Trojaner-Board - hijacker --> yobta.info

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - hijacker --> yobta.info (https://www.trojaner-board.de/2299-hijacker-yobta-info.html)

Hallo, willkommen an Board!

Leider hast du nur ein halbes LogFile gepostet - bitte reich die andere Hälfte noch nach!

Dieser Eintrag muss schon mal raus:
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

Auch alle R0, R1 un O13-Einträge müssen raus.

So hier ist noch mal das komplette File:

Logfile of HijackThis v1.97.7
Scan saved at 00:56:24, on 07.04.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
F:\T-Online\T-Online_Software_5\Basis-Software\Basis2\kernel.exe
F:\T-Online\T-Online_Software_5\Basis-Software\Basis2\sc_watch.exe
f:\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
f:\T-Online\T-Online_Software_5\Browser\Browser.exe
f:\T-Online\T-Online_Software_5\Browser\Browser.exe
f:\T-Online\T-Online_Software_5\Browser\Browser.exe
f:\t-online\t-online_software_5\browser\dlman.exe
f:\t-online\t-online_software_5\browser\dlman.exe
f:\t-online\t-online_software_5\browser\dlman.exe
f:\t-online\t-online_software_5\browser\dlman.exe
f:\t-online\t-online_software_5\browser\dlman.exe
f:\t-online\t-online_software_5\browser\dlman.exe
f:\t-online\t-online_software_5\browser\dlman.exe
f:\t-online\t-online_software_5\browser\dlman.exe
f:\t-online\t-online_software_5\browser\dlman.exe
f:\t-online\t-online_software_5\browser\dlman.exe
f:\t-online\t-online_software_5\browser\dlman.exe
f:\t-online\t-online_software_5\browser\dlman.exe
f:\t-online\t-online_software_5\browser\dlman.exe
f:\T-Online\T-Online_Software_5\Browser\Browser.exe
C:\Programme\Opera7\Opera.exe
C:\Dokumente und Einstellungen\Kathrin&Steve\Desktop\HijackThis.exe
f:\T-Online\T-Online_Software_5\eMail\MAIL.EXE
C:\Programme\Norton Internet Security\Norton AntiVirus\OPScan.exe
C:\Programme\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yobta.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yobta.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yobta.info
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yobta.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yobta.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yobta.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yobta.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.yobta.info
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yobta.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yobta.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yobta.info
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.yobta.info
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yobta.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.t-online.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.t-online.de/service/redir/tosw5_internet.htm
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.yobta.info
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.yobta.info
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: OsbornTech Popup Blocker - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} - C:\WINDOWS\System32\mshelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [mmtask] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O13 - DefaultPrefix: http://www.yobta.info/
O13 - WWW Prefix: http://www.yobta.info/
O13 - Home Prefix: http://www.yobta.info/
O13 - Mosaic Prefix: http://www.yobta.info/
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BC7A622-5251-4362-8247-56C8897E1F41}: NameServer = 217.5.114.141 194.25.2.129

Hi!

Bekomme diesen blöden Hijacker nicht gelöscht. Habe deswegen Hijackthis scannen lassen und bitte darum, dass mir einer sagen kann, was ich nun machen muss.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yobta.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yobta.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yobta.info
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yobta.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yobta.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yobta.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yobta.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.yobta.info
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yobta.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yobta.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yobta.info
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.yobta.info
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yobta.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.t-online.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.t-online.de/service/redir/tosw5_internet.htm
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.yobta.info
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://www.yobta.info
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: OsbornTech Popup Blocker - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880} - C:\WINDOWS\System32\mshelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programme\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [mmtask] C:\Programme\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O13 - DefaultPrefix: http://www.yobta.info/
O13 - WWW Prefix: http://www.yobta.info/
O13 - Home Prefix: http://www.yobta.info/
O13 - Mosaic Prefix: http://www.yobta.info/
O17 - HKLM\System\CCS\Services\Tcpip\..\{7BC7A622-5251-4362-8247-56C8897E1F41}: NameServer = 217.5.114.141 194.25.2.129

Ich bedanke mich für eure Hilfe schon mal im voraus.

Hi,

fixe mit HJT doch erst mal die von MMK geposteten Einträge,
reboot, alle Programme/Browser-Fesnter zu, und dann erstelle&poste ein neues Hijackthis-Logfile
;)