collwwwsearch.searchklick spybot s&d kann nicht löschen!

#1 hallo leute
hab mal wieder ein problem mit meinem rechner.
bei jedem scan mit spybot s&d werden 4 dateien mit der "überschrift" coolwwwsearch.searchklick
-jakxy.txt
-iaucu.txt
-ffeef.txt
-ezqws.txt
entdeckt, können aber nicht gelöscht werden!
habe schon diverse onlinescans drüberlaufen lassen, antivir findet genausowenig.
vielleicht gibt es jemanden der mir helfen kann,

danke im voraus

anbei ein aktuelles logfile

Logfile of HijackThis v1.99.1
Scan saved at 15:25:05, on 07.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programme\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\Programme\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Programme\Browser Mouse\Browser Mouse\1.0\mouse32a.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programme\Winamp\winampa.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Creative\MediaSource\Detector\CTDetect.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Creative\Shared Files\Media Sniffer\MtdAcq.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [FLMBROWSEMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.0\mouse32a.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MtdAcq] C:\Programme\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138903108718
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37930.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programme\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

#2 CWShredder
http://virus-protect.org/antispytools.html
Während des Scanvorganges müssen ALLE sonstige Anwendungen beendet werden und alle Browserfenster müssen geschlossen sein!

* Doppelklick CWShredder.exe
* Klick "Fix ->" und klick "OK"
* CWShredder scannen lassen
* Click "Next->" und dann "Exit".
* Log-->"make Report"--> bitte posten
__________
MfG Sabina

rund um die PC-Sicherheit

#3 hi sabina!
glaube nicht das es was gebracht hat?!

hier das log

**** Run Keys ****

RUN: [FLMBROWSEMOUSE] C:\Programme\Browser Mouse\Browser Mouse\1.0\mouse32a.exe
RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
RUN: [nwiz] nwiz.exe /install
RUN: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
RUN: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
RUN: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
RUN: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
RUN: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
RUN: [WinampAgent] C:\Programme\Winamp\winampa.exe
RUN: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
RUN: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
RUN: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
RUN: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
RUN: [Creative Detector] C:\Programme\Creative\MediaSource\Detector\CTDetect.exe /R
RUN: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
RUN: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
RUN: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
RUN: [MtdAcq] C:\Programme\Creative\Shared Files\Media Sniffer\MtdAcq.exe /s
RUN: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
RUN: [Sonic RecordNow! Deluxe]


**** Browser Helper Objects ****

BHO: []
BHO: [] C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: [Windows Live Sign-in Helper] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll


**** IE Toolbars ****



**** IE Extensions ****

IEExt: []
IEExt: [Messenger] C:\Programme\Messenger\msmsgs.exe


**** Hosts File Entries ****



**** IE Settings ****

IEBypass: localhost
Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Local Page: C:\WINDOWS\system32\blank.htm
Search Bar: http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
Search Page: http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR


**** IE Context Menu (Right click) ****

IEContext: [Nach Microsoft &Excel exportieren] res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0D220E8C-985B-4F45-80B8-4478AB95B472}] SEQPACKET 6
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0D220E8C-985B-4F45-80B8-4478AB95B472}] DATAGRAM 6
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E76C896A-0CCB-4F7D-9C5C-347DD7497E1B}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E76C896A-0CCB-4F7D-9C5C-347DD7497E1B}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{426CDA4A-79AA-49F7-A4AD-3E9341BA9525}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{426CDA4A-79AA-49F7-A4AD-3E9341BA9525}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{86277FCD-7BE4-4E5E-A62E-E5A64F0A08B2}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{86277FCD-7BE4-4E5E-A62E-E5A64F0A08B2}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{75D3D789-031A-40C0-9654-805D5E256A42}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{75D3D789-031A-40C0-9654-805D5E256A42}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2C772E85-3BED-4707-BFF9-819FE1814627}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2C772E85-3BED-4707-BFF9-819FE1814627}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A1E125AA-F334-442C-BCF2-62805DC35FDB}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A1E125AA-F334-442C-BCF2-62805DC35FDB}] DATAGRAM 2


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

DirectAnimation Java Classes [file://C:\WINDOWS\Java\classes\dajava.cab]
Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab]
{6414512B-B978-451D-A0D8-FCFDF33E833C} [http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138903108718] C:\WINDOWS\System32\wuweb.dll
{7F8C8173-AD80-4807-AA75-5672F22B4582} [http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37930.cab] C:\WINDOWS\Downloaded Program Files\ICSScan.dll
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} [http://acs.pandasoftware.com/activescan/as5free/asinst.cab]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} [http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38033.6485416667]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} [http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]


**** Windows Services ****

[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AntiVirScheduler] C:\Programme\AntiVir PersonalEdition Classic\sched.exe
[AntiVirService] C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[CCALib8] C:\Programme\Canon\CAL\CALMAIN.exe
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[Creative Service for CDROM Access] C:\WINDOWS\System32\CTsvcCDA.EXE
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[ImapiService] C:\WINDOWS\System32\imapi.exe
[iPodService] C:\Programme\iPod\bin\iPodService.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\System32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[NVSvc] %SystemRoot%\System32\nvsvc32.exe
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[SoundMAX Agent Service (default)] C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{5B9F2D91-9687-4F49-809D-947F8F27ADA4}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] C:\WINDOWS\System32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[UMWdf] C:\WINDOWS\system32\wdfmgr.exe
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[usnsvc] C:\WINDOWS\system32\svchost.exe -k usnsvc
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs


**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SEARCH: [AutoSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.google.at/
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [FullScreen] no
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Window_Placement] ,
IEOPT: [AddToFavoritesExpanded]
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Use FormSuggest] no
IEOPT: [NoSaveAsPOSTWarning]
IEOPT: [Save Directory] C:\Dokumente und Einstellungen\Artur\Eigene Dateien\Geld\Überweisungen\
IEOPT: [FormSuggest PW Ask] no
IEOPT: [Check_Associations] yes
IEOPT: [Error Dlg Details Pane Open] yes
IEOPT: [Force Offscreen Composition]
IEOPT: [Enable Browser Extensions] yes
IEOPT: [ShowGoButton] yes
IEOPT: [NoWebJITSetup]
IEOPT: [Friendly http errors] yes
IEOPT: [FavIntelliMenus] no
IEOPT: [NscSingleExpand]
IEOPT: [SmoothScroll]
IEOPT: [Page_Transitions]
IEOPT: [AllowWindowReuse]
IEOPT: [UseThemes]
IEOPT: [Print_Background] no
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [Play_Animations] yes
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [Show image placeholders]
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Display Inline Videos] yes
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [Use Search Asst] no
IEOPT: [Search Page] http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IEOPT: [AutoSearch]
IEOPT: [Search Bar] http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IEOPT: [Use Custom Search URL]
IEOPT: [DisableScriptDebuggerIE] yes
IEOPT: [LastCheckedHi] cûÆ
s
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] about:blank
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Check_Associations] yes
IEOPT: [Use Search Asst] no
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Use_DlgBox_Colors] yes

danke
&
mfg
shiva1

#4 dann scanne noch mal mit spybot und versuche den scanreport abzukopieren oder mir den Pfad der Virenmeldungen hier zu schreiben
__________
MfG Sabina

rund um die PC-Sicherheit

#5 hallo sabina!

danke erstmal für die schnelle hilfe!

im anhang habe ich das ergebnis vom spyb.s&d scan.

danke und mfg

shiva1

#6 Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein

Zitat

Files to delete:
C:\WINDOWS\jakxy.txt
C:\WINDOWS\iaucu.txt
C:\WINDOWS\ffeef.txt
C:\WINDOWS\ezqws.txt

Klicke die grüne Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
poste das log vom avenger, was nach neustart erscheint
__________
MfG Sabina

rund um die PC-Sicherheit

#7 hallo sabina!
hier das log vom avenger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ofjlgeng

*******************

Script file located at: \??\C:\Program Files\gvltucqc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\jakxy.txt not found!
Deletion of file C:\WINDOWS\jakxy.txt failed!

Could not process line:
C:\WINDOWS\jakxy.txt
Status: 0xc0000034

File C:\WINDOWS\iaucu.txt deleted successfully.
File C:\WINDOWS\ffeef.txt deleted successfully.
File C:\WINDOWS\ezqws.txt deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

danke und mfg

shiva1

#8 es sind nur txt-Dateien, aber der Urheber , der sie erstellt - ist wahrscheinlich noch auf dem Rechner, wenn es Probleme geben sollte - melde dich
__________
MfG Sabina

rund um die PC-Sicherheit

#9 hi sabina!eine datei konnte nicht gefunden werden (schreibfehler y statt j)
habe alles nochmal probiert und laut avenger wurde diese datei jetzt gelöscht.

hier das log

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bekustyv

*******************

Script file located at: \??\C:\Program Files\fkybkqca.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\jakxj.txt deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

danke und mfg

shiva1