Trojaner-Board - about:blank Problem

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - about:blank Problem (https://www.trojaner-board.de/8150-about-blank-problem.html)

about:blank Problem

ich bekomme das about:blank problem nicht unter kontrolle! ich weiß mein surfverhalten war wahrscheinlich auch nicht bestens, aber was kann ich nun machen? es ploppen dauernd popups auf und meine startseite wird auf irgendeine unseriöse suchseite umgeleitet.
mein hijackthis log:

Logfile of HijackThis v1.98.2
Scan saved at 19:13:31, on 05.10.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Launch Manager\QtDTAcer.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Alcohol Soft\Alcohol 120\Alcohol.exe
C:\Program Files\Windows SyncroAd\SyncroAd.exe
C:\Programme\PestPatrol\CookiePatrol.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\erdferkel\Anwendungsdaten\x??j?.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\Programme\Web_Rebates\WebRebates1.exe
C:\Programme\Web_Rebates\WebRebates0.exe
C:\WINDOWS\system32\javaif.exe
C:\WINDOWS\info147.sys:ppabx
C:\Programme\ISTsvc\istsvc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\WINDOWS\System32\vwcmvo.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\erdferkel\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\frdfw.dll/sp.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\frdfw.dll/sp.html#37680
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\frdfw.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\frdfw.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\frdfw.dll/sp.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\frdfw.dll/sp.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\frdfw.dll/sp.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B593208-5434-CAE6-A2FC-C5C15173213D} - C:\WINDOWS\system32\sdkhm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Programme\ISTbar\istbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LManager] C:\Programme\Launch Manager\QtDTAcer.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [42963808.exe] C:\WINDOWS\System32\42963808.exe
O4 - HKLM\..\Run: [6110781.exe] C:\WINDOWS\System32\6110781.exe
O4 - HKLM\..\Run: [50071352.exe] C:\WINDOWS\System32\50071352.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [40838259.exe] C:\WINDOWS\System32\40838259.exe
O4 - HKLM\..\Run: [93095034.exe] C:\WINDOWS\System32\93095034.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Alcohol.exe Autorun] C:\Programme\Alcohol Soft\Alcohol 120\Alcohol.exe /startup
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Programme\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programme\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\Programme\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programme\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [javaif.exe] C:\WINDOWS\system32\javaif.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [redatjwm] C:\WINDOWS\System32\vwcmvo.exe
O4 - HKLM\..\RunOnce: [ppabx] C:\WINDOWS\info147.sys:ppabx
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOKUME~1\ERDFER~1\LOKALE~1\Temp\djtopr1150.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Oece] C:\Dokumente und Einstellungen\erdferkel\Anwendungsdaten\x??j?.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll
O12 - Plugin for .mid: C:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpeg: C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: {11010101-1001-1111-1000-113297499351} - ms-its:mhtml:file://c:\nosuch.mht!http://lab-wire.com/pop/chm/main.chm::/d_main.exe
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://c:\nosuch.mht!http://clubonly18.com/new2/iehelp.chm::/on-line.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...a29296baabe1d6
O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...0006_adult.cab
O16 - DPF: {8699D723-6DC6-47D3-B55C-489BA006B917} - http://www.tanja.nu/mullekken/webinstall.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://216.65.38.226/crack.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{861DDE9B-B3B5-48A2-BFCC-F1DD085C91A7}: NameServer = 195.202.138.2,195.202.138.3
O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34544} - C:\WINDOWS\System32\vbsys.dll

ich würde mich sehr über hilfe freuen, besonders wenn es mir eine neuinstallation meines systems erspart!

Fixe:

C:\Programme\Launch Manager\QtDTAcer.EXE

+Manuell Löschen
C:\Program Files\Windows SyncroAd\SyncroAd.exe

C:\Dokumente und Einstellungen\erdferkel\Anwendungsdaten\x??j?.exe

+Manuell Löschen
C:\Program Files\Windows SyncroAd\WinSync.exe
C:\Programme\Web_Rebates\WebRebates1.exe
C:\Programme\Web_Rebates\WebRebates0.exe

C:\WINDOWS\system32\javaif.exe

+Manuell Löschen
C:\Program Files\Internet Optimizer\actalert.exe

C:\WINDOWS\System32\vwcmvo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\frdfw.dll/sp.html#37680

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\frdfw.dll/sp.html#37680

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
res://C:\WINDOWS\frdfw.dll/sp.html#37680 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\frdfw.dll/sp.html#37680 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\frdfw.dll/sp.html#37680

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\frdfw.dll/sp.html#37680 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\frdfw.dll/sp.html#37680 R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {0B593208-5434-CAE6-A2FC-C5C15173213D} -
C:\WINDOWS\system32\sdkhm.dll O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} -
C:\Programme\ISTbar\istbar.dll O4 - HKLM\..\Run: [42963808.exe] C:\WINDOWS\System32\42963808.exe O4 - HKLM\..\Run: [6110781.exe] C:\WINDOWS\System32\6110781.exe O4 - HKLM\..\Run: [50071352.exe] C:\WINDOWS\System32\50071352.exe O4 - HKLM\..\Run: [40838259.exe] C:\WINDOWS\System32\40838259.exe O4 - HKLM\..\Run: [93095034.exe] C:\WINDOWS\System32\93095034.exe O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows
SyncroAd\SyncroAd.exe O4 - HKLM\..\Run: [WebRebates0] C:\Programme\Web_Rebates\WebRebates0.exe O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchmiracle.com O16 - DPF: {11120607-1001-1111-1000-110199901123} -
ms-its:mhtml:file://c:\nosuch.mht!http://clubonly18.com/new2/iehelp.chm::/o
n-line.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_f...8a29296baabe1d6 O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) -
http://www.xxxtoolbar.com/ist/softw.../0006_adult.cab O16 - DPF: {8699D723-6DC6-47D3-B55C-489BA006B917} -
http://www.tanja.nu/mullekken/webinstall.cab O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} -
http://216.65.38.226/crack.CAB O17 -
HKLM\System\CCS\Services\Tcpip\..\{861DDE9B-B3B5-48A2-BFCC-F1DD085C91A7}:
NameServer = 195.202.138.2,195.202.138.3 O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34544} -
C:\WINDOWS\System32\vbsys.dll

Wer soll das denn noch lesen bzw. fixen können?

Lösche diese Dateien bzw. Ordner im abgesicherten Modus:
C:\Program Files\Windows SyncroAd
C:\Dokumente und Einstellungen\erdferkel\Anwendungsdaten\x??j?.exe
C:\WINDOWS\system32\javaif.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\WINDOWS\System32\vwcmvo.exe
C:\WINDOWS\system32\sdkhm.dll
C:\Programme\ISTbar

Dies deinstallieren:
C:\Programme\Web_Rebates\WebRebates1.exe

Dies mit HijackThis fixen:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\frdfw.dll/sp.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\frdfw.dll/sp.html#37680
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\frdfw.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\frdfw.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\frdfw.dll/sp.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\frdfw.dll/sp.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\frdfw.dll/sp.html#37680
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0B593208-5434-CAE6-A2FC-C5C15173213D} -
C:\WINDOWS\system32\sdkhm.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} -
C:\Programme\ISTbar\istbar.dll
O4 - HKLM\..\Run: [42963808.exe] C:\WINDOWS\System32\42963808.exe
O4 - HKLM\..\Run: [6110781.exe] C:\WINDOWS\System32\6110781.exe
O4 - HKLM\..\Run: [50071352.exe] C:\WINDOWS\System32\50071352.exe
O4 - HKLM\..\Run: [40838259.exe] C:\WINDOWS\System32\40838259.exe
O4 - HKLM\..\Run: [93095034.exe] C:\WINDOWS\System32\93095034.exe
O4 - HKLM\..\Run: [Windows SyncroAd] C:\Program Files\Windows
SyncroAd\SyncroAd.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Programme\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [javaif.exe] C:\WINDOWS\system32\javaif.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [redatjwm] C:\WINDOWS\System32\vwcmvo.exe
O4 - HKLM\..\RunOnce: [ppabx] C:\WINDOWS\info147.syspabx
O4 - HKLM\..\RunOnce: [djtopr1150.exe]
"C:\DOKUME~1\ERDFER~1\LOKALE~1\Temp\djtopr1150.exe"
O4 - HKCU\..\Run: [Oece] C:\Dokumente und
Einstellungen\erdferkel\Anwendungsdaten\x??j?.exe
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O16 - DPF: {11010101-1001-1111-1000-113297499351} - ms-its:mhtml:file://c:\nosuch.mht!http://lab-wire.com/pop/chm/main.chm::/d_main.exe
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://c:\nosuch.mht!http://clubonly18.com/new2/iehelp.chm::/on-line.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...8a29296baabe1d6
O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softw.../0006_adult.cab
O16 - DPF: {8699D723-6DC6-47D3-B55C-489BA006B917} - http://www.tanja.nu/mullekken/webinstall.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://216.65.38.226/crack.CAB

Verwende zum Schutz vor Hijackern einen anderen Browser: www.firefox-browser.de ist sicher und kostenlos
www.mozilla.kairo.at
www.opera.com

scheint funktioniert zu haben, ich danke einstweilen für die rasche hilfe! da hat sich in kürzester zeit einiges angesammelt bei mir, in zukunft werde ich etwas besser aufpassen.