Hallo,

ich habe das gleiche Problem: Die Startseite (sonst google) führt jetzt auf irgendeine ominöse Seite und lässt sich nicht mehr verändern.

Kann mir vielleicht irgend jemand weiterhelfen ?

Hijack Logfile:

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\NORMAN\WIN95\CLAW95.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMME\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAMME\GEMEINSAME DATEIEN\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\DESKTOP\RICOH\RGATEL.EXE
C:\WINDOWS\TWAIN_32\CIS600X\WATCH.EXE
C:\PROGRAMME\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\PROGRAMME\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMME\SONY CORPORATION\PICTURE PACKAGE\PICTURE PACKAGE MENU\SONYTRAY.EXE
C:\PROGRAMME\SONY CORPORATION\PICTURE PACKAGE\PICTURE PACKAGE APPLICATIONS\RESIDENCE.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\AIM95\AIM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMME\DAP\DAP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMME\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.3.68/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.clickyestoenter.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: PowerSearch - {4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D} - C:\Programme\PowerSearch\Toolbar\pwrsacez.dll (file missing)
O2 - BHO: (no name) - {3135D9D9-70D3-4907-89E6-2F152DAA787A} - C:\WINDOWS\SYSTEM\NADJ.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D} - C:\Programme\PowerSearch\Toolbar\pwrsacez.dll (file missing)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Cat's Claw] C:\NORMAN\WIN95\Claw95.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [F-STOPW.EXE] "C:\Programme\FSI\F-Prot\F-STOPW.EXE"
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programme\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\PROGRAMME\SOFTWIN\BITDEFENDER FREE EDITION\bdnagent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [BitDefender Live! Init] C:\Programme\Softwin\BitDefender Free Edition\\bdinit.exe
O4 - HKLM\..\RunServices: [BitDefender Communicator] C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\\xcommsvr.exe
O4 - HKLM\..\RunServices: [BitDefender Scan Server] C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\\bdss.exe
O4 - Startup: Erinnerungen für Microsoft Works-Kalender.lnk = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: RICOH Gate L.lnk = C:\WINDOWS\Desktop\Ricoh\RGateL.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\CIS600X\WATCH.exe
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O4 - Startup: Picture Package Menu.lnk = C:\Programme\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Startup: Picture Package VCD Maker.lnk = C:\Programme\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: SirSearch - file://C:\Programme\PWRSACEZ\Cache\SelectedContextSearch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: Avx Online Scan (HKCU)
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.avx.com/scan/Msie/avxscan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1336838d49c ... 601_de.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://housecall.trendmicro-europe.com/ ... scan53.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-0000-0000-0000-000000000000} - http://active.macromedia.com/flash4/cabs/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 3554976852
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-17.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.0.8.cab

Lieben Gruss

Hallo@spk

Download Registry Search Tool :
http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip
Doppelklick:regsrch.vbs

kopiere rein:

{4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D}

Press 'OK'
warten, bis die Suche beendet ist. (Ergebnis bitte posten)

das machst du auch mit:

{3135D9D9-70D3-4907-89E6-2F152DAA787A}
{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
PowerSearch
PWRSACEZ
*http://216.65.3.68/search/* --> abkopieren ohne die Sternchen
*www.clickyestoenter.net* -> abkopieren ohne die Sternchen
about:NavigationFailure


#öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.65.3.68/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.clickyestoenter.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

O2 - BHO: PowerSearch - {4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D} - C:\Programme\PowerSearch\Toolbar\pwrsacez.dll (file missing)
O2 - BHO: (no name) - {3135D9D9-70D3-4907-89E6-2F152DAA787A} - C:\WINDOWS\SYSTEM\NADJ.DLL
O3 - Toolbar: PowerSearch - {4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D} - C:\Programme\PowerSearch\Toolbar\pwrsacez.dll (file missing)
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O8 - Extra context menu item: SirSearch - file://C:\Programme\PWRSACEZ\Cache\SelectedContextSearch.htm
O9 - Extra 'Tools' menuitem: Avx Online Scan (HKCU)
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.avx.com/scan/Msie/avxscan.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... itialSetup 1.0.0.8.cab

PC neustarten

KillBox
http://www.bleepingcomputer.com/files/killbox.php
<Delete File on Reboot

und klick auf das rote Kreuz,
wenn gefragt wird, ob "Do you want to reboot? "----> klicke auf "no",und kopiere das naechste rein, erst beim letzten auf "yes"

kopiere rein:

C:\Programme\PowerSearch\Toolbar\pwrsacez.dll
C:\Programme\PWRSACEZ\Cache\SelectedContextSearch.htm
C:\WINDOWS\SYSTEM\NADJ.DLL
C:\WINDOWS\TEMP\SE.DLL

PC neustarten

C:\WINDOWS\TEMP\ <---loesche alle Dateien in diesem Ordner (nicht den Ordner selbst loeschen)

C:\Programme\PowerSearch\ <---loeschen

#RegCleaner
(Tip: Lade RegCleaner, stelle das Tool in Deutsch ein und saeubere ueber <Tools<Registry saeubern<alles durchfuehren < den PC (du kannst alles angezeigte Loeschen, denn es verbleibt eine Sicherung)
http://www.chip.de/downloads/c_downloads_8830516.html

#ClaerProg..lade die neuste Version <1.4.1
http://www.clearprog.de/downloads.php
<und saeubere den Browser.
Das Programm löscht die Surfspuren des Internet Explorers ab Version 5.0, des Netscape/Mozilla und des Opera:
- Cookies
- Verlauf
- Temporäre Internetfiles (Cache)

#Ad-aware SE Personal 1.05 Updated
http://fileforum.betanews.com/detail/965718306/1
Laden--> Updaten-->scannen-->PC neustarten--> noch mal scannen--> poste das Log vom Scann


#neue Startseite
gehe zur Systemsteuerung --> Internetoptionen --> auf dem Reiter Allgemein bei Temporäre Internetdateien klickst du Dateien löschen --> auch bei Alle Offlineinhalte löschen das Häkchen setzen und mit OK bestätigen --> Auf den Reiter Programme gehen und dort auf Webeinstellungen zurücksetzen klicken, mit Ja bestätigen, fall Nachfrage kommt --> auf Übernehmen und abschließend auf OK klicken und stelle eine neue Startseite ein

CWShredder 2.12 [2004-12-13]
http://www.majorgeeks.com/download3019.html
Log-->"make Report" --> poste das komplette Log vom Scann

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D" 12.02.2005 17:59:13

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D}\ProgID]

[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Toolbar.PWRSACEZ\Clsid]
@="{4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D}"=hex:00

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D}"=hex:4f,d7,7b,4e,8d,2b,9e,46,c8,fb,fc,\



REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "PWRSACEZ" 12.02.2005 18:11:34

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D}\InprocServer32]
@="C:\\Programme\\PowerSearch\\Toolbar\\pwrsacez.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4E7BD74F-2B8D-469E-C8FB-FC6DA787AD2D}\ProgID]
@="Toolbar.PWRSACEZ"

[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Toolbar.PWRSACEZ]

[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Toolbar.PWRSACEZ]
@="PWRSACEZ"

[HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Toolbar.PWRSACEZ\Clsid]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\SirSearch]
@="file://C:\\Programme\\PWRSACEZ\\Cache\\SelectedContextSearch.htm"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\SirSearch]
"DynamicToolbar"="PWRSACEZ"

[HKEY_USERS\.DEFAULT\Software\Visicom Media\PWRSACEZ]

[HKEY_USERS\.DEFAULT\Software\PWRSACEZ]

[HKEY_USERS\.DEFAULT\Software\PWRSACEZ\Options]

________________________________________


http://216.65.3.68/search/
no instances found
_______________________________________

www.clickyestoenter.net
no instances found

Habe mich soweit durchgearbeitet, leider aber nur kurzzeitigen Erfolg gehabt. Nach einem Neustart war die ungewollte Startseite wieder da. Mittlerweile öffnen sich auch ständig Pop up-Fenster (im Minutentakt).


CWShredder Report:

**** Run Keys ****

RUN: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
RUN: [TaskMonitor] C:\WINDOWS\taskmon.exe
RUN: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
RUN: [SystemTray] SysTray.Exe
RUN: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
RUN: [Cat's Claw] C:\NORMAN\WIN95\Claw95.exe
RUN: [PE2CKFNT SE] C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
RUN: [F-STOPW.EXE] "C:\Programme\FSI\F-Prot\F-STOPW.EXE"
RUN: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
RUN: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
RUN: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
RUN: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
RUN: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r


**** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
BHO: [Google Toolbar Helper] c:\programme\google\googletoolbar1.dll
BHO: [c:\programme\google\googletoolbar1.dll] c:\programme\google\googletoolbar1.dll
BHO: [] C:\WINDOWS\SYSTEM\NADJ.DLL


**** IE Toolbars ****

TOOLBAR: [&Google] c:\programme\google\googletoolbar1.dll
TOOLBAR: [&Radio] C:\WINDOWS\SYSTEM\MSDXM.OCX
TOOLBAR: [C:\WINDOWS\SYSTEM\MSDXM.OCX] C:\WINDOWS\SYSTEM\MSDXM.OCX


**** IE Extensions ****

IEExt: [Messenger] C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
IEExt: [AIM] C:\PROGRAMME\AIM95\AIM.EXE
IEExt: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe


**** Hosts File Entries ****



**** IE Settings ****

IEBypass: localhost
Default Page: http://www.microsoft.com/isapi/redir.dl ... ar,msnhome
Default Search: http://www.microsoft.com/isapi/redir.dl ... r=iesearch
Local Page: C:\WINDOWS\SYSTEM\blank.htm
Search Bar: res://C:\WINDOWS\TEMP\se.dll/sp.html
Search Page: about:blank


**** IE Context Menu (Right click) ****

IEContext: [&Download with &DAP] C:\PROGRA~1\DAP\dapextie.htm
IEContext: [&Google Search] res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
IEContext: [Cac&hed Snapshot of Page] res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
IEContext: [Si&milar Pages] res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
IEContext: [Backward &Links] res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
IEContext: [SirSearch] file://C:\Programme\PWRSACEZ\Cache\SelectedContextSearch.htm


**** Layered Service Providers ****

LSP: MS.w95.spi.tcp
LSP: MS.w95.spi.udp
LSP: MS.w95.spi.rsvptcp
LSP: MS.w95.spi.rsvpudp


**** Blocked Control Panel Items ****

BLOCKED: []


**** Downloaded Program Files ****

Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso4.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]
DirectAnimation Java Classes [file://C:\WINDOWS\SYSTEM\dajava.cab]


**** Windows Services ****



**** Custom IE Search Items ****

SEARCH: [SearchAssistant] about:blank
SEARCH: [SearchAssistant] about:blank
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


**** Complete IE Options ****

IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINDOWS\SYSTEM\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] about:blank
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [LastCheckedHi]
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [AddToFavoritesExpanded]
IEOPT: [Use FormSuggest] no
IEOPT: [Save Directory] C:\WINDOWS\Desktop\
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [FormSuggest PW Ask] no
IEOPT: [HistoryTopNSitesView]
IEOPT: [HistoryViewType]
IEOPT: [Check_Associations] no
IEOPT: [NoUpdateCheck]
IEOPT: [ShowGoButton] yes
IEOPT: [NoJITSetup]
IEOPT: [Friendly http errors] yes
IEOPT: [FavIntelliMenus] no
IEOPT: [NscSingleExpand]
IEOPT: [SmoothScroll]
IEOPT: [Page_Transitions]
IEOPT: [Disable Script Debugger] yes
IEOPT: [AllowWindowReuse]
IEOPT: [Print_Background] no
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [Play_Animations] yes
IEOPT: [Show image placeholders]
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Display Inline Videos] yes
IEOPT: [BandRest] Never
IEOPT: [FormSuggest Passwords] yes
IEOPT: [Use Search Asst] no
IEOPT: [Use Custom Search URL]
IEOPT: [Toolbars_Placement] fÈB3>
IEOPT: [HOMEOldSP] about:blank
IEOPT: [Search Bar] res://C:\WINDOWS\TEMP\se.dll/sp.html
IEOPT: [Search Page] about:blank
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dl ... ar,msnhome
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] C:\WINDOWS\SYSTEM\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] about:blank
IEOPT: [Wizard_Version] 6.00.2800.1106
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [FullScreen] no
IEOPT: [Check_Associations] no
IEOPT: [BandRest] Never
IEOPT: [HOMEOldSP] about:blank
IEOPT: [Use Search Asst] no
IEOPT: [Use Custom Search URL]
IEOPT: [Search Bar] res://C:\WINDOWS\TEMP\se.dll/sp.html
IEOPT: [Search Page] about:blank

Hallo@

Start<Ausfuehren< msconfig


zuerst loesche diesen Eintrag im Autostart:
RUN: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

Windows XP sichert MSconfig unter "startupreg" bzw. "startupfolder".

Start<Ausfuehren<regedit

HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Shared Tools\ MSConfig\ startupreg

RUN: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Shared Tools\ MSConfig\ startupfolder

RUN: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN
loesche unter diesen Schluesseln mit Rechtsklick:

schliesse die Registry

[Search Bar] res://C:\WINDOWS\TEMP\se.dll/sp.html

loesche:(mit der Killbox)
C:\WINDOWS\TEMP\SE.DLL
C:\Programme\PWRSACEZ\Cache\SelectedContextSearch.htm
C:\\Programme\\PowerSearch\\Toolbar\\pwrsacez.dll

PC neustarten
loesche:
C:\Programme\PWRSACEZ\

eScan-Erkennungstool
eSan ist hier unter dem Namen Free eScan Antivirus Toolkit Utility kostenlos erhältlich:
http://www.mwti.net/antivirus/free_utilities.asp
oeffne den Scanner--> noch nicht scannen--> gehe in Start<Ausfuehren< schreib rein: %temp% und suche
kavupd.exe, die klickst du an--> (Update- in DOS) ausführen

-->mwav.exe oeffnen-->alle Haekchen setzen-->scannen-->View Log anklicken--> Bearbeiten anklicken--> "infected" reinschreiben
und nun alles rauskopieren, was angezeigt wird-->

dann loesche die infected -Dateien