Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   eScan: netster ?? (https://www.trojaner-board.de/21767-escan-netster.html)

may 13.09.2005 08:52
eScan: netster ??
 
Hallo,

mein eScan von heute zeigt folgendes an (Win XP):

Tue Sep 13 08:30:51 2005 => System found infected with netster Spyware/Adware ({56336bcb-3d8a-11d6-a00b-0050da18de71})! Action taken: No Action Taken.

Tue Sep 13 09:22:42 2005 => Gescannte Dateien: 36952
Tue Sep 13 09:22:42 2005 => Gefundene Viren: 1
Tue Sep 13 09:22:42 2005 => Anzahl der desinfizierten Dateien: 0
Tue Sep 13 09:22:42 2005 => Umbenannte Dateien: 0
Tue Sep 13 09:22:42 2005 => Anzahl der gelöschten Dateien: 0
Tue Sep 13 09:22:42 2005 => Anzahl Fehler: 10
Tue Sep 13 09:22:42 2005 => Zeit vergangen: 00:52:33
Tue Sep 13 09:22:47 2005 => Virus Datenbank Datum: 2005/09/09
Tue Sep 13 09:22:47 2005 => Virus Datenbank Zähler: 148428
Tue Sep 13 09:22:51 2005 => AV Library Unloaded (3)...

Wie kann ich den löschen???

Liebe Grüße may

chaosman 13.09.2005 10:59
@may
lade spybot
updaten und in den abgesicherten modus scannen lassen. Lösche was es vorschlägt.

neu booten, poste bitte auch ein HJT logfile
http://www.trojaner-board.de/showthread.php?t=17493


chaosman

may 14.09.2005 06:10
Hallo chaosman,

erstmal lieben Dank für deine Antwort.
Spybot ist sauber - keine verdächtigen Dateien gefunden

hier das aktuelle Log:

Logfile of HijackThis v1.99.1
Scan saved at 07:04:04, on 14.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
C:\Programme\Personal Security Service\Common\FSM32.EXE
C:\Programme\Ahead\InCD\InCD.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programme\T-COM\T-COM WLAN Manager T-Sinus 154data\Installer\WINXP\DTUSB11GMonitor.exe
C:\Programme\PostDa\PostDa.exe
C:\Programme\snapsaver\snapsaver.exe
C:\PROGRA~1\PERSON~1\backweb\2581593\Program\SERVIC~1.EXE
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\ewido\security suite\ewidoguard.exe
C:\Programme\Personal Security Service\backweb\2581593\Program\fspex.exe
C:\Programme\Personal Security Service\Anti-Virus\fsgk32st.exe
C:\Programme\Personal Security Service\backweb\2581593\program\fsbwsys.exe
C:\Programme\Personal Security Service\Anti-Virus\FSGK32.EXE
C:\Programme\Personal Security Service\Common\FSMA32.EXE
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Personal Security Service\Anti-Virus\fssm32.exe
C:\Programme\Personal Security Service\Common\FSMB32.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Personal Security Service\Common\FCH32.EXE
C:\Programme\Personal Security Service\Common\FAMEH32.EXE
C:\Programme\Personal Security Service\Anti-Virus\fsav32.exe
C:\Programme\Personal Security Service\FWES\Program\fsdfwd.exe
C:\Programme\Personal Security Service\FSGUI\fsguiexe.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Internet\Eigene Dateien\eBooks\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = **
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P33

"EPSON Stylus C64 Series (Kopie 1)" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\Personal Security Service\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\Personal Security Service\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\Personal Security Service\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programme\Personal Security Service\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C64 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P33

"EPSON Stylus C64 Series (Kopie 1)" /M "Stylus C64" /EF "HKCU"
O4 - Global Startup: T-COM WLAN Manager T-Sinus 154data (2).lnk = C:\Programme\T-COM\T-COM WLAN Manager T-Sinus

154data\Installer\WINXP\DTUSB11GMonitor.exe
O4 - Global Startup: Verknüpfung mit PostDa.exe.lnk = C:\Programme\PostDa\PostDa.exe
O4 - Global Startup: Verknüpfung mit snapsaver.exe.lnk = C:\Programme\snapsaver\snapsaver.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -

h**p://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

h**p://software-dl.real.com/288b1ed2b08e40b4af16/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093079138109
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -

h**p://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43D9BC13-746D-4783-99AF-6464677161F6}: NameServer = **
O23 - Service: T-TeleSec Personal Security Service (BackWeb Plug-in - 2581593) - Unknown owner -

C:\PROGRA~1\PERSON~1\backweb\2581593\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programme\Personal Security

Service\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\Personal Security Service\backweb\2581593\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\Personal Security

Service\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programme\Personal Security Service\Common\FSMA32.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite

2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite

2005.SR1\RpcSandraSrv.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:23 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131