\PPControl.exe
O4 - HKCU\..\Run: [AntiSpyware7] G:\Programme\Steganos AntiSpyware 7\aspy7.exe /0
O4 - Global Startup: Norton GoBack.lnk = G:\Programme\Norton GoBack\GBTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129739582121
O17 - HKLM\System\CCS\Services\Tcpip\..\{B641A3EA-CAC4-44F0-BD2E-D6FA932DBCB5}: NameServer = 192.168.1.1
O20 - Winlogon Notify: ModuleUsage - G:\WINDOWS\system32\l4n40e5qeh.dll (file missing)
O20 - Winlogon Notify: RunOnceEx - G:\WINDOWS\system32\wbn87em.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - G:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - G:\Programme\Norton GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - G:\PROGRA~1\NORTON~2\NORTON~3\GHOSTS~2.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - G:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - G:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ich habs mit allen aktuellen spyware-lösch-programmen probiert!
Hier mal der HiJackThis Log, ich erkenn da nichts ungewöhliches:
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\csrss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\System32\SCardSvr.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\rundll32.exe
G:\Programme\Norton GoBack\GBPoll.exe
G:\WINDOWS\SCARDS32.exe
G:\PROGRA~1\NORTON~2\NORTON~3\GHOSTS~2.EXE
G:\Programme\Norton GoBack\GBTray.exe
G:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
G:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
G:\WINDOWS\System32\alg.exe
G:\Programme\Steganos AntiSpyware 7\aspy7.exe
G:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\WINDOWS\system32\ZoneLabs\isafe.exe
G:\Programme\tools\PestPatrol\ppcontrol.exe
G:\Programme\tools\PestPatrol\PPActiveDetection.exe
G:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
G:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\dokumente und Einstellungen\home\Lokale Einstellungen\Temporary Internet Files\Content.IE5\81AJSD6J\stinger[1].exe
c:\dokumente und Einstellungen\home\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lehrer-online.de/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TwkSCardSrv] G:\WINDOWS\SCARDS32.exe search
O4 - HKLM\..\Run: [Zone Labs Client] G:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PPMemCheck] G:\Programme\tools\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] G:\Programme\tools\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] G:\Programme\tools\PestPatrol\PPControl.exe
O4 - HKCU\..\Run: [AntiSpyware7] G:\Programme\Steganos AntiSpyware 7\aspy7.exe /0
O4 - Global Startup: Norton GoBack.lnk = G:\Programme\Norton GoBack\GBTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129739582121
O17 - HKLM\System\CCS\Services\Tcpip\..\{B641A3EA-CAC4-44F0-BD2E-D6FA932DBCB5}: NameServer = 192.168.1.1
O20 - Winlogon Notify: ModuleUsage - G:\WINDOWS\system32\l4n40e5qeh.dll (file missing)
O20 - Winlogon Notify: RunOnceEx - G:\WINDOWS\system32\wbn87em.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - G:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - G:\Programme\Norton GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - G:\PROGRA~1\NORTON~2\NORTON~3\GHOSTS~2.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - G:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - G:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - G:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe
![d[Vi]b](https://pics.computerbase.de/forum/avatars/m/73/73814.jpg?1184840027){kind=avatar}
