Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   AdWare.ToolBar.ToolBand.a (https://www.trojaner-board.de/19633-adware-toolbar-toolband-a.html)

fabinom 08.07.2005 09:12
www.indexfox.com
 
Hallo Zusammen !!

Habe mir das gleiche Problem eingefangen :(
Aber mit Eurer Hilfe kriege ich das bestimmt schnell in den Griff, oder?

Danke im Vorraus für Eure Hilfe :aplaus:

Hier erst mal mein Log-File:

Logfile of HijackThis v1.99.1
Scan saved at 09:58:48, on 08.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\System32\Ati2evxx.exe
C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programme\CA\eTrust Antivirus\InoRpc.exe
C:\Programme\CA\eTrust Antivirus\InoRT.exe
C:\Programme\CA\eTrust Antivirus\InoTask.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINXP\System32\svchost.exe
C:\Programme\TightVNC\WinVNC.exe
C:\WINXP\SOUNDMAN.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINXP\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programme\ScanSoft\OmniPageSE\opware32.exe
C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programme\Intel\NCS\PROSet\PRONoMgr.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Logitech\SetPoint\KEM.exe
C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe
G:\programm\lotus6\organize\easyclip6.exe
C:\Programme\Logitech\SetPoint\KHALMNPR.EXE
C:\WINXP\system32\wuauclt.exe
C:\WINXP\explorer.exe
C:\PROGRA~1\HEWLET~1\HPDESK~2\HPW8TBX.EXE
C:\Programme\FCAD32\FCW32.EXE
C:\PROGRA~1\TOBITI~1\DVREMIND.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ***
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 69.64.35.177 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {421DFE83-2050-41DC-9C9D-8DD32264BA4E} - C:\WINXP\System32\icaapi32.dll
O3 - Toolbar: SToolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINXP\stlbd.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Programme\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINXP\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programme\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Programme\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [BPMInit] BpmInit.exe E:\PROGRA~1\ALCATech\BPM-ST~1
O4 - HKCU\..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: Lotus Organizer EasyClip.lnk = programm\lotus6\organize\easyclip6.exe
O4 - Global Startup: InfoCenter Notifier.LNK = C:\Programme\Tobit InfoCenter\DVREMIND.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O9 - Extra button: Web-Eintrag - {B4E30F61-16D9-11D3-85D1-005004229569} - C:\WINXP\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O13 - WWW. Prefix: http://
O16 - DPF: {00000000-7777-0704-0B53-2C8830E9FAEC} - h**p://212.79.237.40/videoplay.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - h**p://www.cult3d.com/download/cult.cab
O16 - DPF: {3499D0BE-0910-4897-A662-6952E2EC8A18} (VEKA Profilrecherche 2 Internet) - h**p://www.fenster-infoline.de/__C1256E8C00321464.nsf/html/vekarechinetctrl.cab/$FILE/vekarechinetctrl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - h**p://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - h**p://a1540.g.akamai.net/7/1540/52/20040428/qtinstall.info.apple.com/saba/de/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - h**p://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {9E214F45-89C2-4DE3-94A9-530EB1D05F7E} (QuestActiveX Class) - h**p://www.quest3d.com/Quest3D_WebInstall.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - h**ps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - h**p://www.o2c.de/download/o2cplayer.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - h**p://www.live365.com/players/play365.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - h**p://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - h**p://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B0ECDC5-95BA-480D-B66D-E9477410A966}: NameServer = 192.168.126.254
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINXP\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINXP\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programme\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\NCS\Sync\NetSvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programme\TightVNC\WinVNC.exe" -service (file missing)
_____________
Anm.
Erstelle zukünftig der Übersichtlichkeit wegen einen eigenen Thread.


LG Cidre
S-Mod TB

Cidre 08.07.2005 10:10
Hallo fabinom,

lade und aktualisiere eScan AntiVirus.

Wechsle in den abgesicherten Modus und fixe diese Einträge (Haken setzen und auf Fix Checked klicken):
Zitat:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = ***
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
O1 - Hosts: 69.64.35.177 auto.search.msn.com
O2 - BHO: (no name) - {421DFE83-2050-41DC-9C9D-8DD32264BA4E} - C:\WINXP\System32\icaapi32.dll
O3 - Toolbar: SToolbar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINXP\stlbd.dll
O13 - WWW. Prefix: http://
Alle O16
Lösche diese Dateien/Ordner:
Zitat:
C:\WINXP\System32\icaapi32.dll
C:\WINXP\stlbd.dll
- mit eScan AntiVirus scannen (den Scanner mit der "mwavscan.com" starten. Alle Häkchen setzen und "Scan" klicken.) und die Malware manuell entfernen
- Neustart
- IE sicherer konfigurieren und nur noch für das Windows Update benutzen
- Sichere und komfortablere Browser wie z.B. die Mozilla Suite oder Firefox verwenden
- neues Log-File von HiJackThis und die Virus Log Information von eScan posten


btw:
Beachte meine Anmerkung in deinem Post.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:12 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19