Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Websearchnetwork.com (https://www.trojaner-board.de/19073-websearchnetwork-com.html)

Luk29 19.06.2005 11:04
Websearchnetwork.com
 
hallo


websearchnetwork kommt immer wieder als IE startseite - will das nicht lol

wie krieg ich dadd los ??? :pfui: :pfui: , das nervt :dummguck:

dankbar für hilfe
luk

chaosman 19.06.2005 11:14
@Luk29
editiere bitte dein aktive Link, wie das geht steht in meine Signatur.
poste danach ein HJT logfile
http://www.trojaner-board.de/showthread.php?t=17493

chaosman

Luk29 19.06.2005 13:38
erstmal vielen dank für die antworten !

...hab das alles so gemacht....
1. im abgesich. modus cleaner angewendet
2. im abgesichertem modus mwav angewendet
3. im abgesichertem modus mit der killbox alle log einträge ( die mir komisch vorkamen) gelöscht...

und was passiert als ich online gehe ? websearchnetwork :pfui: :pfui: kommt als startseite :dummguck:

..hier die nicht gelöschten mwav log files ( war mir net sicher)
..weiter unten ist die aktuelle HJ LOG liste .....


File C:\WINNT\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Entry "HKCR\CLSID\{F84399C0-18A1-11D3-83C5-00C04F505F43}" refers to invalid object "C:\Programme\Gem
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken:
Entry "HKCR\DSP.DSPDMOProp Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FA
Entry "HKCR\TSHOOT.TSHOOT trl.1" refers to invalid object "{4B106874-DD36-11D0-8B44-00A024DD9EFF}".
Entry "HKCR\WMSServer.Server" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6}". Action
Entry "HKCR\WMSServer.Server.9" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6}
Entry "HKCR\CLSID\{F40B07D5-017C-4778-B71C-7B07EC01A193}" refers to invalid object "C:\Programme\Sce
Entry "HKCR\CLSID\{F44DF25F-EE09-4502-B00F-5545C261C4E0}" refers to invalid object "C:\Programme\Scer
Entry "HKCR\CLSID\{F68C7DE8-A039-48C8-BA72-D0B584896817}" refers to invalid object "C:\Programme\Sce
Entry "HKCR\CLSID\{F83865C0-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Act
Entry "HKCR\CLSID\{F83865C2-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Act
Entry "HKCR\CLSID\{F83865C3-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax".
Entry "HKCR\CLSID\{D3796116-94D3-4009-96D7-51578411CC7D}" refers to invalid object "C:\PROGRA~1\Ag
Entry "HKCR\CLSID\{DA67A541-8FEA-11D4-A908-00105A6758CF}" refers to invalid object "C:\Programme\Sce
Entry "HKCR\CLSID\{DBC028F5-174A-41C1-A68D-AC2D364B137B}" refers to invalid object "C:\WINNT\system
Entry "HKCR\CLSID\{E07D3492-32B5-11D0-B724-00AA0062CBB7}" refers to invalid object "C:\WINNT\System
Entry "HKCR\CLSID\{E6A3558A-932A-4720-97D6-DC5EDA03A3F7}" refers to invalid object "C:\Programme\Sc
Entry "HKCR\CLSID\{EDB2DC64-9F3B-4BE1-9881-BFA319CCFAFE}" refers to invalid object "C:\WINNT\syst
Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action -
Entry "HKCR\CLSID\{B784FF67-D529-43FC-8D07-0270C5C52B2F}" refers to invalid object "C:\Programme\Sce
Entry "HKCR\CLSID\{BDEADF00-C265-11d0-BCED-00A0C90AB50F}" refers to invalid object "C:\Programme\Ge
Entry "HKCR\CLSID\{BDEADF04-C265-11d0-BCED-00A0C90AB50F}" refers to invalid object "C:\Programme
Entry "HKCR\CLSID\{C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70}" refers to invalid object "C:\DOKUME~1
Entry "HKCR\CLSID\{CF70455E-EDC1-4067-B824-CD0314BC3B2E}" refers to invalid object "C:\DOKUME~
Entry "HKCR\CLSID\{88EB6C9E-FC61-4980-9806-F1D8552CB9D6}" refers to invalid object "C:\WINNT\system
Entry "HKCR\CLSID\{9020EB60-77B2-11D3-83DA-00C04F505F43}" refers to invalid object "C:\Programme\Gem
Entry "HKCR\CLSID\{92FA2C24-253C-11d2-90FB-006008A1F441}" refers to invalid object "a3dapi.dll". Action T
Entry "HKCR\CLSID\{997DCED0-403B-4E5D-9770-9A4FAA4C3A0E}" refers to invalid object "C:\WINNT\syste
Entry "HKCR\CLSID\{A4845882-333F-11D0-B724-00AA0062CBB7}" refers to invalid object "C:\WINNT\System
Entry "HKCR\CLSID\{AA96049C-B507-4D25-BCFB-8F51A769F7B3}" refers to invalid object "C:\WINNT
Entry "HKCR\CLSID\{65729E6C-78DE-449C-AAA7-2BEA14D6CB61}" refers to invalid object "C:\Programme\Sc'
Entry "HKCR\CLSID\{69D17471-8579-11D4-8825-00E018A8539A}" refers to invalid object "C:\Programme\Scer
Entry "HKCR\CLSID\{787E8FD0-7AD6-11D3-83DA-00C04F505F43}" refers to invalid object "C:\Programme\Ge
Entry "HKCR\CLSID\{7E925CB1-832F-490B-ABE5-5118442D9DE9}" refers to invalid object "C:\Programme\Sce
Entry "HKCR\CLSID\{815A82AE-CDEF-11D8-BA48-A6D245798277}" refers to invalid object "C:\DOKUME~1\L
Entry "HKCR\CLSID\{8672BC3E-517D-4892-A79A-401992D621CC}" refers to invalid object "C:\Programme
Entry "HKCR\CLSID\{3753737A-DD75-11D2-966A-00C04F79487A}" refers to invalid object "C:\Programme\Ge
Entry "HKCR\CLSID\{3753737B-DD75-11D2-966A-00C04F79487A}" refers to invalid object "C:\Programme\Ge
Entry "HKCR\CLSID\{3753737C-DD75-11D2-966A-00C04F79487A}" refers to invalid object "C:\Programme\Ge
Entry "HKCR\CLSID\{467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E}" refers to invalid object "C:\WINNT\system
Entry "HKCR\CLSID\{470A0D41-2D9A-4B5C-A5CB-A01DAAA61BC8}" refers to invalid object "C:\Programme\Sc
Entry "HKCR\CLSID\{4C171D40-8277-11D5-AD55-00010333D0AD}" refers to invalid object "C:\Programm
Entry "HKCR\CLSID\{06ABAA2D-34AB-4902-A326-409BD9B9A7A5}" refers to invalid object "C:\WINNT\system
Entry "HKCR\CLSID\{0948E980-3A31-11D3-83CF-00C04F505F43}" refers to invalid object "C:\Programme\Gem
Entry "HKCR\CLSID\{159A5422-81EA-4077-8396-F919E2EEC624}" refers to invalid object "C:\Programme\Scer
Entry "HKCR\CLSID\{1AD2ECFD-3E02-4584-941C-82DF1DC48714}" refers to invalid object "C:\WINNT\system
Entry "HKCR\CLSID\{28F65FCB-D130-11D8-BA48-8BE0C49AF370}" refers to invalid object "C:\DOKUME~
Entry "HKCR\CLSID\{2B2CC8B0-2DC0-48c6-B6FD-C07820A6477E}" refers to invalid object "D:\Programme
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\syste
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\Ole3
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "D:\Programme\
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\
Entry "HKCR\CLSID\{02C20140-76F8-4763-83D5-B660107B7A90}" refers to invalid object
Object "CWS.smartsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object

Object "Webdialer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "CoolWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Gator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.


Aktuelle HJT LOG liste


Logfile of HijackThis v1.99.1
Scan saved at 14:18:51, on 19.06.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\dmadmin.exe

C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE

C:\WINNT\system32\RunDll32.exe

C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
D:\Programme\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = //nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = //fastsearchweb.com/srh.php?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = //nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = //wer-mit-wem.webhop.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = //websearchnetwork.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = ww.globo-search.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = /nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von T-Online International AG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www-proxy.t-online.de:80;ftp=ftp-proxy.t-online.de:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.t-online.de
R3 - URLSearchHook: transURL Class - {C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} - C:\DOKUME~1\\LOKALE~1\Temp\20041009\SERCH_~1.DLL (file missing)
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINNT\system32\H13E62~1.DLL (file missing)
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINNT\pumba2.dll (file missing)
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINNT\system32\iasada.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Popup Blocker - {815A82AE-CDEF-11D8-BA48-A6D245798277} - C:\DOKUME~1\\LOKALE~1\Temp\20041009\TOOLBA~1.DLL (file missing)
O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINNT\system32\iecust.dll (file missing)
O3 - Toolbar: Search Toolbar - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINNT\pumba2.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [LVCOMS] C:\Programme\Gemeinsame Dateien\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [NvMixerTray] C:\Programme\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [websx] C:\Programme\websx\int51828.exe -auto
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Control handler] C:\WINNT\system32\zp2b1yeu7lru7thd.exe
O4 - HKLM\..\Run: [sp2chk.exe] sp2chk.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [aconti] C:\\WINDOWS\\aconti.exe -auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LtcyCfgApply] "D:\Programme\Geforce Latency Tweaker\LtcyCfg.exe" /a
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Steam] E:\programme\halflife1\Steam.exe -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Programme\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\off2003\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Preispiraten 2.1.2 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - D:\Programme\preispirat\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .mov: C:\Programme\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Programme\Internet Explorer\PLUGINS\npqtplugin4.dll
O15 - Trusted Zone: ://*.63.219.181.7[/url]
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) -63.219.181.7/cax.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!/greg-tut.com/G7/chm10.chm::/ieloader.exe
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht//v73.us/count//x.chm::/open.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht//82.179.166.130/e9xr2.chm::/file.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - /us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFA2F2CB-8F3E-4066-AB77-F4AF5F9EC64C}: NameServer = 69.50.188.178,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFBC2938-FA6C-4B5B-B0F9-E540230D28C3}: NameServer = 69.50.188.178,69.31.80.244
O20 - AppInit_DLLs: 74x46vwre7i3.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GEARSecurity - Unknown owner - C:\WINNT\SYSTEM32\GEARSEC.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: O&O Defrag 2000 (OOD2000) - O&O Software GmbH - C:\WINNT\system32\OOD2000.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

Luk29 19.06.2005 15:21
..ich glaube nach dem 2. versuch hats jetzt funktioniert.- muss paar tage gucken obs wiederkommt...danke nochmal für die antworten

mfg


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:30 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55