Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   about blankl (https://www.trojaner-board.de/9802-about-blankl.html)

Menni57 19.11.2004 12:02
about blankl
 
Hi.. mir gehts ähnlich wie einigen. Bekomme den Trojaner "about blank " nicht runter.Hier der hjackthis logfile

Logfile of HijackThis v1.98.2
Scan saved at 11:40:33, on 19.11.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
F:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\sstray.exe
F:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
F:\AsusProb.exe
F:\Programme\PestPatrol\PPMemCheck.exe
F:\Programme\PestPatrol\CookiePatrol.exe
F:\Programme\PestPatrol\PPControl.exe
F:\Programme\Web_Rebates\WebRebates0.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Programme\Telekom\Eumex 704PC DSL\Capictrl.exe
F:\Programme\Telekom\Eumex 704PC DSL\HNetCtrl.exe
F:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
F:\WINDOWS\system32\gearsec.exe
F:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
F:\WINDOWS\System32\SLEE503.exe
F:\WINDOWS\System32\SLEE81.exe
F:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
F:\Programme\Web_Rebates\WebRebates1.exe
F:\Dokumente und Einstellungen\Katze\Desktop\Sicherheit\lspfix\LSPFix.exe
F:\Programme\Netscape\Netscape\Netscp.exe
F:\Dokumente und Einstellungen\Katze\Desktop\Sicherheit\hijackthis1982\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://www.netscape.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ebay.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.netscape.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-bon
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-bon
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = F:\WINDOWS\System32\
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = f:\windows\system32\
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PowerSearch - {4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {BB1C0710-44F9-4D79-B4CF-9EB5767D8844} - F:\WINDOWS\System32\pfcgoaa.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - F:\Programme\TGTSoft\StyleXP\TGT_BHO.dll (disabled by BHODemon)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Internet Anonym - {00000000-0002-0002-0000-000000000000} - d:\programme\steganos internet anonym 6\siaiep.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D} - (no file)
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [ccApp] "F:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] F:\Programme\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ASUS Probe] f:\AsusProb.exe
O4 - HKLM\..\Run: [PPMemCheck] F:\Programme\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] F:\Programme\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] F:\Programme\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [WebRebates0] "F:\Programme\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "F:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Web Offer] F:\WINDOWS\ILOOKUP\EZSTUB22.EXE
O4 - Startup: BackProtection.lnk = F:\Programme\BackProtection 2004\backprotection.exe
O4 - Global Startup: CAPIControl.lnk = ?
O4 - Global Startup: HomeNet Control.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: SirSearch - file://F:\Programme\PWRSACEZ\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Acez.com - Download Free Screen Savers - {88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6} - F:\WINDOWS\acezlink.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\PROGRA~1\AIM95\aim.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/sv/online.chm::/on-line.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.toolbars-cash.com/clk/111.chm::/file.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/dl/adv81/x.chm::/load.exe
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://81.211.105.37/20609/online.chm::/on-line.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - file://c:\x.cab
O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab
O18 - Filter: text/html - {704D46CD-3D00-4DE0-A971-2781B69FA427} - F:\WINDOWS\System32\pfcgoaa.dll
O18 - Filter: text/plain - {704D46CD-3D00-4DE0-A971-2781B69FA427} - F:\WINDOWS\System32\pfcgoaa.dll
O21 - SSODL: System - {7F018E18-6528-4172-8AD1-85287FD0D3F4} - F:\WINDOWS\system32\system32.dll
O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34544} - F:\WINDOWS\System32\vbsys.dll

Kann jemand helfen ??? :mad:
Gruß Menni

cacatoa 19.11.2004 19:01
Hallo, Menni57,
so wie´s ausschaut, kriegst Du einiges nicht runter!
Erstens: Dein System ist überhaupt nicht upgedated!! Also Windows- Update-Seite besuchen.

Fixe folgendes mit HJT im abgesicherten Modus bei deaktivierter Systemwiederherstellung:

F:\Programme\Web_Rebates\WebRebates0.exe
F:\Programme\Web_Rebates\WebRebates1.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-bon
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-bon
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = F:\WINDOWS\System32\
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = f:\windows\system32\
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: PowerSearch - {4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D} - (no file)
O2 - BHO: (no name) - {82315A18-6CFB-44a7-BDFD-90E36537C252} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D} - (no file)
O4 - HKLM\..\Run: [WebRebates0] "F:\Programme\Web_Rebates\WebRebates0.exe"
O4 - HKCU\..\RunOnce: [Web Offer] F:\WINDOWS\ILOOKUP\EZSTUB22.EXE
O8 - Extra context menu item: SirSearch - file://F:\Programme\PWRSACEZ\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O16 - DPF: {11111111-1111-1111-1111-111111111123} - ms-its:mhtml:file://c:\nosuch.mht!http://www.toolbars-cash.com/clk/111.chm::/fil e.exe
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/dl/adv81/x.chm::/load.e xe
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://81.211.105.37/20609/online.chm::/on-line.e xe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - file://c:\x.cab
O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab
O21 - SSODL: System - {7F018E18-6528-4172-8AD1-85287FD0D3F4} - F:\WINDOWS\system32\system32.dll
O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34544} - F:\WINDOWS\System32\vbsys.dll

Folgende Dateien manuell löschen:

F:\Programme\Web_Rebates\WebRebates0.exe
F:\Programme\Web_Rebates\WebRebates1.exe
F:\WINDOWS\system32\system32.dll
F:\WINDOWS\System32\vbsys.dll

Dann neues Logfile posten.

Du hast diesen hier auf dem System, dashalb werden wir als nächsten Schritt einen eScan durchführen.
Mach aber zuerst Deine Hausaufgaben (updaten, fixen).

cacatoa

Menni57 22.11.2004 17:51
about blankl
 
hallo cacatoa..

kann Webrates exe. nicht löschen- Zugriff verweigert!!
Was nun ?

Gruß Menni :pukeface:

cacatoa 22.11.2004 18:30
Hallo, menni57
du mußt die Dateien ebenfalls im abgesicherten Modus bei deaktivierter Systemwiederherstellung löschen.
Dann neu booten und Systemwiederherstellung wieder aktivieren.

cacatoa


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:03 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131