Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Antiviren-, Firewall- und andere Schutzprogramme (https://www.trojaner-board.de/antiviren-firewall-andere-schutzprogramme/)
-   -   about:blank (https://www.trojaner-board.de/562-about-blank.html)

torixsolosofix 14.06.2004 00:07
Hallo Leute,
habe ein Problem mit der Startseite about:blank.

Habe hier im Boerd schon einen Beitrag gelesen, komme aber trotzdem nicht zurecht.

Bekomme mit SPhjFix v1.07 immer die Meldung:
Stealth-String not found -> Programm terminated

Hab mal Find-All laufen lassen.
Dieses Log ist das Ergebnis:

Total: 119 965 708 288 [112G] - Free: 36 570 988 544 [34G]


»»IE version and Service packs:
6.0.2600.0 C:\Programme\Internet Explorer\Iexplore.exe
--a-- W32i APP DEU 6.0.2600.0 shp 91,136 08-18-2001 iexplore.exe

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MinorVersion REG_SZ ;q319182;

»»Google:

»»UserAgent:

»»Wmplayer version:
9.0.0.2980 C:\Programme\Windows Media Player\wmplayer.exe
--a-- W32i APP DEU 9.0.0.2980 shp 73,728 12-12-2002 wmplayer.exe
6.4.9.1120 C:\Programme\Windows Media Player\mplayer2.exe
--a-- W32i APP ENU 6.4.9.1120 shp 4,639 08-18-2001 mplayer2.exe

»»M$Java version:
5.0.3805.0 C:\WINDOWS\System32\msjava.dll
--a-- W32i DLL ENU 5.0.3805.0 shp 945,936 02-18-2002 msjava.dll

»»NotePad(s) version(s):
5.1.2600.0 C:\WINDOWS\notepad.exe
--a-- W32i APP DEU 5.1.2600.0 shp 67,072 08-18-2001 notepad.exe
5.1.2600.0 C:\WINDOWS\System32\notepad.exe
--a-- W32i APP DEU 5.1.2600.0 shp 67,072 08-18-2001 notepad.exe

»» Regedit* version(s):
5.1.2600.0 C:\WINDOWS\regedit.exe
--a-- W32i APP DEU 5.1.2600.0 shp 141,312 08-18-2001 regedit.exe
5.1.2600.0 C:\WINDOWS\System32\regedt32.exe
--a-- W32i APP ENU 5.1.2600.0 shp 3,584 08-18-2001 regedt32.exe


»»PC uptime:
11:24am up 0 days, 1:01

»»Locked or 'Suspect' file(s) found...

»»»»»»»»»»»»»»»»»»***Attention!***»»»»»»»»»»»»»»»»
Files listed in this section (in System32) are not always definitive!
Always Double Check and be sure the file pointed doesn't exist!

»»Tasks (services):
0 System Process
4 System
568 SMSS.EXE
640 CSRSS.EXE Title:
664 winlogon.exe Title: NetDDE Agent
708 SERVICES.EXE Svcs: Eventlog,PlugPlay
720 LSASS.EXE Svcs: PolicyAgent,ProtectedStorage,SamSs
888 SVCHOST.EXE Svcs: RpcSs
988 SVCHOST.EXE Svcs: AudioSrv,Browser,CryptSvc,Dhcp,ERSvc,EventSystem,FastUserSwitchingCompatibility,helpsvc,lanmanserver,lanmanworkstation,Messenger,Netman,Nla,RasAuto,Ra sMan,Schedule,seclogon,SENS,Sh aredAccess,ShellHWDetection,srservice,TapiSrv,TermService,Themes,TrkWks,upl
1156 SVCHOST.EXE Svcs: Dnscache
1224 SVCHOST.EXE Svcs: LmHosts,SSDPSRV,WebClient
1412 SPOOLSV.EXE Svcs: Spooler
1468 CCEVTMGR.EXE Svcs: ccEvtMgr
1476 EXPLORER.EXE Title: Program Manager
1488 NISUM.EXE Svcs: NISUM
1796 atiptaxx.exe Title: ATI Tray Icon Application
1804 DITASK.EXE Title: ditask
1812 divamon.exe
1820 watch.exe Title: DIVA_CARD_DAEMON
1828 CGServer.exe Title: ISDN-Guard Prozess
1872 DiInfo.exe Title: DiInfo
1880 DSentry.exe Title: DVDSentry
1892 Directcd.exe Title: DirectCD
1936 ccApp.exe Title:
1964 GhostStartTrayApGhostStartTrayAppTitle: GhostStartTrayApp
1976 SpeedMgr.exe Title: T-DSL SpeedManager
1984 CTFMON.EXE Title:
2032 SonyTray.exe Title: Image Transfer
152 WZQKPICK.EXE Title: Über WinZip Quick Pick
196 diagent.exe Title: Creative Diagnostics Agent
340 wmplayer.exe Title: Windows Media Player
224 ALG.EXE Svcs: ALG
1852 ati2evxx.exe Svcs: Ati HotKey Poller
1928 CCPXYSVC.EXE Svcs: ccPxySvc
428 CTsvcCDA.EXE Svcs: Creative Service for CDROM Access
392 GHOSTS~2.EXE Svcs: GhostStartService
1612 NAVAPSVC.EXE Svcs: navapsvc
108 NPROTECT.EXE Svcs: NProtectService
768 NOPDB.EXE Svcs: Speed Disk service
1624 MsPMSPSv.exe Svcs: WMDM PMSP Service
2404 TSMSvc.exe Svcs: TSMService
2980 NTVDM.EXE Title: T-Online StartCenter
3092 ToDuCAlC.exe Title: ToDuCAlC
904 IEXPLORE.EXE Title: Trojaner-Board: Hijacker "about blank" !! - Microsoft Internet Explorer provided by Tiscali
3916 CMD.EXE Title: C:\WINDOWS\System32\cmd.exe
504 NTVDM.EXE
3932 tlist.exe
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB329369-CC55-440F-964B-BBD33E6D64F3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
@="NAV Helper"

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]
"CLSID"="{7B0A57B7-B328-48C3-9C86-99AE21AC1965}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]
"CLSID"="{7B0A57B7-B328-48C3-9C86-99AE21AC1965}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"System"="{271C74B5-A2C7-4A26-90E2-93F202EABFE7}"

»»Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read VORDEFINIERT\Benutzer
Full access VORDEFINIERT\Administratoren
Full access NT-AUTORITŽT\SYSTEM


»»Size of 'Windows' key: (Default-450;No'AppInit'-398;*Fake-~448+!)
Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows\SYS:Microsoft\Windows NT\CurrentVersion\Windows : AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ : AppInit_DLLs

»»Winlogon\notify:

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
Size of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: 5016

»»UserInit value:

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,

5.1.2600.0 C:\WINDOWS\System32\userinit.exe
--a-- W32i APP DEU 5.1.2600.0 shp 22,016 08-18-2001 userinit.exe

»»Group/user settings:


User: [DCNFGL0J\Thomas], is a member of:

VORDEFINIERT\Administratoren
\Everyone

User is a member of group DCNFGL0J\Kein.
User is a member of group \Jeder.
User is a member of group VORDEFINIERT\Administratoren.
User is a member of group VORDEFINIERT\Benutzer.
User is a member of group \LOKAL.
User is a member of group NT-AUTORITÄT\INTERAKTIV.
User is a member of group NT-AUTORITÄT\Authentifizierte Benutzer.

»»ACLs list:
C:\junkxxx VORDEFINIERT\Administratoren:F
VORDEFINIERT\Administratoren:(OI)(CI)(IO)F
NT-AUTORITÄT\SYSTEM:F
NT-AUTORITÄT\SYSTEM:(OI)(CI)(IO)F
DCNFGL0J\Thomas:F
ERSTELLER-BESITZER:(OI)(CI)(IO)F
VORDEFINIERT\Benutzer:R
VORDEFINIERT\Benutzer:(OI)(CI)(IO)(special access:)

GENERIC_READ
GENERIC_EXECUTE

VORDEFINIERT\Benutzer:(CI)(special access:)

FILE_APPEND_DATA

VORDEFINIERT\Benutzer:(CI)(special access:)

FILE_WRITE_DATA


ERROR: Es sind keine weiteren Dateien vorhanden.


»»File(s) in 'junkxxx' folder:

»»Md5sums

MD5sums 1.1 freeware for Win9x/ME/NT/2000/XP+
Copyright (C) 2001-2002 Jem Berkes - http://www.pc-tools.net/


0 bytes, 0 ms = 0.00 MB/sec

»»hosts file:
R C:\WINDOWS\System32\Drivers\etc\HOSTS
-r--- - - - - - 820 08-18-2001 hosts
------
»»Rehash:

»Strings found:

Sun Jun 13 11:24:27 2004 -- ++Find-All backups:
A C:\FindallwinBackup.hiv
--a-- - - - - - 8,192 06-13-2004 findallwinbackup.hiv
A C:\findallappinit.reg
--a-- - - - - - 632 06-13-2004 findallappinit.reg
A C:\Find-All\Find-All\winBackup.hiv
A C:\Find-All\Find-All\Fileslist\copyhosts.txt
A C:\Find-All\Find-All\Fileslist\drivers.txt
A C:\Find-All\Find-All\Fileslist\modules.txt
A C:\Find-All\Find-All\Fileslist\services.txt
A C:\Find-All\Find-All\Fileslist\windows.txt

***Next Registry run should open this key directly:

! REG.EXE VERSION 2.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit
LastKey REG_SZ My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows



Also vielleicht hat ja jemand eine Ahnung.
Vielen Dank im voraus.
Tori

mav1976 14.06.2004 05:25
hi torixsolosofix,

meinst du mit deinen 3 threads, die du hier geöffnet hast, bekommst du schneller antwort? ---> da hast du falsch gedacht. ;)

immer geduld haben. dies ist ein u2u-forum. also warte einfach ab, und eröffne nicht in jedem unterforum den gleichen thread. doppelpostings bringen nichts - nur unübersichtlichkeit. ;)

torixsolosofix 14.06.2004 07:18
Tschuldigung, [img]graemlins/heulen.gif[/img]

ich kenn mich mit boards nicht so aus und meinte ich hätte u.U. das falsche Forum erwischt.

Tori


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:12 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55