chefschizo log

von **Nikita** am 13.06.2004, 20:42

Von: chefschizo
An: nikita
Verfasst am: Fr Jun 04, 2004 11:42 pm
Titel: Internet Explorer
Hi, habe die selben Probleme wie joke. Habe deine Ausführungen gelesen und alle Programme runtergeladen. Den Scan hab ich gemacht. Meine Logfiles anbei. Außerdem kommt in letzter Zeit immer eine Warnung meines Virenwächters "verdächtige Datei in Windows/system32/Hurricane.exe" und das immer wenn ich im Netz bin. Wäre dir echt dankbar, wenn Du mir helfen könntest. Danke im voraus.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yoursearch247.com/se.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yoursearch247.com/se.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yoursearch247.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yoursearch247.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yoursearch247.com/se.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yoursearch247.com/se.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yoursearch247.com/se.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - D:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - D:\WINDOWS\IPINSIGT.DLL
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - D:\WINDOWS\twaintec.dll (file missing)
O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - D:\WINDOWS\Downloaded Program Files\CONFLICT.2\eBayBand.dll
O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - D:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - D:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9E894DF1-EA5F-462C-A67D-54AFA02C6DDF} - D:\WINDOWS\system32\mo030414s.dll
O2 - BHO: (no name) - {B9232476-C460-4BE3-A46B-1F17756A777B} - D:\WINDOWS\system32\mM9apahbf2.dll
O2 - BHO: (no name) - {CCE632DC-4058-472D-B95C-794251AF696F} - D:\WINDOWS\system32\jhblmk.dll
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-5F8507C5F4E9} - D:\WINDOWS\iempg2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - D:\WINDOWS\Downloaded Program Files\CONFLICT.2\eBayBand.dll
O4 - HKLM\..\Run: [CMESys] "D:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [drvcrypthost] D:\WINDOWS\System32\zssvcsys.exe
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "D:\PROGRA~1\T-DSLS~1\SpeedMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft Works Update Detection] D:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] D:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVGCtrl] D:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [alchem] D:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [Windows Security Assistant] D:\WINDOWS\system32\rundll32.vbe
O4 - HKLM\..\Run: [KAZAA] D:\Programme\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [hins] D:\DOKUME~1\Roland\LOKALE~1\Temp\toolbar.exe r17
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKLM\..\RunServices: [Windows Security Assistant] D:\WINDOWS\system32\rundll32.vbe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YAW starten] "d:\programme\yaw 3.5\fast.exe"
O4 - HKCU\..\Run: [SSS5SAFE] "D:\Programme\Steganos Security Suite 5\safe.exe" /booting
O4 - HKCU\..\Run: [SSS5SPM] "D:\Programme\Steganos Security Suite 5\spm.exe" /booting
O4 - HKCU\..\Run: [drvcrypthost] D:\WINDOWS\System32\zssvcsys.exe
O4 - HKCU\..\Run: [a²] "D:\Programme\a2\a2guard.exe"
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "D:\Programme\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Windows Security Assistant] D:\WINDOWS\system32\rundll32.vbe
O4 - Global Startup: Microsoft Office.lnk = D:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = D:\Programme\Acrobat\Distillr\AcroTray.exe
O4 - Global Startup: PrecisionTime.lnk = D:\Programme\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: Image Transfer.lnk = C:\Programme\Sony\Image Transfer\SonyTray.exe
O4 - Global Startup: GStartup.lnk = D:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = D:\Programme\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: eBay Toolbar.LNK = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: PDF in Word öffnen - res://C:\Programme\IEShellExt.dll /500
O9 - Extra 'Tools' menuitem: Sun Java Konsole (HKLM)
O9 - Extra button: Preispiraten 2.02 (HKLM)
O9 - Extra button: eBay Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: eBay Toolbar (HKLM)
O9 - Extra button: Preispiraten (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Add bid (HKCU)
O9 - Extra 'Tools' menuitem: Add bid (HKCU)
O12 - Plugin for .mid: D:\Programme\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: D:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {001F2570-5DF5-11D3-B991-00A0C9BB0874} (eBay Helper Object) - http://download.ebay.com/toolbar/de/eBayTBar.cab
O16 - DPF: {11BF0E2B-4229-4ADC-9C11-1C6968731018} (Download Class) - http://www.0190-dialer.com/Borkum.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 6058796296
O16 - DPF: {B09B1D8B-88D6-4C91-BB62-378625E8C73E} ({B09B1D8B-88D6-4C91-BB62-378625E8C73E}) - http://216.127.94.241/PremiumConnectLoad.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6B9D3AC-68DB-4537-881C-88DCC05FC6AA}: NameServer = 217.237.151.161 194.25.2.129

Danke vielmals. Chefschizo

von **Nikita** am 13.06.2004, 20:52

Hallo Chefschizo
Wie ich dir schon geschrieben habe, war ich zwei Wochen ausser Gefecht...
und habe meinen Mails nicht gesehen....
Falls du das Problem noch nicht geloest hast, mache folgendes

1. Deaktiviere die Wiederherstellung
http://service1.symantec.com/SUPPORT/IN ... 7105707924

2.scanne mit dem HijackThis, dann hake ah, was ich poste und dann\fix\

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yoursearch247.com/se.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yoursearch247.com/se.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yoursearch247.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.yoursearch247.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yoursearch247.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yoursearch247.com/se.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yoursearch247.com/se.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yoursearch247.com/se.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursearch247.com/se.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yoursearch247.com/se.html
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - D:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
F2 - REG:system.ini: Shell=Explorer.exe
2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - D:\WINDOWS\IPINSIGT.DLL
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - D:\WINDOWS\twaintec.dll (file missing)
O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - D:\WINDOWS\Downloaded Program Files\CONFLICT.2\eBayBand.dll
O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - D:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - D:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {9E894DF1-EA5F-462C-A67D-54AFA02C6DDF} - D:\WINDOWS\system32\mo030414s.dll
O2 - BHO: (no name) - {B9232476-C460-4BE3-A46B-1F17756A777B} - D:\WINDOWS\system32\mM9apahbf2.dll
O2 - BHO: (no name) - {CCE632DC-4058-472D-B95C-794251AF696F} - D:\WINDOWS\system32\jhblmk.dll
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-5F8507C5F4E9} - D:\WINDOWS\iempg2.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - D:\WINDOWS\Downloaded Program Files\CONFLICT.2\eBayBand.dll

O4 - HKLM\..\Run: [drvcrypthost] D:\WINDOWS\System32\zssvcsys.exe
O4 - HKLM\..\Run: [alchem] D:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [Windows Security Assistant] D:\WINDOWS\system32\rundll32.vbe
O4 - HKLM\..\Run: [KAZAA] D:\Programme\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [hins] D:\DOKUME~1\Roland\LOKALE~1\Temp\toolbar.exe r17
O4 - HKLM\..\RunServices: [RDLL] RunDll16.exe
O4 - HKLM\..\RunServices: [Windows Security Assistant] D:\WINDOWS\system32\rundll32.vbe
O4 - HKCU\..\Run: [drvcrypthost] D:\WINDOWS\System32\zssvcsys.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Windows Security Assistant] D:\WINDOWS\system32\rundll32.vbe
O4 - Global Startup: GStartup.lnk = D:\Programme\Gemeinsame Dateien\GMT\GMT.exe

O16 - DPF: {11BF0E2B-4229-4ADC-9C11-1C6968731018} (Download Class) - http://www.0190-dialer.com/Borkum.cab
DIALER !!!!!!!!!!!!!!!!!!
O16 - DPF: {B09B1D8B-88D6-4C91-BB62-378625E8C73E} ({B09B1D8B-88D6-4C91-BB62-378625E8C73E}) - http://216.127.94.241/PremiumConnectLoad.cab

3.neustarten

http://www.trojaner-info.de/anleitungen ... blank.html
4.AdAware free
5.Spybot
6.CWShredder
7.Sphjfix.exe
ohne Internetverbindung scannen

8.Lade die mwav.exe , scanne und poste das Log zusammen mit dem neuen Log vom HijackThis.
http://www.mwti.net/antivirus/free_utilities.asp

9. Loesche unter InternetOptionen die TemporaryInternetFiles und stelle einen neue Startseite ein.
10. Mache einen Onlinescann
http://www.pestscan.com/ScanOrTrial.asp
..............................................................................................................
Dein Comp. ist voellig verseucht, aber man kann ja mal einen Reinigung versuchen.
es kann sein, du musst dann die software fuer ebay neu installieren
Oder am besten setzt du deinen Comp. gleich neu auf.......
MfG
Nikita

chefschizo log

chefschizo log

Wer ist online?