|
Antiviren-, Firewall- und andere Schutzprogramme: about:blankWindows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
14.06.2004, 11:25 | #1 |
| about:blank Hallo Leute, habe ein Problem mit der Startseite about:blank. Habe hier im Boerd schon einen Beitrag gelesen, komme aber trotzdem nicht zurecht. Bekomme mit SPhjFix v1.07 immer die Meldung: Stealth-String not found -> Programm terminated Hab mal Find-All laufen lassen. Dieses Log ist das Ergebnis: Total: 119 965 708 288 [112G] - Free: 36 570 988 544 [34G] »»IE version and Service packs: 6.0.2600.0 C:\Programme\Internet Explorer\Iexplore.exe --a-- W32i APP DEU 6.0.2600.0 shp 91,136 08-18-2001 iexplore.exe ! REG.EXE VERSION 2.0 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings MinorVersion REG_SZ ;q319182; »»Google: »»UserAgent: »»Wmplayer version: 9.0.0.2980 C:\Programme\Windows Media Player\wmplayer.exe --a-- W32i APP DEU 9.0.0.2980 shp 73,728 12-12-2002 wmplayer.exe 6.4.9.1120 C:\Programme\Windows Media Player\mplayer2.exe --a-- W32i APP ENU 6.4.9.1120 shp 4,639 08-18-2001 mplayer2.exe »»M$Java version: 5.0.3805.0 C:\WINDOWS\System32\msjava.dll --a-- W32i DLL ENU 5.0.3805.0 shp 945,936 02-18-2002 msjava.dll »»NotePad(s) version(s): 5.1.2600.0 C:\WINDOWS\notepad.exe --a-- W32i APP DEU 5.1.2600.0 shp 67,072 08-18-2001 notepad.exe 5.1.2600.0 C:\WINDOWS\System32\notepad.exe --a-- W32i APP DEU 5.1.2600.0 shp 67,072 08-18-2001 notepad.exe »» Regedit* version(s): 5.1.2600.0 C:\WINDOWS\regedit.exe --a-- W32i APP DEU 5.1.2600.0 shp 141,312 08-18-2001 regedit.exe 5.1.2600.0 C:\WINDOWS\System32\regedt32.exe --a-- W32i APP ENU 5.1.2600.0 shp 3,584 08-18-2001 regedt32.exe »»PC uptime: 11:24am up 0 days, 1:01 »»Locked or 'Suspect' file(s) found... »»»»»»»»»»»»»»»»»»***Attention!***»»»»»»»»»»»»»»»» Files listed in this section (in System32) are not always definitive! Always Double Check and be sure the file pointed doesn't exist! »»Tasks (services): 0 System Process 4 System 568 SMSS.EXE 640 CSRSS.EXE Title: 664 winlogon.exe Title: NetDDE Agent 708 SERVICES.EXE Svcs: Eventlog,PlugPlay 720 LSASS.EXE Svcs: PolicyAgent,ProtectedStorage,SamSs 888 SVCHOST.EXE Svcs: RpcSs 988 SVCHOST.EXE Svcs: AudioSrv,Browser,CryptSvc,Dhcp,ERSvc,EventSystem,FastUserSwitchingCompatibility,helpsvc,lanmanserver,lanmanworkstation,Messenger,Netman,Nla,RasAuto,Ra sMan,Schedule,seclogon,SENS,Sh aredAccess,ShellHWDetection,srservice,TapiSrv,TermService,Themes,TrkWks,upl 1156 SVCHOST.EXE Svcs: Dnscache 1224 SVCHOST.EXE Svcs: LmHosts,SSDPSRV,WebClient 1412 SPOOLSV.EXE Svcs: Spooler 1468 CCEVTMGR.EXE Svcs: ccEvtMgr 1476 EXPLORER.EXE Title: Program Manager 1488 NISUM.EXE Svcs: NISUM 1796 atiptaxx.exe Title: ATI Tray Icon Application 1804 DITASK.EXE Title: ditask 1812 divamon.exe 1820 watch.exe Title: DIVA_CARD_DAEMON 1828 CGServer.exe Title: ISDN-Guard Prozess 1872 DiInfo.exe Title: DiInfo 1880 DSentry.exe Title: DVDSentry 1892 Directcd.exe Title: DirectCD 1936 ccApp.exe Title: 1964 GhostStartTrayApGhostStartTrayAppTitle: GhostStartTrayApp 1976 SpeedMgr.exe Title: T-DSL SpeedManager 1984 CTFMON.EXE Title: 2032 SonyTray.exe Title: Image Transfer 152 WZQKPICK.EXE Title: Über WinZip Quick Pick 196 diagent.exe Title: Creative Diagnostics Agent 340 wmplayer.exe Title: Windows Media Player 224 ALG.EXE Svcs: ALG 1852 ati2evxx.exe Svcs: Ati HotKey Poller 1928 CCPXYSVC.EXE Svcs: ccPxySvc 428 CTsvcCDA.EXE Svcs: Creative Service for CDROM Access 392 GHOSTS~2.EXE Svcs: GhostStartService 1612 NAVAPSVC.EXE Svcs: navapsvc 108 NPROTECT.EXE Svcs: NProtectService 768 NOPDB.EXE Svcs: Speed Disk service 1624 MsPMSPSv.exe Svcs: WMDM PMSP Service 2404 TSMSvc.exe Svcs: TSMService 2980 NTVDM.EXE Title: T-Online StartCenter 3092 ToDuCAlC.exe Title: ToDuCAlC 904 IEXPLORE.EXE Title: Trojaner-Board: Hijacker "about blank" !! - Microsoft Internet Explorer provided by Tiscali 3916 CMD.EXE Title: C:\WINDOWS\System32\cmd.exe 504 NTVDM.EXE 3932 tlist.exe REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB329369-CC55-440F-964B-BBD33E6D64F3}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}] @="NAV Helper" REGEDIT4 [HKEY_CLASSES_ROOT\PROTOCOLS\Filter] [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler] @="AP Class Install Handler filter" "CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate] @="AP Deflate Encoding/Decoding Filter " "CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}" [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip] @="AP GZIP Encoding/Decoding Filter " "CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}" [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml] @="AP lzdhtml encoding/decoding Filter" "CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}" [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html] "CLSID"="{7B0A57B7-B328-48C3-9C86-99AE21AC1965}" [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain] "CLSID"="{7B0A57B7-B328-48C3-9C86-99AE21AC1965}" [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml] @="WebView MIME Filter" "CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "System"="{271C74B5-A2C7-4A26-90E2-93F202EABFE7}" »»Security settings for 'Windows' key: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: (ID-NI) ALLOW Read VORDEFINIERT\Benutzer (ID-IO) ALLOW Read VORDEFINIERT\Benutzer (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access ERSTELLER-BESITZER Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: Read VORDEFINIERT\Benutzer Full access VORDEFINIERT\Administratoren Full access NT-AUTORITŽT\SYSTEM »»Size of 'Windows' key: (Default-450;No'AppInit'-398;*Fake-~448+!) Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows\SYS:Microsoft\Windows NT\CurrentVersion\Windows : AppInit_DLLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ : AppInit_DLLs »»Winlogon\notify: ! REG.EXE VERSION 2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon Size of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: 5016 »»UserInit value: ! REG.EXE VERSION 2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit REG_SZ C:\WINDOWS\system32\userinit.exe, 5.1.2600.0 C:\WINDOWS\System32\userinit.exe --a-- W32i APP DEU 5.1.2600.0 shp 22,016 08-18-2001 userinit.exe »»Group/user settings: User: [DCNFGL0J\Thomas], is a member of: VORDEFINIERT\Administratoren \Everyone User is a member of group DCNFGL0J\Kein. User is a member of group \Jeder. User is a member of group VORDEFINIERT\Administratoren. User is a member of group VORDEFINIERT\Benutzer. User is a member of group \LOKAL. User is a member of group NT-AUTORITÄT\INTERAKTIV. User is a member of group NT-AUTORITÄT\Authentifizierte Benutzer. »»ACLs list: C:\junkxxx VORDEFINIERT\Administratoren:F VORDEFINIERT\AdministratorenOI)(CI)(IO)F NT-AUTORITÄT\SYSTEM:F NT-AUTORITÄT\SYSTEMOI)(CI)(IO)F DCNFGL0J\Thomas:F ERSTELLER-BESITZEROI)(CI)(IO)F VORDEFINIERT\Benutzer:R VORDEFINIERT\BenutzerOI)(CI)(IO)(special access GENERIC_READ GENERIC_EXECUTE VORDEFINIERT\BenutzerCI)(special access FILE_APPEND_DATA VORDEFINIERT\BenutzerCI)(special access FILE_WRITE_DATA ERROR: Es sind keine weiteren Dateien vorhanden. »»File(s) in 'junkxxx' folder: »»Md5sums MD5sums 1.1 freeware for Win9x/ME/NT/2000/XP+ Copyright (C) 2001-2002 Jem Berkes - http://www.pc-tools.net/ 0 bytes, 0 ms = 0.00 MB/sec »»hosts file: R C:\WINDOWS\System32\Drivers\etc\HOSTS -r--- - - - - - 820 08-18-2001 hosts ------ »»Rehash: »Strings found: Sun Jun 13 11:24:27 2004 -- ++Find-All backups: A C:\FindallwinBackup.hiv --a-- - - - - - 8,192 06-13-2004 findallwinbackup.hiv A C:\findallappinit.reg --a-- - - - - - 632 06-13-2004 findallappinit.reg A C:\Find-All\Find-All\winBackup.hiv A C:\Find-All\Find-All\Fileslist\copyhosts.txt A C:\Find-All\Find-All\Fileslist\drivers.txt A C:\Find-All\Find-All\Fileslist\modules.txt A C:\Find-All\Find-All\Fileslist\services.txt A C:\Find-All\Find-All\Fileslist\windows.txt ***Next Registry run should open this key directly: ! REG.EXE VERSION 2.0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit LastKey REG_SZ My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Also vielleicht hat ja jemand eine Ahnung. Vielen Dank im voraus. Tori |
Themen zu about:blank |
about blank, appinit_dlls, attention, browser, computer, ctfmon.exe, dateien, diagnostics, drivers, explorer, file, generic, helper, hotkey, internet, internet explorer, lanmanworkstation, log, logon.exe, lsass.exe, microsoft, nicht, policyagent, problem, programm, programme, registry, server, services.exe, software, svchost.exe, system, systray, t-online, thomas, trojaner-board, userinit.exe, webcheck, windows, windows\system32\drivers, winlogon.exe, write |