Trojaner-Board - Großes "About Blank" Startseiten Probem

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Großes "About Blank" Startseiten Probem (https://www.trojaner-board.de/10067-grosses-about-blank-startseiten-probem.html)

AntiVir No viruses found (0.14 seconds taken)
Avast No viruses found (1.51 seconds taken)
BitDefender No viruses found (0.38 seconds taken)
ClamAV Trojan.Downloader.Agent-23 (0.31 seconds taken)
Dr.Web No viruses found (0.51 seconds taken)
F-Prot Antivirus No viruses found (0.09 seconds taken)
Kaspersky Anti-Virus Trojan-Downloader.Win32.Agent.ap (0.61 seconds taken)
mks_vir Trojan.Downloader.Agent.Ap (0.19 seconds taken)
NOD32 No viruses found (0.44 seconds taken)
Norman Virus Control No viruses found (1.75 seconds taken)

das gilt für die C:\WINDOWS\d3gl32.exe
--------------------------------------------------------------------------
Service load: 0% 100%

File: sysss32.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
Packers detected: UPX

AntiVir No viruses found (0.14 seconds taken)
Avast No viruses found (1.51 seconds taken)
BitDefender No viruses found (0.38 seconds taken)
ClamAV Trojan.Downloader.Agent-23 (0.32 seconds taken)
Dr.Web No viruses found (0.51 seconds taken)
F-Prot Antivirus No viruses found (0.09 seconds taken)
Kaspersky Anti-Virus Trojan-Downloader.Win32.Agent.ap (0.61 seconds taken)
mks_vir Trojan.Downloader.Agent.Ap (0.19 seconds taken)
NOD32 No viruses found (0.44 seconds taken)
Norman Virus Control No viruses found (4.16 seconds taken)

--------------------------------------------------------------------------

Service load: 0% 100%

File: mfcnq32.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
Packers detected: UPX

AntiVir No viruses found (0.14 seconds taken)
Avast No viruses found (1.53 seconds taken)
BitDefender No viruses found (0.37 seconds taken)
ClamAV No viruses found (0.32 seconds taken)
Dr.Web No viruses found (0.50 seconds taken)
F-Prot Antivirus No viruses found (0.06 seconds taken)
Kaspersky Anti-Virus Trojan-Downloader.Win32.Agent.bq (0.61 seconds taken)
mks_vir No viruses found (0.20 seconds taken)
NOD32 No viruses found (0.40 seconds taken)
Norman Virus Control No viruses found (0.45 seconds taken)

so siehts bei mir momentan aus!

Logfile of HijackThis v1.98.2
Scan saved at 22:38:56, on 25.11.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\BearShare\BearShare.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\d3gl32.exe
C:\Programme\BearShare\BearShare.exe
C:\WINDOWS\System32\?hkdsk.exe
C:\Programme\DT\Sinus 154 stick\Wifiusb.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\mfcnq32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Spyware Stormer\SpywareStormer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\Sebastian Strzelczyk\Lokale Einstellungen\Temp\Temporäres Verzeichnis 2 für hijackthis.zip\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {B065FAFE-CC22-F793-EB86-CDC8D11BFBB5} - C:\WINDOWS\system32\javaat.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Spyware Stormer] C:\Programme\Spyware Stormer\SpywareStormer.Exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Pgrdp] C:\WINDOWS\System32\?hkdsk.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - Global Startup: Sinus 154 stick.lnk = C:\Programme\DT\Sinus 154 stick\Wifiusb.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe

Logfile of HijackThis v1.98.2
Scan saved at 22:51:09, on 25.11.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\BearShare\BearShare.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\d3gl32.exe
C:\Programme\BearShare\BearShare.exe
C:\WINDOWS\System32\?hkdsk.exe
C:\Programme\DT\Sinus 154 stick\Wifiusb.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\mfcnq32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\elxoh.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\elxoh.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\elxoh.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\elxoh.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\elxoh.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\elxoh.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\elxoh.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {B065FAFE-CC22-F793-EB86-CDC8D11BFBB5} - C:\WINDOWS\system32\javaat.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [d3gl32.exe] C:\WINDOWS\d3gl32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Pgrdp] C:\WINDOWS\System32\?hkdsk.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - Global Startup: Sinus 154 stick.lnk = C:\Programme\DT\Sinus 154 stick\Wifiusb.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe

ganz aktuell so!bitte helft mir es ist zum verzweifeln!weiß denn keiner wie man diese scheiße sicher und 1000% löscht!

@Orton???

du mussst hier wirklich mal ein paar Ratschläge umsetzen, die von mehreren gemacht worden sind...

Rechner im abgesicherten Modus starten...
guckst du hier...

http://www.systemwiederherstellung-deaktivieren.de

das solltest du zunächst unbedingt mit hijackthis 1.98.2 !!(...ich glaube du hast auch die ältere Version zusätzlich auf deinem System) fixen:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\elxoh.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\elxoh.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\elxoh.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\elxoh.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\elxoh.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\elxoh.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\elxoh.dll/sp.html#28129
R3 - Default URLSearchHook is missing

...scan...anhaken...fixchecked

...es geht aber auch so...

http://www.hijackthis.de/index.php

...und dann schicke ein neues logfile !

lg

Tom59

@Orton...

sorry...bringe erst dein XP auf den neuesten Stand, indem du dir für dein BS das SP2 hier... http://v4.windowsupdate.microsoft.com/de/thanks.asp ...herunterlädst.

Bringe vorher dein Antivir PE auf den neuesten Stand und aktiviere es!!

lg

Tom59

Hey Passat2002,

vielen Dank daß Du dich meiner annimmst. Hier das gewünschte:

File: sysrw.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
Packers detected: UPX

File: sdksf32.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
Packers detected: UPX

File: Spy Cleaner Gold.exe
Status: OK
Packers detected: None

HijackThis installiere ich neu!

Wie geht´s jetzt weiter?

Fedden Gruß

Zitat:

Zitat von Passat2002

hi DeepDish

C:\WINDOWS\SYSRW.EXE
C:\WINDOWS\SYSTEM\SDKSF32.EXE
C:\PROGRAMME\SPY CLEANER GOLD\SPYWATCHER.EXE
diese dateien mit dem JOTTI onlinecheck überprüfen, ergebnis hier posten

C:\WINDOWS\TEMP\TD_0001.DIR\HIJACKTHIS.EXE --> bitte HijackThis nicht aus einem temp. unterordner ausführen, soll -> C:\Programme\HijackThis\HijackThis.exe