Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Websearchnetwork.com (https://www.trojaner-board.de/19073-websearchnetwork-com.html)

Luk29 19.06.2005 11:04
Websearchnetwork.com
 
hallo


websearchnetwork kommt immer wieder als IE startseite - will das nicht lol

wie krieg ich dadd los ??? :pfui: :pfui: , das nervt :dummguck:

dankbar für hilfe
luk

chaosman 19.06.2005 11:14
@Luk29
editiere bitte dein aktive Link, wie das geht steht in meine Signatur.
poste danach ein HJT logfile
http://www.trojaner-board.de/showthread.php?t=17493

chaosman

Luk29 19.06.2005 13:38
erstmal vielen dank für die antworten !

...hab das alles so gemacht....
1. im abgesich. modus cleaner angewendet
2. im abgesichertem modus mwav angewendet
3. im abgesichertem modus mit der killbox alle log einträge ( die mir komisch vorkamen) gelöscht...

und was passiert als ich online gehe ? websearchnetwork :pfui: :pfui: kommt als startseite :dummguck:

..hier die nicht gelöschten mwav log files ( war mir net sicher)
..weiter unten ist die aktuelle HJ LOG liste .....


File C:\WINNT\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Entry "HKCR\CLSID\{F84399C0-18A1-11D3-83C5-00C04F505F43}" refers to invalid object "C:\Programme\Gem
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken:
Entry "HKCR\DSP.DSPDMOProp Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FA
Entry "HKCR\TSHOOT.TSHOOT trl.1" refers to invalid object "{4B106874-DD36-11D0-8B44-00A024DD9EFF}".
Entry "HKCR\WMSServer.Server" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6}". Action
Entry "HKCR\WMSServer.Server.9" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6}
Entry "HKCR\CLSID\{F40B07D5-017C-4778-B71C-7B07EC01A193}" refers to invalid object "C:\Programme\Sce
Entry "HKCR\CLSID\{F44DF25F-EE09-4502-B00F-5545C261C4E0}" refers to invalid object "C:\Programme\Scer
Entry "HKCR\CLSID\{F68C7DE8-A039-48C8-BA72-D0B584896817}" refers to invalid object "C:\Programme\Sce
Entry "HKCR\CLSID\{F83865C0-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Act
Entry "HKCR\CLSID\{F83865C2-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Act
Entry "HKCR\CLSID\{F83865C3-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax".
Entry "HKCR\CLSID\{D3796116-94D3-4009-96D7-51578411CC7D}" refers to invalid object "C:\PROGRA~1\Ag
Entry "HKCR\CLSID\{DA67A541-8FEA-11D4-A908-00105A6758CF}" refers to invalid object "C:\Programme\Sce
Entry "HKCR\CLSID\{DBC028F5-174A-41C1-A68D-AC2D364B137B}" refers to invalid object "C:\WINNT\system
Entry "HKCR\CLSID\{E07D3492-32B5-11D0-B724-00AA0062CBB7}" refers to invalid object "C:\WINNT\System
Entry "HKCR\CLSID\{E6A3558A-932A-4720-97D6-DC5EDA03A3F7}" refers to invalid object "C:\Programme\Sc
Entry "HKCR\CLSID\{EDB2DC64-9F3B-4BE1-9881-BFA319CCFAFE}" refers to invalid object "C:\WINNT\syst
Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action -
Entry "HKCR\CLSID\{B784FF67-D529-43FC-8D07-0270C5C52B2F}" refers to invalid object "C:\Programme\Sce
Entry "HKCR\CLSID\{BDEADF00-C265-11d0-BCED-00A0C90AB50F}" refers to invalid object "C:\Programme\Ge
Entry "HKCR\CLSID\{BDEADF04-C265-11d0-BCED-00A0C90AB50F}" refers to invalid object "C:\Programme
Entry "HKCR\CLSID\{C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70}" refers to invalid object "C:\DOKUME~1
Entry "HKCR\CLSID\{CF70455E-EDC1-4067-B824-CD0314BC3B2E}" refers to invalid object "C:\DOKUME~
Entry "HKCR\CLSID\{88EB6C9E-FC61-4980-9806-F1D8552CB9D6}" refers to invalid object "C:\WINNT\system
Entry "HKCR\CLSID\{9020EB60-77B2-11D3-83DA-00C04F505F43}" refers to invalid object "C:\Programme\Gem
Entry "HKCR\CLSID\{92FA2C24-253C-11d2-90FB-006008A1F441}" refers to invalid object "a3dapi.dll". Action T
Entry "HKCR\CLSID\{997DCED0-403B-4E5D-9770-9A4FAA4C3A0E}" refers to invalid object "C:\WINNT\syste
Entry "HKCR\CLSID\{A4845882-333F-11D0-B724-00AA0062CBB7}" refers to invalid object "C:\WINNT\System
Entry "HKCR\CLSID\{AA96049C-B507-4D25-BCFB-8F51A769F7B3}" refers to invalid object "C:\WINNT
Entry "HKCR\CLSID\{65729E6C-78DE-449C-AAA7-2BEA14D6CB61}" refers to invalid object "C:\Programme\Sc'
Entry "HKCR\CLSID\{69D17471-8579-11D4-8825-00E018A8539A}" refers to invalid object "C:\Programme\Scer
Entry "HKCR\CLSID\{787E8FD0-7AD6-11D3-83DA-00C04F505F43}" refers to invalid object "C:\Programme\Ge
Entry "HKCR\CLSID\{7E925CB1-832F-490B-ABE5-5118442D9DE9}" refers to invalid object "C:\Programme\Sce
Entry "HKCR\CLSID\{815A82AE-CDEF-11D8-BA48-A6D245798277}" refers to invalid object "C:\DOKUME~1\L
Entry "HKCR\CLSID\{8672BC3E-517D-4892-A79A-401992D621CC}" refers to invalid object "C:\Programme
Entry "HKCR\CLSID\{3753737A-DD75-11D2-966A-00C04F79487A}" refers to invalid object "C:\Programme\Ge
Entry "HKCR\CLSID\{3753737B-DD75-11D2-966A-00C04F79487A}" refers to invalid object "C:\Programme\Ge
Entry "HKCR\CLSID\{3753737C-DD75-11D2-966A-00C04F79487A}" refers to invalid object "C:\Programme\Ge
Entry "HKCR\CLSID\{467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E}" refers to invalid object "C:\WINNT\system
Entry "HKCR\CLSID\{470A0D41-2D9A-4B5C-A5CB-A01DAAA61BC8}" refers to invalid object "C:\Programme\Sc
Entry "HKCR\CLSID\{4C171D40-8277-11D5-AD55-00010333D0AD}" refers to invalid object "C:\Programm
Entry "HKCR\CLSID\{06ABAA2D-34AB-4902-A326-409BD9B9A7A5}" refers to invalid object "C:\WINNT\system
Entry "HKCR\CLSID\{0948E980-3A31-11D3-83CF-00C04F505F43}" refers to invalid object "C:\Programme\Gem
Entry "HKCR\CLSID\{159A5422-81EA-4077-8396-F919E2EEC624}" refers to invalid object "C:\Programme\Scer
Entry "HKCR\CLSID\{1AD2ECFD-3E02-4584-941C-82DF1DC48714}" refers to invalid object "C:\WINNT\system
Entry "HKCR\CLSID\{28F65FCB-D130-11D8-BA48-8BE0C49AF370}" refers to invalid object "C:\DOKUME~
Entry "HKCR\CLSID\{2B2CC8B0-2DC0-48c6-B6FD-C07820A6477E}" refers to invalid object "D:\Programme
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\syste
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\Ole3
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Programme\
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\
Entry "HKCR\CLSID\{02C20140-76F8-4763-83D5-B660107B7A90}" refers to invalid object
Object "CWS.smartsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object

Object "Webdialer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "CoolWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.


Aktuelle HJT LOG liste


Logfile of HijackThis v1.99.1
Scan saved at 14:18:51, on 19.06.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\dmadmin.exe

C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE

C:\WINNT\system32\RunDll32.exe

C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
D:\Programme\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = //nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = //fastsearchweb.com/srh.php?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = //nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = //wer-mit-wem.webhop.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = //websearchnetwork.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = ww.globo-search.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = /nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.t-online.de
R3 - URLSearchHook: transURL Class - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - C:\DOKUME~1\\LOKALE~1\Temp\20041009\SERCH_~1.DLL (file missing)
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINNT\system32\H13E62~1.DLL (file missing)
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\pumba2.dll (file missing)
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Popup Blocker - {815A82AE-CDEF-11D8-BA48-A6D245798277} - C:\DOKUME~1\\LOKALE~1\Temp\20041009\TOOLBA~1.DLL (file missing)
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINNT\system32\iecust.dll (file missing)
O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINNT\pumba2.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NvMixerTray] C:\Programme\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [websx] C:\Programme\websx\int51828.exe -auto
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Control handler] C:\WINNT\system32\zp2b1yeu7lru7thd.exe
O4 - HKLM\..\Run: [sp2chk.exe] sp2chk.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [aconti] C:\\WINDOWS\\aconti.exe -auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LtcyCfgApply] "D:\Programme\Geforce Latency Tweaker\LtcyCfg.exe" /a
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Steam] E:\programme\halflife1\Steam.exe -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programme\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\off2003\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Preispiraten 2.1.2 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - D:\Programme\preispirat\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll
O15 - Trusted Zone: ://*.63.219.181.7[/url]
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) -63.219.181.7/cax.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!/greg-tut.com/G7/chm10.chm::/ieloader.exe
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht//v73.us/count//x.chm::/open.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht//82.179.166.130/e9xr2.chm::/file.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - /us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFA2F2CB-8F3E-4066-AB77-F4AF5F9EC64C}: NameServer = 69.50.188.178,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFBC2938-FA6C-4B5B-B0F9-E540230D28C3}: NameServer = 69.50.188.178,69.31.80.244
O20 - AppInit_DLLs: 74x46vwre7i3.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GEARSecurity - Unknown owner - C:\WINNT\SYSTEM32\GEARSEC.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINNT\system32\OOD2000.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

Luk29 19.06.2005 15:21
..ich glaube nach dem 2. versuch hats jetzt funktioniert.- muss paar tage gucken obs wiederkommt...danke nochmal für die antworten

mfg


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131