CoolWWWSearch

[Absoluted]

Mich hat die Coole Internetsuche auch befallen, allerdings schon seit ner ganzen Zeit... jetzt muss ich das endlich mal loswerden... bitte helft mir...

also hab auch mal in HijackThis so ein Logfile erstellen lassen.... hoffe ihr könnt mit sagen was ich tun soll...

Logfile of HijackThis v1.99.1
Scan saved at 00:18:33, on 09.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\SigmaTel\C-Major Audio\stacmon.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\addss32.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\crxm32.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\LingoDict\LingoDict.exe
C:\Programme\ICQLite\ICQLite.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Programme\Free Download Manager\fdm.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Dokumente und Einstellungen\Timo Schmidt\Lokale Einstellungen\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nhpuk.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nhpuk.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\nhpuk.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nhpuk.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nhpuk.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\nhpuk.dll/sp.html#53142%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\nhpuk.dll/sp.html#53142%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {007DB292-112E-4F90-41EA-F1D4D83ADE09} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07D9CADF-B064-6D76-E095-1233894E2B1B} - (no file)
O2 - BHO: (no name) - {087899FB-71F1-C680-3656-92E12F8C1179} - (no file)
O2 - BHO: (no name) - {12338B34-63AE-D920-6A72-3BD87878A8F5} - (no file)
O2 - BHO: (no name) - {2005B9B5-C183-DBA7-D764-F4CD01F0DAA3} - (no file)
O2 - BHO: (no name) - {26596338-FD85-C653-1933-484CCE651824} - (no file)
O2 - BHO: (no name) - {41B07E2C-E9E2-8FB3-E92D-F43E8F8F3DBB} - (no file)
O2 - BHO: (no name) - {4318F737-F6A3-CF27-A22F-1F761BF98080} - (no file)
O2 - BHO: (no name) - {47AEE64C-5AEA-4ED8-103A-64D56785E44D} - (no file)
O2 - BHO: (no name) - {499E19B2-6F56-DFF8-CF23-EB7565388036} - (no file)
O2 - BHO: (no name) - {4B322B26-B148-1680-1210-710907CDFBBF} - (no file)
O2 - BHO: (no name) - {4CC5E4BE-8419-EE91-5179-7063E93961D1} - (no file)
O2 - BHO: (no name) - {51219589-FE9D-A7E2-3F0C-070910E5C08A} - (no file)
O2 - BHO: (no name) - {5646F55E-CC51-A18C-A479-66A146E21E8B} - (no file)
O2 - BHO: (no name) - {68E94B11-0682-EC6A-AC8C-7410CF035DD0} - (no file)
O2 - BHO: (no name) - {6E151392-9E35-0663-4506-86EAAC399FEC} - (no file)
O2 - BHO: (no name) - {7715CCE6-8987-9901-2E03-84A41BA95A23} - (no file)
O2 - BHO: (no name) - {787633EB-8F9E-66A4-0026-A3987933DF9F} - (no file)
O2 - BHO: (no name) - {78794F02-430B-8A38-72A8-5935AC772E23} - (no file)
O2 - BHO: (no name) - {7DD79282-4F68-5C42-8508-A678BFEE9427} - (no file)
O2 - BHO: (no name) - {7E652F00-83F5-AD05-9AAB-F6B25376211E} - (no file)
O2 - BHO: (no name) - {8516B14C-A215-9B6D-EB6E-7283E8A2619A} - (no file)
O2 - BHO: (no name) - {868F7592-83A2-3147-26F8-B83E4EB27137} - (no file)
O2 - BHO: (no name) - {8D10FF3C-0FBF-83B7-9DE2-4D8513EB92E2} - (no file)
O2 - BHO: (no name) - {916EEA1B-BCB7-4A5B-522D-4623137184B4} - (no file)
O2 - BHO: (no name) - {A5E3A16E-432C-CC0D-B946-1C802B2A708A} - (no file)
O2 - BHO: (no name) - {A6AB0709-374D-2F77-3E70-0DE0910A9568} - (no file)
O2 - BHO: Class - {A71E7E93-6EE5-277F-4626-227C3A0AA397} - C:\WINDOWS\system32\addvg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: (no name) - {ABFCA22A-1BD4-07E3-7B76-3B4A8BCD96EE} - (no file)
O2 - BHO: (no name) - {AC0C5F01-CAF2-86A5-FE15-50D81D631A6C} - (no file)
O2 - BHO: (no name) - {B9B28B37-0877-7E49-286C-63D980817566} - (no file)
O2 - BHO: (no name) - {BCA0B7D8-D1AB-9FA2-340F-BE19B55DF43E} - (no file)
O2 - BHO: (no name) - {C3D292B4-683A-18D1-852B-943823CD81BF} - (no file)
O2 - BHO: (no name) - {C6741F79-63C1-54ED-8A45-D4C8CD1BDCDE} - (no file)
O2 - BHO: (no name) - {CC208792-19B6-6EE1-3FF4-64629ED9B7E4} - (no file)
O2 - BHO: (no name) - {DCD983C8-9B1B-FB08-5B63-75CFE70CF0DC} - (no file)
O2 - BHO: (no name) - {E70C49FA-C0FE-DFE2-B1E6-50B26C41D08C} - (no file)
O2 - BHO: (no name) - {EC21022E-0E8A-E8F9-EB27-24CE313EDC67} - (no file)
O2 - BHO: (no name) - {ECCCE4E0-5367-3965-8A39-03589F292C7D} - (no file)
O2 - BHO: (no name) - {F0D81A42-6809-2DA7-9649-78825C8E9FB0} - (no file)
O2 - BHO: (no name) - {F0E16BEF-D89D-E599-8205-FED1F4920959} - (no file)
O2 - BHO: (no name) - {FA97C6B1-9087-B2CD-3C5C-1A0E430CE5E5} - (no file)
O2 - BHO: (no name) - {FCDEB34A-1990-EB7A-10FE-C6D6D4B0064B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AS00_Gear511] C:\Programme\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Programme\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [addel32.exe] C:\WINDOWS\system32\addel32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [addss32.exe] C:\WINDOWS\system32\addss32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Programme\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {173B697E-E1CA-4661-B3C4-A2C38C153533} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {173B697E-E1CA-4661-B3C4-A2C38C153533} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\crxm32.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[gandal]

Folgendes fixen, wie auch hier beschrieben (beachten !):
http://www.hwe-forum.de/index.php/topic,15353.0.html


C:\WINDOWS\system32\addss32.exe
C:\WINDOWS\crxm32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nhpuk.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nhpuk.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\nhpuk.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nhpuk.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nhpuk.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\nhpuk.dll/sp.html#53142%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\nhpuk.dll/sp.html#53142%resultposition.net
O2 - BHO: (no name) - {007DB292-112E-4F90-41EA-F1D4D83ADE09} - (no file)
O2 - BHO: (no name) - {07D9CADF-B064-6D76-E095-1233894E2B1B} - (no file)
O2 - BHO: (no name) - {087899FB-71F1-C680-3656-92E12F8C1179} - (no file)
O2 - BHO: (no name) - {12338B34-63AE-D920-6A72-3BD87878A8F5} - (no file)
O2 - BHO: (no name) - {2005B9B5-C183-DBA7-D764-F4CD01F0DAA3} - (no file)
O2 - BHO: (no name) - {26596338-FD85-C653-1933-484CCE651824} - (no file)
O2 - BHO: (no name) - {41B07E2C-E9E2-8FB3-E92D-F43E8F8F3DBB} - (no file)
O2 - BHO: (no name) - {4318F737-F6A3-CF27-A22F-1F761BF98080} - (no file)
O2 - BHO: (no name) - {47AEE64C-5AEA-4ED8-103A-64D56785E44D} - (no file)
O2 - BHO: (no name) - {499E19B2-6F56-DFF8-CF23-EB7565388036} - (no file)
O2 - BHO: (no name) - {4B322B26-B148-1680-1210-710907CDFBBF} - (no file)
O2 - BHO: (no name) - {4CC5E4BE-8419-EE91-5179-7063E93961D1} - (no file)
O2 - BHO: (no name) - {51219589-FE9D-A7E2-3F0C-070910E5C08A} - (no file)
O2 - BHO: (no name) - {5646F55E-CC51-A18C-A479-66A146E21E8B} - (no file)
O2 - BHO: (no name) - {68E94B11-0682-EC6A-AC8C-7410CF035DD0} - (no file)
O2 - BHO: (no name) - {6E151392-9E35-0663-4506-86EAAC399FEC} - (no file)
O2 - BHO: (no name) - {7715CCE6-8987-9901-2E03-84A41BA95A23} - (no file)
O2 - BHO: (no name) - {787633EB-8F9E-66A4-0026-A3987933DF9F} - (no file)
O2 - BHO: (no name) - {78794F02-430B-8A38-72A8-5935AC772E23} - (no file)
O2 - BHO: (no name) - {7DD79282-4F68-5C42-8508-A678BFEE9427} - (no file)
O2 - BHO: (no name) - {7E652F00-83F5-AD05-9AAB-F6B25376211E} - (no file)
O2 - BHO: (no name) - {8516B14C-A215-9B6D-EB6E-7283E8A2619A} - (no file)
O2 - BHO: (no name) - {868F7592-83A2-3147-26F8-B83E4EB27137} - (no file)
O2 - BHO: (no name) - {8D10FF3C-0FBF-83B7-9DE2-4D8513EB92E2} - (no file)
O2 - BHO: (no name) - {916EEA1B-BCB7-4A5B-522D-4623137184B4} - (no file)
O2 - BHO: (no name) - {A5E3A16E-432C-CC0D-B946-1C802B2A708A} - (no file)
O2 - BHO: (no name) - {A6AB0709-374D-2F77-3E70-0DE0910A9568} - (no file)
O2 - BHO: Class - {A71E7E93-6EE5-277F-4626-227C3A0AA397} - C:\WINDOWS\system32\addvg.dll
O2 - BHO: (no name) - {ABFCA22A-1BD4-07E3-7B76-3B4A8BCD96EE} - (no file)
O2 - BHO: (no name) - {AC0C5F01-CAF2-86A5-FE15-50D81D631A6C} - (no file)
O2 - BHO: (no name) - {B9B28B37-0877-7E49-286C-63D980817566} - (no file)
O2 - BHO: (no name) - {BCA0B7D8-D1AB-9FA2-340F-BE19B55DF43E} - (no file)
O2 - BHO: (no name) - {C3D292B4-683A-18D1-852B-943823CD81BF} - (no file)
O2 - BHO: (no name) - {C6741F79-63C1-54ED-8A45-D4C8CD1BDCDE} - (no file)
O2 - BHO: (no name) - {CC208792-19B6-6EE1-3FF4-64629ED9B7E4} - (no file)
O2 - BHO: (no name) - {DCD983C8-9B1B-FB08-5B63-75CFE70CF0DC} - (no file)
O2 - BHO: (no name) - {E70C49FA-C0FE-DFE2-B1E6-50B26C41D08C} - (no file)
O2 - BHO: (no name) - {EC21022E-0E8A-E8F9-EB27-24CE313EDC67} - (no file)
O2 - BHO: (no name) - {ECCCE4E0-5367-3965-8A39-03589F292C7D} - (no file)
O2 - BHO: (no name) - {F0D81A42-6809-2DA7-9649-78825C8E9FB0} - (no file)
O2 - BHO: (no name) - {F0E16BEF-D89D-E599-8205-FED1F4920959} - (no file)
O2 - BHO: (no name) - {FA97C6B1-9087-B2CD-3C5C-1A0E430CE5E5} - (no file)
O2 - BHO: (no name) - {FCDEB34A-1990-EB7A-10FE-C6D6D4B0064B} - (no file)
O4 - HKLM\..\Run: [addel32.exe] C:\WINDOWS\system32\addel32.exe
O4 - HKLM\..\Run: [addss32.exe] C:\WINDOWS\system32\addss32.exe

Wenn Du das nicht kennst, fixen !
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {173B697E-E1CA-4661-B3C4-A2C38C153533} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {173B697E-E1CA-4661-B3C4-A2C38C153533} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\crxm32.exe

[tyco]

Diesen Eintrag mußt Du nach dem "Fixen" noch nachträglich mit "Delete NT Service" entfernen:

O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\crxm32.exe

Das 'Fixen' des 023-Eintrages beendet und deaktiviert lediglich den Dienst. Es ist daher erforderlich, den Dienst entweder manuell oder mit einem entsprechenden Tool aus der Registry zu entfernen. In HijackThis 1.99.1 oder höher kann die Option 'Delete NT Service' unter 'Misc Tools' hierfür genutzt werden.

[Absoluted]

Hab die Einträge gefixt wie empfohlen
L2MRemover hat bei mir nichts gefunden
das fixen der 023  wollte er im abgesicherten Modus nicht richtig machen über die "delete an NT service"

aber Testläufe von Antivir und Spybot haben nichts mehr gefunden

trotzdem hier nochmal das aktuelle Logfile von HijackThis...
kann man das so lassen?

Logfile of HijackThis v1.99.1
Scan saved at 14:47:56, on 09.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\SigmaTel\C-Major Audio\stacmon.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\AntiVir PersonalEdition Classic\avcenter.exe
C:\Programme\AntiVir PersonalEdition Classic\avscan.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\Timo Schmidt\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {007DB292-112E-4F90-41EA-F1D4D83ADE09} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07D9CADF-B064-6D76-E095-1233894E2B1B} - (no file)
O2 - BHO: (no name) - {087899FB-71F1-C680-3656-92E12F8C1179} - (no file)
O2 - BHO: (no name) - {12338B34-63AE-D920-6A72-3BD87878A8F5} - (no file)
O2 - BHO: (no name) - {2005B9B5-C183-DBA7-D764-F4CD01F0DAA3} - (no file)
O2 - BHO: (no name) - {21A1C882-1AE5-671F-4915-5766CC5C773C} - (no file)
O2 - BHO: (no name) - {26596338-FD85-C653-1933-484CCE651824} - (no file)
O2 - BHO: (no name) - {41B07E2C-E9E2-8FB3-E92D-F43E8F8F3DBB} - (no file)
O2 - BHO: (no name) - {4318F737-F6A3-CF27-A22F-1F761BF98080} - (no file)
O2 - BHO: (no name) - {47AEE64C-5AEA-4ED8-103A-64D56785E44D} - (no file)
O2 - BHO: (no name) - {499E19B2-6F56-DFF8-CF23-EB7565388036} - (no file)
O2 - BHO: (no name) - {4B322B26-B148-1680-1210-710907CDFBBF} - (no file)
O2 - BHO: (no name) - {4CC5E4BE-8419-EE91-5179-7063E93961D1} - (no file)
O2 - BHO: (no name) - {51219589-FE9D-A7E2-3F0C-070910E5C08A} - (no file)
O2 - BHO: (no name) - {5646F55E-CC51-A18C-A479-66A146E21E8B} - (no file)
O2 - BHO: (no name) - {68E94B11-0682-EC6A-AC8C-7410CF035DD0} - (no file)
O2 - BHO: (no name) - {6E151392-9E35-0663-4506-86EAAC399FEC} - (no file)
O2 - BHO: (no name) - {7715CCE6-8987-9901-2E03-84A41BA95A23} - (no file)
O2 - BHO: (no name) - {787633EB-8F9E-66A4-0026-A3987933DF9F} - (no file)
O2 - BHO: (no name) - {78794F02-430B-8A38-72A8-5935AC772E23} - (no file)
O2 - BHO: (no name) - {7DD79282-4F68-5C42-8508-A678BFEE9427} - (no file)
O2 - BHO: (no name) - {7E652F00-83F5-AD05-9AAB-F6B25376211E} - (no file)
O2 - BHO: (no name) - {8188D633-178A-AA0A-A38C-74006F515B3E} - (no file)
O2 - BHO: (no name) - {8516B14C-A215-9B6D-EB6E-7283E8A2619A} - (no file)
O2 - BHO: (no name) - {868F7592-83A2-3147-26F8-B83E4EB27137} - (no file)
O2 - BHO: (no name) - {8D10FF3C-0FBF-83B7-9DE2-4D8513EB92E2} - (no file)
O2 - BHO: (no name) - {916EEA1B-BCB7-4A5B-522D-4623137184B4} - (no file)
O2 - BHO: (no name) - {A5E3A16E-432C-CC0D-B946-1C802B2A708A} - (no file)
O2 - BHO: (no name) - {A6AB0709-374D-2F77-3E70-0DE0910A9568} - (no file)
O2 - BHO: (no name) - {A71E7E93-6EE5-277F-4626-227C3A0AA397} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: (no name) - {ABFCA22A-1BD4-07E3-7B76-3B4A8BCD96EE} - (no file)
O2 - BHO: (no name) - {AC0C5F01-CAF2-86A5-FE15-50D81D631A6C} - (no file)
O2 - BHO: (no name) - {B9B28B37-0877-7E49-286C-63D980817566} - (no file)
O2 - BHO: (no name) - {BCA0B7D8-D1AB-9FA2-340F-BE19B55DF43E} - (no file)
O2 - BHO: (no name) - {BF04EC21-B4D7-E397-C0E8-1F5F00D064D8} - (no file)
O2 - BHO: (no name) - {C3D292B4-683A-18D1-852B-943823CD81BF} - (no file)
O2 - BHO: (no name) - {C6741F79-63C1-54ED-8A45-D4C8CD1BDCDE} - (no file)
O2 - BHO: (no name) - {CC208792-19B6-6EE1-3FF4-64629ED9B7E4} - (no file)
O2 - BHO: (no name) - {DCD983C8-9B1B-FB08-5B63-75CFE70CF0DC} - (no file)
O2 - BHO: (no name) - {E70C49FA-C0FE-DFE2-B1E6-50B26C41D08C} - (no file)
O2 - BHO: (no name) - {EC21022E-0E8A-E8F9-EB27-24CE313EDC67} - (no file)
O2 - BHO: (no name) - {ECCCE4E0-5367-3965-8A39-03589F292C7D} - (no file)
O2 - BHO: (no name) - {F0D81A42-6809-2DA7-9649-78825C8E9FB0} - (no file)
O2 - BHO: (no name) - {F0E16BEF-D89D-E599-8205-FED1F4920959} - (no file)
O2 - BHO: (no name) - {FA97C6B1-9087-B2CD-3C5C-1A0E430CE5E5} - (no file)
O2 - BHO: (no name) - {FCDEB34A-1990-EB7A-10FE-C6D6D4B0064B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AS00_Gear511] C:\Programme\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Programme\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Programme\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Programme\Free Download Manager\dllink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Tausendank schon mal bis hierhin

[American]

Folgende Sachen sollten noch Gefixt werden:

O2 - BHO: (no name) - {007DB292-112E-4F90-41EA-F1D4D83ADE09} - (no file)
O2 - BHO: (no name) - {07D9CADF-B064-6D76-E095-1233894E2B1B} - (no file)
O2 - BHO: (no name) - {087899FB-71F1-C680-3656-92E12F8C1179} - (no file)
O2 - BHO: (no name) - {12338B34-63AE-D920-6A72-3BD87878A8F5} - (no file)
O2 - BHO: (no name) - {2005B9B5-C183-DBA7-D764-F4CD01F0DAA3} - (no file)
O2 - BHO: (no name) - {21A1C882-1AE5-671F-4915-5766CC5C773C} - (no file)
O2 - BHO: (no name) - {26596338-FD85-C653-1933-484CCE651824} - (no file)
O2 - BHO: (no name) - {41B07E2C-E9E2-8FB3-E92D-F43E8F8F3DBB} - (no file)
O2 - BHO: (no name) - {4318F737-F6A3-CF27-A22F-1F761BF98080} - (no file)
O2 - BHO: (no name) - {47AEE64C-5AEA-4ED8-103A-64D56785E44D} - (no file)
O2 - BHO: (no name) - {499E19B2-6F56-DFF8-CF23-EB7565388036} - (no file)
O2 - BHO: (no name) - {4B322B26-B148-1680-1210-710907CDFBBF} - (no file)
O2 - BHO: (no name) - {4CC5E4BE-8419-EE91-5179-7063E93961D1} - (no file)
O2 - BHO: (no name) - {51219589-FE9D-A7E2-3F0C-070910E5C08A} - (no file)
O2 - BHO: (no name) - {5646F55E-CC51-A18C-A479-66A146E21E8B} - (no file)
O2 - BHO: (no name) - {68E94B11-0682-EC6A-AC8C-7410CF035DD0} - (no file)
O2 - BHO: (no name) - {6E151392-9E35-0663-4506-86EAAC399FEC} - (no file)
O2 - BHO: (no name) - {7715CCE6-8987-9901-2E03-84A41BA95A23} - (no file)
O2 - BHO: (no name) - {787633EB-8F9E-66A4-0026-A3987933DF9F} - (no file)
O2 - BHO: (no name) - {78794F02-430B-8A38-72A8-5935AC772E23} - (no file)
O2 - BHO: (no name) - {7DD79282-4F68-5C42-8508-A678BFEE9427} - (no file)
O2 - BHO: (no name) - {7E652F00-83F5-AD05-9AAB-F6B25376211E} - (no file)
O2 - BHO: (no name) - {8188D633-178A-AA0A-A38C-74006F515B3E} - (no file)
O2 - BHO: (no name) - {8516B14C-A215-9B6D-EB6E-7283E8A2619A} - (no file)
O2 - BHO: (no name) - {868F7592-83A2-3147-26F8-B83E4EB27137} - (no file)
O2 - BHO: (no name) - {8D10FF3C-0FBF-83B7-9DE2-4D8513EB92E2} - (no file)
O2 - BHO: (no name) - {916EEA1B-BCB7-4A5B-522D-4623137184B4} - (no file)
O2 - BHO: (no name) - {A5E3A16E-432C-CC0D-B946-1C802B2A708A} - (no file)
O2 - BHO: (no name) - {A6AB0709-374D-2F77-3E70-0DE0910A9568} - (no file)
O2 - BHO: (no name) - {A71E7E93-6EE5-277F-4626-227C3A0AA397} - (no file)
O2 - BHO: (no name) - {ABFCA22A-1BD4-07E3-7B76-3B4A8BCD96EE} - (no file)
O2 - BHO: (no name) - {AC0C5F01-CAF2-86A5-FE15-50D81D631A6C} - (no file)
O2 - BHO: (no name) - {B9B28B37-0877-7E49-286C-63D980817566} - (no file)
O2 - BHO: (no name) - {BCA0B7D8-D1AB-9FA2-340F-BE19B55DF43E} - (no file)
O2 - BHO: (no name) - {BF04EC21-B4D7-E397-C0E8-1F5F00D064D8} - (no file)
O2 - BHO: (no name) - {C3D292B4-683A-18D1-852B-943823CD81BF} - (no file)
O2 - BHO: (no name) - {C6741F79-63C1-54ED-8A45-D4C8CD1BDCDE} - (no file)
O2 - BHO: (no name) - {CC208792-19B6-6EE1-3FF4-64629ED9B7E4} - (no file)
O2 - BHO: (no name) - {DCD983C8-9B1B-FB08-5B63-75CFE70CF0DC} - (no file)
O2 - BHO: (no name) - {E70C49FA-C0FE-DFE2-B1E6-50B26C41D08C} - (no file)
O2 - BHO: (no name) - {EC21022E-0E8A-E8F9-EB27-24CE313EDC67} - (no file)
O2 - BHO: (no name) - {ECCCE4E0-5367-3965-8A39-03589F292C7D} - (no file)
O2 - BHO: (no name) - {F0D81A42-6809-2DA7-9649-78825C8E9FB0} - (no file)
O2 - BHO: (no name) - {F0E16BEF-D89D-E599-8205-FED1F4920959} - (no file)
O2 - BHO: (no name) - {FA97C6B1-9087-B2CD-3C5C-1A0E430CE5E5} - (no file)
O2 - BHO: (no name) - {FCDEB34A-1990-EB7A-10FE-C6D6D4B0064B} - (no file)

[gandal]

Versuche die Einträge im abgesicherten Modus zu fixen.

[Absoluted]

diese Einträge lassen sich weder normal noch im abgesicherten Modus fixen.
Also hab das über HijackThis - v1.99.1 versucht...
wie kann ich das denn sonst machen?

ach ja... und was sind das eigentlich für Einträge die ich da lösche?
Meine Unbildung ist hierbei universell...

danke schon mal

[gandal]

Kommt da eine Meldung ?

[Absoluted]

keine Spezielle... erst, dass jetzt gleich gelöscht wird und dann noch:

HijackThis is about to remove a BHO and the corresponding file from your system. Close all Internet Explorer windows AND all Windows Explorer windows before continuing for the best chance of success


kann es sein dass irgendetwas im Hintergrund läuft von dem ich nix weiß... und es den selben effekt hat, wie wenn man nen explorer offen hat??

[tyco]

Und hast Du den IE und alle Explorerfenster geschlossen?

[Absoluted]

jo hab ich natürlich gemacht... hat er ja gesagt...

[Absoluted]

also hab das vielleicht gar nicht klar geschrieben...
ich markier die alle... dann geh ich auf fixen... dann kommen die zwei Meldungen....
und dann arbeitet er die scheinbar auch alle ab...
aber wenn ich nen neuen Scan mache, sind sie immer noch da....