| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Websearchnetwork.comWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.06.2005, 11:04
| #1 |
| |  Websearchnetwork.com hallo websearchnetwork kommt immer wieder als IE startseite - will das nicht lol wie krieg ich dadd los ???  , das nervt  dankbar für hilfe luk Geändert von Luk29 (19.06.2005 um 11:28 Uhr) |
|
19.06.2005, 11:14
| #2 |
  | Websearchnetwork.com @Luk29
__________________editiere bitte dein aktive Link, wie das geht steht in meine Signatur. poste danach ein HJT logfile http://www.trojaner-board.de/showthread.php?t=17493 chaosman
__________________ |
|
19.06.2005, 13:38
| #3 |
| | Websearchnetwork.com erstmal vielen dank für die antworten !
__________________...hab das alles so gemacht.... 1. im abgesich. modus cleaner angewendet 2. im abgesichertem modus MWAV angewendet 3. im abgesichertem modus mit der killbox alle log einträge ( die mir komisch vorkamen) gelöscht... und was passiert als ich online gehe ? websearchnetwork kommt als startseite ..hier die nicht gelöschten MWAV log files ( war mir net sicher) ..weiter unten ist die aktuelle HJ LOG liste ..... File C:\WINNT\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken. Entry "HKCR\CLSID\{F84399C0-18A1-11D3-83C5-00C04F505F43}" refers to invalid object "C:\Programme\Gem Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: Entry "HKCR\DSP.DSPDMOProp Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FA Entry "HKCR\TSHOOT.TSHOOT trl.1" refers to invalid object "{4B106874-DD36-11D0-8B44-00A024DD9EFF}". Entry "HKCR\WMSServer.Server" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6}". Action Entry "HKCR\WMSServer.Server.9" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6} Entry "HKCR\CLSID\{F40B07D5-017C-4778-B71C-7B07EC01A193}" refers to invalid object "C:\Programme\Sce Entry "HKCR\CLSID\{F44DF25F-EE09-4502-B00F-5545C261C4E0}" refers to invalid object "C:\Programme\Scer Entry "HKCR\CLSID\{F68C7DE8-A039-48C8-BA72-D0B584896817}" refers to invalid object "C:\Programme\Sce Entry "HKCR\CLSID\{F83865C0-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Act Entry "HKCR\CLSID\{F83865C2-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Act Entry "HKCR\CLSID\{F83865C3-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Entry "HKCR\CLSID\{D3796116-94D3-4009-96D7-51578411CC7D}" refers to invalid object "C:\PROGRA~1\Ag Entry "HKCR\CLSID\{DA67A541-8FEA-11D4-A908-00105A6758CF}" refers to invalid object "C:\Programme\Sce Entry "HKCR\CLSID\{DBC028F5-174A-41C1-A68D-AC2D364B137B}" refers to invalid object "C:\WINNT\system Entry "HKCR\CLSID\{E07D3492-32B5-11D0-B724-00AA0062CBB7}" refers to invalid object "C:\WINNT\System Entry "HKCR\CLSID\{E6A3558A-932A-4720-97D6-DC5EDA03A3F7}" refers to invalid object "C:\Programme\Sc Entry "HKCR\CLSID\{EDB2DC64-9F3B-4BE1-9881-BFA319CCFAFE}" refers to invalid object "C:\WINNT\syst Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action - Entry "HKCR\CLSID\{B784FF67-D529-43FC-8D07-0270C5C52B2F}" refers to invalid object "C:\Programme\Sce Entry "HKCR\CLSID\{BDEADF00-C265-11d0-BCED-00A0C90AB50F}" refers to invalid object "C:\Programme\Ge Entry "HKCR\CLSID\{BDEADF04-C265-11d0-BCED-00A0C90AB50F}" refers to invalid object "C:\Programme Entry "HKCR\CLSID\{C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70}" refers to invalid object "C:\DOKUME~1 Entry "HKCR\CLSID\{CF70455E-EDC1-4067-B824-CD0314BC3B2E}" refers to invalid object "C:\DOKUME~ Entry "HKCR\CLSID\{88EB6C9E-FC61-4980-9806-F1D8552CB9D6}" refers to invalid object "C:\WINNT\system Entry "HKCR\CLSID\{9020EB60-77B2-11D3-83DA-00C04F505F43}" refers to invalid object "C:\Programme\Gem Entry "HKCR\CLSID\{92FA2C24-253C-11d2-90FB-006008A1F441}" refers to invalid object "a3dapi.dll". Action T Entry "HKCR\CLSID\{997DCED0-403B-4E5D-9770-9A4FAA4C3A0E}" refers to invalid object "C:\WINNT\syste Entry "HKCR\CLSID\{A4845882-333F-11D0-B724-00AA0062CBB7}" refers to invalid object "C:\WINNT\System Entry "HKCR\CLSID\{AA96049C-B507-4D25-BCFB-8F51A769F7B3}" refers to invalid object "C:\WINNT Entry "HKCR\CLSID\{65729E6C-78DE-449C-AAA7-2BEA14D6CB61}" refers to invalid object "C:\Programme\Sc' Entry "HKCR\CLSID\{69D17471-8579-11D4-8825-00E018A8539A}" refers to invalid object "C:\Programme\Scer Entry "HKCR\CLSID\{787E8FD0-7AD6-11D3-83DA-00C04F505F43}" refers to invalid object "C:\Programme\Ge Entry "HKCR\CLSID\{7E925CB1-832F-490B-ABE5-5118442D9DE9}" refers to invalid object "C:\Programme\Sce Entry "HKCR\CLSID\{815A82AE-CDEF-11D8-BA48-A6D245798277}" refers to invalid object "C:\DOKUME~1\L Entry "HKCR\CLSID\{8672BC3E-517D-4892-A79A-401992D621CC}" refers to invalid object "C:\Programme Entry "HKCR\CLSID\{3753737A-DD75-11D2-966A-00C04F79487A}" refers to invalid object "C:\Programme\Ge Entry "HKCR\CLSID\{3753737B-DD75-11D2-966A-00C04F79487A}" refers to invalid object "C:\Programme\Ge Entry "HKCR\CLSID\{3753737C-DD75-11D2-966A-00C04F79487A}" refers to invalid object "C:\Programme\Ge Entry "HKCR\CLSID\{467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E}" refers to invalid object "C:\WINNT\system Entry "HKCR\CLSID\{470A0D41-2D9A-4B5C-A5CB-A01DAAA61BC8}" refers to invalid object "C:\Programme\Sc Entry "HKCR\CLSID\{4C171D40-8277-11D5-AD55-00010333D0AD}" refers to invalid object "C:\Programm Entry "HKCR\CLSID\{06ABAA2D-34AB-4902-A326-409BD9B9A7A5}" refers to invalid object "C:\WINNT\system Entry "HKCR\CLSID\{0948E980-3A31-11D3-83CF-00C04F505F43}" refers to invalid object "C:\Programme\Gem Entry "HKCR\CLSID\{159A5422-81EA-4077-8396-F919E2EEC624}" refers to invalid object "C:\Programme\Scer Entry "HKCR\CLSID\{1AD2ECFD-3E02-4584-941C-82DF1DC48714}" refers to invalid object "C:\WINNT\system Entry "HKCR\CLSID\{28F65FCB-D130-11D8-BA48-8BE0C49AF370}" refers to invalid object "C:\DOKUME~ Entry "HKCR\CLSID\{2B2CC8B0-2DC0-48c6-B6FD-C07820A6477E}" refers to invalid object "D:\Programme Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\syste Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\Ole3 Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Programme\ Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\ Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\ Entry "HKCR\CLSID\{02C20140-76F8-4763-83D5-B660107B7A90}" refers to invalid object Object "CWS.smartsearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C: Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C: Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C: Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C: Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object Object "Webdialer Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "Alexa Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "CoolWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "Gator Spyware/Adware" found in File System! Action Taken: No Action Taken. Object "Kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken. Aktuelle HJT LOG liste Logfile of HijackThis v1.99.1 Scan saved at 14:18:51, on 19.06.2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Programme\AVPersonal\AVGUARD.EXE C:\WINNT\system32\hidserv.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\dmadmin.exe C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE C:\WINNT\system32\RunDll32.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\system32\internat.exe D:\Programme\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = //nonstopsearch.com/?a=2 R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = //fastsearchweb.com/srh.php?q=%s R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = //nonstopsearch.com/?a=2 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = //wer-mit-wem.webhop.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = //websearchnetwork.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = ww.globo-search.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = nonstopsearch.com/?a=2 R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = /nonstopsearch.com/?a=2 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.t-online.de R3 - URLSearchHook: transURL Class - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - C:\DOKUME~1\\LOKALE~1\Temp\20041009\SERCH_~1.DLL (file missing) O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINNT\system32\H13E62~1.DLL (file missing) O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\pumba2.dll (file missing) O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Popup Blocker - {815A82AE-CDEF-11D8-BA48-A6D245798277} - C:\DOKUME~1\\LOKALE~1\Temp\20041009\TOOLBA~1.DLL (file missing) O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINNT\system32\iecust.dll (file missing) O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINNT\pumba2.dll (file missing) O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE O4 - HKLM\..\Run: [NvMixerTray] C:\Programme\NVIDIA Corporation\NvMixer\NvMixerTray.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [websx] C:\Programme\websx\int51828.exe -auto O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Control handler] C:\WINNT\system32\zp2b1yeu7lru7thd.exe O4 - HKLM\..\Run: [sp2chk.exe] sp2chk.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\cmd32.exe internat.dll,LoadKeyboardProfile O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [aconti] C:\\WINDOWS\\aconti.exe -auto O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LtcyCfgApply] "D:\Programme\Geforce Latency Tweaker\LtcyCfg.exe" /a O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [Steam] E:\programme\halflife1\Steam.exe -silent O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programme\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\off2003\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Preispiraten 2.1.2 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - D:\Programme\preispirat\Preispiraten2\preispiraten2ie.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll O15 - Trusted Zone: ://*.63.219.181.7[/url] O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) -63.219.181.7/cax.cab O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!/greg-tut.com/G7/chm10.chm::/ieloader.exe O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht//v73.us/count//x.chm::/open.exe O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht//82.179.166.130/e9xr2.chm::/file.exe O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - /us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AFA2F2CB-8F3E-4066-AB77-F4AF5F9EC64C}: NameServer = 69.50.188.178,69.31.80.244 O17 - HKLM\System\CCS\Services\Tcpip\..\{CFBC2938-FA6C-4B5B-B0F9-E540230D28C3}: NameServer = 69.50.188.178,69.31.80.244 O20 - AppInit_DLLs: 74x46vwre7i3.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: GEARSecurity - Unknown owner - C:\WINNT\SYSTEM32\GEARSEC.EXE (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINNT\system32\OOD2000.exe O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe |
|
19.06.2005, 15:21
| #4 |
| | Websearchnetwork.com ..ich glaube nach dem 2. versuch hats jetzt funktioniert.- muss paar tage gucken obs wiederkommt...danke nochmal für die antworten mfg |
|
| Themen zu Websearchnetwork.com |
| immer wieder, krieg, nervt, seite, startseite, websearch |
Linear-Darstellung
