Dialer Problem

Dieses Thema im Forum "Sicherheit & Datenschutz" wurde erstellt von mighty90, 18. August 2005 .

Schlagworte:
Status des Themas:
Es sind keine weiteren Antworten möglich.
  1. 18. August 2005
    Ich weis jetzt nich so richtig wo ich das Posten soll. Also wenns nich passt bitte moven.

    So habe von nem Kumpel gerade ne mail mit folgendem Inhalt bekommen:
    Leider habe ich da nichts dazu gefunden :O
    Kann jemand helfen?

    Thx im Vorraus, mighty90
     
  3. 18. August 2005
    hat er DSL,oder geht er übers modem rein.?
    dann wären die möglichkeiten:Ad-aware besorgen und versuchen mit ihm es zu löschen.
    am besten im abgesicherte Modus den scann ausfürhen,und dannach wenn
    er ihn habe sollte ,dann zu löschen.

    dann wäre noch hijackthis,aber wenn er nicht online ist,kann er auch nicht
    sein logfile auswerten lassen.
     
  4. 18. August 2005
    geht über modem rein. Bei DSL dürfte es ja keine Probs mit Dialern geben.

    Naja werd ich ihm mal Ad-Aware besorgen und mal versuchen obs was bringt.
     
  5. 19. August 2005
    Step #1

    Download and install ewido security suite[http://www.ewido.net/en/download/]. Update the program and then close it. Do not run it yet.

    Download nailfix.zip[http://www.noidea.us/easyfile/file.php?download=20050515010747824] and unzip it to its own folder.

    Step #2

    Now we need to remove some services.

    Open Notepad and Copy/Paste the contents of the quote box below into the new document:

    Save the file to your desktop as remsvc.vbs and close Notepad. Locate the remsvc.vbs file on your desktop and double-click on it to run it. Click the Ok button and wait for a messge box saying the service has been removed or marked for deletion.

    Now start remsvc.vbs again and type the service name below into the editbox before clicking the Ok button:

    Zonelaps


    Step #3

    Start in Safe Mode Using the F8 method:

    * Restart the computer.
    * As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
    * Use the arrow keys to select the Safe Mode menu item.
    * Press the Enter key.


    Step #4

    Navigate to the folder you unzipped nailfix.zip into and double-click on nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

    Step #5

    Start ewido and do the following:

    * Click on the Scanner button.
    * Click on the Complete System Scan.
    * If anything is found you will be prompted to clean the first infected file found. Choose Clean and put a checkmark in the checkbox for Perform action on all infections and click the Ok button to continue the scan.
    * When the scan is complete close ewido and reboot the computer normally.


    Step #6

    Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
    O2 - BHO: (no name) - {5437D1E0-FA38-41EF-816B-D9F299E767CA} - C:\WINDOWS\System32\irdD028.dll
    O2 - BHO: Msxml32DOMDocument Class - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - C:\WINDOWS\System32\dllcache\msxml32.dll
    O4 - HKLM\..\Run: [rund1132] C:\WINDOWS\System32\rund1132.exe
    O4 - HKLM\..\Run: [Norton Antivirus 7.0a] C:\dns2.exe
    O4 - HKLM\..\Run: [msxct] msxct.exe
    O4 - HKLM\..\Run: [Microsoft Support] sys32ms.exe
    O4 - HKLM\..\Run: [System CSRSS Patch] scrtkfg.exe
    O4 - HKLM\..\Run: [Windows CPU host] winbog32.exe
    O4 - HKLM\..\Run: [VIEW POINT DRIVERS] phqghum.EXE
    O4 - HKLM\..\Run: [VID INTERNET WEB DRIVERS FOR WIN32] phqghu.exe
    O4 - HKLM\..\Run: [VCXD Settings] phqg.EXE
    O4 - HKLM\..\Run: [LOCAL INTERNET WEB DRIVERS FOR WIN32] phqghume.exe
    O4 - HKLM\..\Run: [ibin] C:\wdns.exe
    O4 - HKLM\..\Run: [Microsoft Update Loaders 2005] winusers.exe
    O4 - HKLM\..\Run: [Windows AutomaticUpdater] runddls.exe
    O4 - HKLM\..\Run: [Optional Web Drivers For WIN32] phqghume.exe
    O4 - HKLM\..\Run: [WEB DRIVERS FOR WIN32] phqgh.exe
    O4 - HKLM\..\Run: [KYM Control Settings] phqghum.EXE
    O4 - HKLM\..\Run: [KYK Control Settings] KYSVCXD.EXE
    O4 - HKLM\..\Run: [Eupkjbk] C:\Program Files\Yiylw\Qsvnr.exe
    O4 - HKLM\..\Run: [bpqmyyc] C:\WINDOWS\System32\vmxpaw.exe r
    O4 - HKLM\..\RunServices: [Microsoft Update] Wudates.exe
    O4 - HKLM\..\RunServices: [System CSRSS Patch] scrtkfg.exe
    O4 - HKLM\..\RunServices: [KYK Control Settings] KYSVCXD.EXE
    O4 - HKLM\..\RunServices: [Veritas Patch] veritas.exe
    O4 - HKLM\..\RunServices: [KYM Control Settings] phqghum.EXE
    O4 - HKLM\..\RunServices: [Microsoft Support] sys32ms.exe
    O4 - HKLM\..\RunServices: [VCXD Settings] phqg.EXE
    O4 - HKLM\..\RunServices: [VIEW POINT DRIVERS] phqghum.EXE
    O4 - HKLM\..\RunServices: [Windows CPU host] winbog32.exe
    O4 - HKLM\..\RunServices: [LOCAL INTERNET WEB DRIVERS FOR WIN32] phqghume.exe
    O4 - HKLM\..\RunServices: [WEB DRIVERS FOR WIN32] phqgh.exe
    O4 - HKLM\..\RunServices: [VID INTERNET WEB DRIVERS FOR WIN32] phqghu.exe
    O4 - HKLM\..\RunServices: [Microsoft Update Loaders 2005] winusers.exe
    O4 - HKLM\..\RunServices: [Windows AutomaticUpdater] runddls.exe
    O4 - HKLM\..\RunServices: [Optional Web Drivers For WIN32] phqghume.exe
    O4 - HKLM\..\RunServices: [Microsoft Update 32] C:\WINDOWS\system32\wininit.exe
    O4 - HKCU\..\Run: [rund1132] C:\WINDOWS\System32\rund1132.exe
    O4 - HKCU\..\Run: [hww2RRaqR] wkslass.exe
    O4 - HKCU\..\Run: [KYM Control Settings] phqghum.EXE
    O4 - HKCU\..\Run: [Microsoft Support] sys32ms.exe
    O4 - HKCU\..\Run: [VIEW POINT DRIVERS] phqghum.EXE
    O4 - HKCU\..\Run: [VID INTERNET WEB DRIVERS FOR WIN32] phqghu.exe
    O4 - HKCU\..\Run: [VCXD Settings] phqg.EXE
    O4 - HKCU\..\Run: [LOCAL INTERNET WEB DRIVERS FOR WIN32] phqghume.exe
    O4 - HKCU\..\Run: [Optional Web Drivers For WIN32] phqghume.exe
    O4 - HKCU\..\Run: [KYK Control Settings] KYSVCXD.EXE
    O4 - HKCU\..\Run: [WEB DRIVERS FOR WIN32] phqgh.exe
    O4 - HKCU\..\RunServices: [Microsoft Support] sys32ms.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{03D10F6E-EBEC-47F7-A9C9-0393C49121DD}: NameServer = 206.47.199.154 207.164.234.43
    O17 - HKLM\System\CS1\Services\Tcpip\..\{03D10F6E-EBEC-47F7-A9C9-0393C49121DD}: NameServer = 206.47.199.154 207.164.234.43
    O17 - HKLM\System\CS2\Services\Tcpip\..\{03D10F6E-EBEC-47F7-A9C9-0393C49121DD}: NameServer = 206.47.199.154 207.164.234.43
    O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\4a2rf.dll


    Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

    Step #7

    We need to make sure all hidden files are showing so please:

    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide file extensions for known types option.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Click Yes to confirm.
    * Click OK.


    Find the following files/folders and delete them (don't worry if they are already gone):

    C:\PROGRAM FILES\Toolbar\ <--folder
    C:\Program Files\Yiylw\ <--folder
    C:\WINDOWS\System32\irdD028.dll
    C:\WINDOWS\System32\dllcache\msxml32.dll
    C:\WINDOWS\System32\rund1132.exe (those are 2 one's and not 2 L's)
    C:\WINDOWS\System32\vmxpaw.exe
    C:\WINDOWS\system32\wininit.exe
    C:\WINDOWS\SYSTEM32\4a2rf.dll
    C:\WINDOWS\System32\dxdmain.exe
    C:\WINDOWS\vsmom.exe
    C:\dns2.exe
    C:\wdns.exe


    Now search for these files and delete all instances. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

    msxct.exe
    sys32ms.exe
    scrtkfg.exe
    winbog32.exe
    phqghum.EXE
    phqghu.exe
    phqg.EXE
    phqghume.exe
    winusers.exe
    runddls.exe
    phqgh.exe
    KYSVCXD.EXE
    Wudates.exe
    veritas.exe
    wkslass.exe


    Step #8

    Reboot your computer normally and update the operating system.
     
  6. 19. Februar 2008
    habe seit gestern einen dialer auf dem rechner.
    wollte euch mal fragen wie ich den weg bekommn kann.
    habe ihn über mozilla firefox bekommen.seit dem an kann ich firefox nicht mehr benutzen.
    bitte um hilfe.
     
  7. 19. Februar 2008
    AW: dialer problem

    Also, lass Anti Vir drüber laufen. Dann installier Firefox nochmal neu. Danach müsste alles wieder laufen.

    mfg cyph
     
  8. 19. Februar 2008
    AW: dialer problem

    ja habe ich gemacht danke bw haste
     
  9. 19. Februar 2008
    AW: dialer problem

    ja hat geklapt
    danke
     
  10. Video Script

    Videos zum Themenbereich

    * gefundene Videos auf YouTube, anhand der Überschrift.