![]() |
Hallo Leute, habe ein Problem mit der Startseite about:blank. Habe hier im Boerd schon einen Beitrag gelesen, komme aber trotzdem nicht zurecht. Bekomme mit SPhjFix v1.07 immer die Meldung: Stealth-String not found -> Programm terminated Hab mal Find-All laufen lassen. Dieses Log ist das Ergebnis: Total: 119 965 708 288 [112G] - Free: 36 570 988 544 [34G] »»IE version and Service packs: 6.0.2600.0 C:\Programme\Internet Explorer\Iexplore.exe --a-- W32i APP DEU 6.0.2600.0 shp 91,136 08-18-2001 iexplore.exe ! REG.EXE VERSION 2.0 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings MinorVersion REG_SZ ;q319182; »»Google: »»UserAgent: »»Wmplayer version: 9.0.0.2980 C:\Programme\Windows Media Player\wmplayer.exe --a-- W32i APP DEU 9.0.0.2980 shp 73,728 12-12-2002 wmplayer.exe 6.4.9.1120 C:\Programme\Windows Media Player\mplayer2.exe --a-- W32i APP ENU 6.4.9.1120 shp 4,639 08-18-2001 mplayer2.exe »»M$Java version: 5.0.3805.0 C:\WINDOWS\System32\msjava.dll --a-- W32i DLL ENU 5.0.3805.0 shp 945,936 02-18-2002 msjava.dll »»NotePad(s) version(s): 5.1.2600.0 C:\WINDOWS\notepad.exe --a-- W32i APP DEU 5.1.2600.0 shp 67,072 08-18-2001 notepad.exe 5.1.2600.0 C:\WINDOWS\System32\notepad.exe --a-- W32i APP DEU 5.1.2600.0 shp 67,072 08-18-2001 notepad.exe »» Regedit* version(s): 5.1.2600.0 C:\WINDOWS\regedit.exe --a-- W32i APP DEU 5.1.2600.0 shp 141,312 08-18-2001 regedit.exe 5.1.2600.0 C:\WINDOWS\System32\regedt32.exe --a-- W32i APP ENU 5.1.2600.0 shp 3,584 08-18-2001 regedt32.exe »»PC uptime: 11:24am up 0 days, 1:01 »»Locked or 'Suspect' file(s) found... »»»»»»»»»»»»»»»»»»***Attention!***»»»»»»»»»»»»»»»» Files listed in this section (in System32) are not always definitive! Always Double Check and be sure the file pointed doesn't exist! »»Tasks (services): 0 System Process 4 System 568 SMSS.EXE 640 CSRSS.EXE Title: 664 winlogon.exe Title: NetDDE Agent 708 SERVICES.EXE Svcs: Eventlog,PlugPlay 720 LSASS.EXE Svcs: PolicyAgent,ProtectedStorage,SamSs 888 SVCHOST.EXE Svcs: RpcSs 988 SVCHOST.EXE Svcs: AudioSrv,Browser,CryptSvc,Dhcp,ERSvc,EventSystem,FastUserSwitchingCompatibility,helpsvc,lanmanserver,lanmanworkstation,Messenger,Netman,Nla,RasAuto,Ra sMan,Schedule,seclogon,SENS,Sh aredAccess,ShellHWDetection,srservice,TapiSrv,TermService,Themes,TrkWks,upl 1156 SVCHOST.EXE Svcs: Dnscache 1224 SVCHOST.EXE Svcs: LmHosts,SSDPSRV,WebClient 1412 SPOOLSV.EXE Svcs: Spooler 1468 CCEVTMGR.EXE Svcs: ccEvtMgr 1476 EXPLORER.EXE Title: Program Manager 1488 NISUM.EXE Svcs: NISUM 1796 atiptaxx.exe Title: ATI Tray Icon Application 1804 DITASK.EXE Title: ditask 1812 divamon.exe 1820 watch.exe Title: DIVA_CARD_DAEMON 1828 CGServer.exe Title: ISDN-Guard Prozess 1872 DiInfo.exe Title: DiInfo 1880 DSentry.exe Title: DVDSentry 1892 Directcd.exe Title: DirectCD 1936 ccApp.exe Title: 1964 GhostStartTrayApGhostStartTrayAppTitle: GhostStartTrayApp 1976 SpeedMgr.exe Title: T-DSL SpeedManager 1984 CTFMON.EXE Title: 2032 SonyTray.exe Title: Image Transfer 152 WZQKPICK.EXE Title: Über WinZip Quick Pick 196 diagent.exe Title: Creative Diagnostics Agent 340 wmplayer.exe Title: Windows Media Player 224 ALG.EXE Svcs: ALG 1852 ati2evxx.exe Svcs: Ati HotKey Poller 1928 CCPXYSVC.EXE Svcs: ccPxySvc 428 CTsvcCDA.EXE Svcs: Creative Service for CDROM Access 392 GHOSTS~2.EXE Svcs: GhostStartService 1612 NAVAPSVC.EXE Svcs: navapsvc 108 NPROTECT.EXE Svcs: NProtectService 768 NOPDB.EXE Svcs: Speed Disk service 1624 MsPMSPSv.exe Svcs: WMDM PMSP Service 2404 TSMSvc.exe Svcs: TSMService 2980 NTVDM.EXE Title: T-Online StartCenter 3092 ToDuCAlC.exe Title: ToDuCAlC 904 IEXPLORE.EXE Title: Trojaner-Board: Hijacker "about blank" !! - Microsoft Internet Explorer provided by Tiscali 3916 CMD.EXE Title: C:\WINDOWS\System32\cmd.exe 504 NTVDM.EXE 3932 tlist.exe REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BB329369-CC55-440F-964B-BBD33E6D64F3}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}] @="NAV Helper" REGEDIT4 [HKEY_CLASSES_ROOT\PROTOCOLS\Filter] [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler] @="AP Class Install Handler filter" "CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}" [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate] @="AP Deflate Encoding/Decoding Filter " "CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}" [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip] @="AP GZIP Encoding/Decoding Filter " "CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}" [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml] @="AP lzdhtml encoding/decoding Filter" "CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}" [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html] "CLSID"="{7B0A57B7-B328-48C3-9C86-99AE21AC1965}" [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/plain] "CLSID"="{7B0A57B7-B328-48C3-9C86-99AE21AC1965}" [HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml] @="WebView MIME Filter" "CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}" REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "System"="{271C74B5-A2C7-4A26-90E2-93F202EABFE7}" »»Security settings for 'Windows' key: RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de) This program is Freeware, use it on your own risk! Access Control List for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: (ID-NI) ALLOW Read VORDEFINIERT\Benutzer (ID-IO) ALLOW Read VORDEFINIERT\Benutzer (ID-NI) ALLOW Full access VORDEFINIERT\Administratoren (ID-IO) ALLOW Full access VORDEFINIERT\Administratoren (ID-NI) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access NT-AUTORITŽT\SYSTEM (ID-IO) ALLOW Full access ERSTELLER-BESITZER Effective permissions for Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: Read VORDEFINIERT\Benutzer Full access VORDEFINIERT\Administratoren Full access NT-AUTORITŽT\SYSTEM »»Size of 'Windows' key: (Default-450;No'AppInit'-398;*Fake-~448+!) Size of HKEY_LOCAL_MACHINE\software\microsoft\Windows NT\CurrentVersion\Windows: 450 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows\SYS:Microsoft\Windows NT\CurrentVersion\Windows : AppInit_DLLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\ : AppInit_DLLs »»Winlogon\notify: ! REG.EXE VERSION 2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon Size of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify: 5016 »»UserInit value: ! REG.EXE VERSION 2.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit REG_SZ C:\WINDOWS\system32\userinit.exe, 5.1.2600.0 C:\WINDOWS\System32\userinit.exe --a-- W32i APP DEU 5.1.2600.0 shp 22,016 08-18-2001 userinit.exe »»Group/user settings: User: [DCNFGL0J\Thomas], is a member of: VORDEFINIERT\Administratoren \Everyone User is a member of group DCNFGL0J\Kein. User is a member of group \Jeder. User is a member of group VORDEFINIERT\Administratoren. User is a member of group VORDEFINIERT\Benutzer. User is a member of group \LOKAL. User is a member of group NT-AUTORITÄT\INTERAKTIV. User is a member of group NT-AUTORITÄT\Authentifizierte Benutzer. »»ACLs list: C:\junkxxx VORDEFINIERT\Administratoren:F VORDEFINIERT\Administratoren:(OI)(CI)(IO)F NT-AUTORITÄT\SYSTEM:F NT-AUTORITÄT\SYSTEM:(OI)(CI)(IO)F DCNFGL0J\Thomas:F ERSTELLER-BESITZER:(OI)(CI)(IO)F VORDEFINIERT\Benutzer:R VORDEFINIERT\Benutzer:(OI)(CI)(IO)(special access:) GENERIC_READ GENERIC_EXECUTE VORDEFINIERT\Benutzer:(CI)(special access:) FILE_APPEND_DATA VORDEFINIERT\Benutzer:(CI)(special access:) FILE_WRITE_DATA ERROR: Es sind keine weiteren Dateien vorhanden. »»File(s) in 'junkxxx' folder: »»Md5sums MD5sums 1.1 freeware for Win9x/ME/NT/2000/XP+ Copyright (C) 2001-2002 Jem Berkes - http://www.pc-tools.net/ 0 bytes, 0 ms = 0.00 MB/sec »»hosts file: R C:\WINDOWS\System32\Drivers\etc\HOSTS -r--- - - - - - 820 08-18-2001 hosts ------ »»Rehash: »Strings found: Sun Jun 13 11:24:27 2004 -- ++Find-All backups: A C:\FindallwinBackup.hiv --a-- - - - - - 8,192 06-13-2004 findallwinbackup.hiv A C:\findallappinit.reg --a-- - - - - - 632 06-13-2004 findallappinit.reg A C:\Find-All\Find-All\winBackup.hiv A C:\Find-All\Find-All\Fileslist\copyhosts.txt A C:\Find-All\Find-All\Fileslist\drivers.txt A C:\Find-All\Find-All\Fileslist\modules.txt A C:\Find-All\Find-All\Fileslist\services.txt A C:\Find-All\Find-All\Fileslist\windows.txt ***Next Registry run should open this key directly: ! REG.EXE VERSION 2.0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit LastKey REG_SZ My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Also vielleicht hat ja jemand eine Ahnung. Vielen Dank im voraus. Tori |
hi torixsolosofix, meinst du mit deinen 3 threads, die du hier geöffnet hast, bekommst du schneller antwort? ---> da hast du falsch gedacht. ;) immer geduld haben. dies ist ein u2u-forum. also warte einfach ab, und eröffne nicht in jedem unterforum den gleichen thread. doppelpostings bringen nichts - nur unübersichtlichkeit. ;) |
Tschuldigung, [img]graemlins/heulen.gif[/img] ich kenn mich mit boards nicht so aus und meinte ich hätte u.U. das falsche Forum erwischt. Tori |
Alle Zeitangaben in WEZ +1. Es ist jetzt 09:49 Uhr. |
Copyright ©2000-2025, Trojaner-Board