Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Antiviren-, Firewall- und andere Schutzprogramme (https://www.trojaner-board.de/antiviren-firewall-andere-schutzprogramme/)
-   -   about:blank (https://www.trojaner-board.de/562-about-blank.html)

torixsolosofix 14.06.2004 00:07
Hallo Leute,
habe ein Problem mit der Startseite about:blank.

Habe hier im Boerd schon einen Beitrag gelesen, komme aber trotzdem nicht zurecht.

Bekomme mit SPhjFix v1.07 immer die Meldung:
Stealth-String not found -> Programm terminated

Hab mal Find-All laufen lassen.
Dieses Log ist das Ergebnis:

Total: 119 965 708 288 [112G] - Free: 36 570 988 544 [34G]


»»IE version and Service packs:
6.0.2600.0 C:\Programme\Internet Explorer\Iexplore.exe
--a-- W32i APP DEU 6.0.2600.0 shp 91,136 08-18-2001 iexplore.exe

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MinorVersion REG_SZ ;q319182;

»»Google:

»»UserAgent:

»»Wmplayer version:
9.0.0.2980 C:\Programme\Windows Media Player\wmplayer.exe
--a-- W32i APP DEU 9.0.0.2980 shp 73,728 12-12-2002 wmplayer.exe
6.4.9.1120 C:\Programme\Windows Media Player\mplayer2.exe
--a-- W32i APP ENU 6.4.9.1120 shp 4,639 08-18-2001 mplayer2.exe

»»M$Java version:
5.0.3805.0 C:\WINDOWS\System32\msjava.dll
--a-- W32i DLL ENU 5.0.3805.0 shp 945,936 02-18-2002 msjava.dll

»»NotePad(s) version(s):
5.1.2600.0 C:\WINDOWS\notepad.exe
--a-- W32i APP DEU 5.1.2600.0 shp 67,072 08-18-2001 notepad.exe
5.1.2600.0 C:\WINDOWS\System32\notepad.exe
--a-- W32i APP DEU 5.1.2600.0 shp 67,072 08-18-2001 notepad.exe

»» Regedit* version(s):
5.1.2600.0 C:\WINDOWS\regedit.exe
--a-- W32i APP DEU 5.1.2600.0 shp 141,312 08-18-2001 regedit.exe
5.1.2600.0 C:\WINDOWS\System32\regedt32.exe
--a-- W32i APP ENU 5.1.2600.0 shp 3,584 08-18-2001 regedt32.exe


»»PC uptime:
11:24am up 0 days, 1:01

»»Locked or 'Suspect' file(s) found...

»»»»»»»»»»»»»»»»»»***Attention!***»»»»»»»»»»»»»»»»
Files listed in this section (in System32) are not always definitive!
Always Double Check and be sure the file pointed doesn't exist!

»»Tasks (services):
0 System Process
4 System
568 SMSS.EXE
640 CSRSS.EXE Title:
664 winlogon.exe Title: NetDDE Agent
708 SERVICES.EXE Svcs: Eventlog,PlugPlay
720 LSASS.EXE Svcs: PolicyAgent,ProtectedStorage,SamSs
888 SVCHOST.EXE Svcs: RpcSs
988 SVCHOST.EXE Svcs: AudioSrv,Browser,CryptSvc,Dhcp,ERSvc,EventSystem,FastUserSwitchingCompatibility,helpsvc,lanmanserver,lanmanworkstation,Messenger,Netman,Nla,RasAuto,Ra sMan,Schedule,seclogon,SENS,Sh aredAccess,ShellHWDetection,srservice,TapiSrv,TermService,Themes,TrkWks,upl
1156 SVCHOST.EXE Svcs: Dnscache
1224 SVCHOST.EXE Svcs: LmHosts,SSDPSRV,WebClient
1412 SPOOLSV.EXE Svcs: Spooler
1468 CCEVTMGR.EXE Svcs: ccEvtMgr
1476 EXPLORER.EXE Title: Program Manager
1488 NISUM.EXE Svcs: NISUM
1796 atiptaxx.exe Title: ATI Tray Icon Application
1804 DITASK.EXE Title: ditask
1812 divamon.exe
1820 watch.exe Title: DIVA_CARD_DAEMON
1828 CGServer.exe Title: ISDN-Guard Prozess
1872 DiInfo.exe Title: DiInfo
1880 DSentry.exe Title: DVDSentry
1892 Directcd.exe Title: DirectCD
1936 ccApp.exe Title:
1964 GhostStartTrayApGhostStartTrayAppTitle: GhostStartTrayApp
1976 SpeedMgr.exe Title: T-DSL SpeedManager
1984 CTFMON.EXE Title:
2032 SonyTray.exe Title: Image Transfer
152 WZQKPICK.EXE Title: Über WinZip Quick Pick
196 diagent.exe Title: Creative Diagnostics Agent
340 wmplayer.exe Title: Windows Media Player
224 ALG.EXE Svcs: ALG
1852 ati2evxx.exe Svcs: Ati HotKey Poller
1928 CCPXYSVC.EXE Svcs: ccPxySvc
428 CTsvcCDA.EXE Svcs: Creative Service for CDROM Access
392 GHOSTS~2.EXE Svcs: GhostStartService
1612 NAVAPSVC.EXE Svcs: navapsvc
108 NPROTECT.EXE Svcs: NProtectService
768 NOPDB.EXE Svcs: Speed Disk service
1624 MsPMSPSv.exe Svcs: WMDM PMSP Service
2404 TSMSvc.exe Svcs: TSMService
2980 NTVDM.EXE Title: T-Online StartCenter
3092 ToDuCAlC.exe Title: ToDuCAlC
904 IEXPLORE.EXE Title: Trojaner-Board: Hijacker "about blank" !! - Microsoft Internet Explorer provided by Tiscali
3916 CMD.EXE Title: C:\WINDOWS\System32\cmd.exe
504 NTVDM.EXE
3932 tlist.exe
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB329369-CC55-440F-964B-BBD33E6D64F3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
@="NAV Helper"

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html]
"CLSID"="{7B0A57B7-B328-48C3-9C86-99AE21AC1965}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain]
"CLSID"="{7B0A57B7-B328-48C3-9C86-99AE21AC1965}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"System"="{271C74B5-A2C7-4A26-90E2-93F202EABFE7}"

»»Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
(ID-NI) ALLOW Read VORDEFINIERT\Benutzer
(ID-IO) ALLOW Read VORDEFINIERT\Benutzer
(ID-NI) ALLOW Full access VORDEFINIERT\Administratoren
(ID-IO) ALLOW Full access VORDEFINIERT\Administratoren
(ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM
(ID-IO) ALLOW Full access ERSTELLER-BESITZER

Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:
Read VORDEFINIERT\Benutzer
Full access VORDEFINIERT\Administratoren
Full access NT-AUTORITŽT\SYSTEM


»»Size of 'Windows' key: (Default-450;No'AppInit'-398;*Fake-~448+!)
Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows\SYS:Microsoft\Windows NT\CurrentVersion\Windows : AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ : AppInit_DLLs

»»Winlogon\notify:

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
Size of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: 5016

»»UserInit value:

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,

5.1.2600.0 C:\WINDOWS\System32\userinit.exe
--a-- W32i APP DEU 5.1.2600.0 shp 22,016 08-18-2001 userinit.exe

»»Group/user settings:


User: [DCNFGL0J\Thomas], is a member of:

VORDEFINIERT\Administratoren
\Everyone

User is a member of group DCNFGL0J\Kein.
User is a member of group \Jeder.
User is a member of group VORDEFINIERT\Administratoren.
User is a member of group VORDEFINIERT\Benutzer.
User is a member of group \LOKAL.
User is a member of group NT-AUTORITÄT\INTERAKTIV.
User is a member of group NT-AUTORITÄT\Authentifizierte Benutzer.

»»ACLs list:
C:\junkxxx VORDEFINIERT\Administratoren:F
VORDEFINIERT\Administratoren:(OI)(CI)(IO)F
NT-AUTORITÄT\SYSTEM:F
NT-AUTORITÄT\SYSTEM:(OI)(CI)(IO)F
DCNFGL0J\Thomas:F
ERSTELLER-BESITZER:(OI)(CI)(IO)F
VORDEFINIERT\Benutzer:R
VORDEFINIERT\Benutzer:(OI)(CI)(IO)(special access:)

GENERIC_READ
GENERIC_EXECUTE

VORDEFINIERT\Benutzer:(CI)(special access:)

FILE_APPEND_DATA

VORDEFINIERT\Benutzer:(CI)(special access:)

FILE_WRITE_DATA


ERROR: Es sind keine weiteren Dateien vorhanden.


»»File(s) in 'junkxxx' folder:

»»Md5sums

MD5sums 1.1 freeware for Win9x/ME/NT/2000/XP+
Copyright (C) 2001-2002 Jem Berkes - http://www.pc-tools.net/


0 bytes, 0 ms = 0.00 MB/sec

»»hosts file:
R C:\WINDOWS\System32\Drivers\etc\HOSTS
-r--- - - - - - 820 08-18-2001 hosts
------
»»Rehash:

»Strings found:

Sun Jun 13 11:24:27 2004 -- ++Find-All backups:
A C:\FindallwinBackup.hiv
--a-- - - - - - 8,192 06-13-2004 findallwinbackup.hiv
A C:\findallappinit.reg
--a-- - - - - - 632 06-13-2004 findallappinit.reg
A C:\Find-All\Find-All\winBackup.hiv
A C:\Find-All\Find-All\Fileslist\copyhosts.txt
A C:\Find-All\Find-All\Fileslist\drivers.txt
A C:\Find-All\Find-All\Fileslist\modules.txt
A C:\Find-All\Find-All\Fileslist\services.txt
A C:\Find-All\Find-All\Fileslist\windows.txt

***Next Registry run should open this key directly:

! REG.EXE VERSION 2.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit
LastKey REG_SZ My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows



Also vielleicht hat ja jemand eine Ahnung.
Vielen Dank im voraus.
Tori

mav1976 14.06.2004 05:25
hi torixsolosofix,

meinst du mit deinen 3 threads, die du hier geöffnet hast, bekommst du schneller antwort? ---> da hast du falsch gedacht. ;)

immer geduld haben. dies ist ein u2u-forum. also warte einfach ab, und eröffne nicht in jedem unterforum den gleichen thread. doppelpostings bringen nichts - nur unübersichtlichkeit. ;)

torixsolosofix 14.06.2004 07:18
Tschuldigung, [img]graemlins/heulen.gif[/img]

ich kenn mich mit boards nicht so aus und meinte ich hätte u.U. das falsche Forum erwischt.

Tori


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131