Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   eScan: netster ?? (https://www.trojaner-board.de/21767-escan-netster.html)

may 13.09.2005 08:52
eScan: netster ??
 
Hallo,

mein eScan von heute zeigt folgendes an (Win XP):

Tue Sep 13 08:30:51 2005 => System found infected with netster Spyware/Adware ({56336bcb-3d8a-11d6-a00b-0050da18de71})! Action taken: No Action Taken.

Tue Sep 13 09:22:42 2005 => Gescannte Dateien: 36952
Tue Sep 13 09:22:42 2005 => Gefundene Viren: 1
Tue Sep 13 09:22:42 2005 => Anzahl der desinfizierten Dateien: 0
Tue Sep 13 09:22:42 2005 => Umbenannte Dateien: 0
Tue Sep 13 09:22:42 2005 => Anzahl der gelöschten Dateien: 0
Tue Sep 13 09:22:42 2005 => Anzahl Fehler: 10
Tue Sep 13 09:22:42 2005 => Zeit vergangen: 00:52:33
Tue Sep 13 09:22:47 2005 => Virus Datenbank Datum: 2005/09/09
Tue Sep 13 09:22:47 2005 => Virus Datenbank Zähler: 148428
Tue Sep 13 09:22:51 2005 => AV Library Unloaded (3)...

Wie kann ich den löschen???

Liebe Grüße may

chaosman 13.09.2005 10:59
@may
lade spybot
updaten und in den abgesicherten modus scannen lassen. Lösche was es vorschlägt.

neu booten, poste bitte auch ein HJT logfile
http://www.trojaner-board.de/showthread.php?t=17493


chaosman

may 14.09.2005 06:10
Hallo chaosman,

erstmal lieben Dank für deine Antwort.
Spybot ist sauber - keine verdächtigen Dateien gefunden

hier das aktuelle Log:

Logfile of HijackThis v1.99.1
Scan saved at 07:04:04, on 14.09.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe
C:\Programme\Personal Security Service\Common\FSM32.EXE
C:\Programme\Ahead\InCD\InCD.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programme\T-COM\T-COM WLAN Manager T-Sinus 154data\Installer\WINXP\DTUSB11GMonitor.exe
C:\Programme\PostDa\PostDa.exe
C:\Programme\snapsaver\snapsaver.exe
C:\PROGRA~1\PERSON~1\backweb\2581593\Program\SERVIC~1.EXE
C:\Programme\ewido\security suite\ewidoctrl.exe
C:\Programme\ewido\security suite\ewidoguard.exe
C:\Programme\Personal Security Service\backweb\2581593\Program\fspex.exe
C:\Programme\Personal Security Service\Anti-Virus\fsgk32st.exe
C:\Programme\Personal Security Service\backweb\2581593\program\fsbwsys.exe
C:\Programme\Personal Security Service\Anti-Virus\FSGK32.EXE
C:\Programme\Personal Security Service\Common\FSMA32.EXE
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Personal Security Service\Anti-Virus\fssm32.exe
C:\Programme\Personal Security Service\Common\FSMB32.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Personal Security Service\Common\FCH32.EXE
C:\Programme\Personal Security Service\Common\FAMEH32.EXE
C:\Programme\Personal Security Service\Anti-Virus\fsav32.exe
C:\Programme\Personal Security Service\FWES\Program\fsdfwd.exe
C:\Programme\Personal Security Service\FSGUI\fsguiexe.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Internet\Eigene Dateien\eBooks\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = **
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P33

"EPSON Stylus C64 Series (Kopie 1)" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\Personal Security Service\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\Personal Security Service\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Programme\Personal Security Service\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Programme\Personal Security Service\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C64 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P33

"EPSON Stylus C64 Series (Kopie 1)" /M "Stylus C64" /EF "HKCU"
O4 - Global Startup: T-COM WLAN Manager T-Sinus 154data (2).lnk = C:\Programme\T-COM\T-COM WLAN Manager T-Sinus

154data\Installer\WINXP\DTUSB11GMonitor.exe
O4 - Global Startup: Verknüpfung mit PostDa.exe.lnk = C:\Programme\PostDa\PostDa.exe
O4 - Global Startup: Verknüpfung mit snapsaver.exe.lnk = C:\Programme\snapsaver\snapsaver.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -

h**p://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

h**p://software-dl.real.com/288b1ed2b08e40b4af16/netzip/RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093079138109
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -

h**p://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43D9BC13-746D-4783-99AF-6464677161F6}: NameServer = **
O23 - Service: T-TeleSec Personal Security Service (BackWeb Plug-in - 2581593) - Unknown owner -

C:\PROGRA~1\PERSON~1\backweb\2581593\Program\SERVIC~1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido\security suite\ewidoguard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programme\Personal Security

Service\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\Personal Security Service\backweb\2581593\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\Personal Security

Service\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Programme\Personal Security Service\Common\FSMA32.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite

2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite

2005.SR1\RpcSandraSrv.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:24 Uhr.

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19