danke für die schnellen Antworten, ich poste hier mal die aktuelle Logfile. Wenn ich die Datein löschen will muss ich dann im abgesicherten Modus starten?
Logfile of HijackThis v1.99.1
Scan saved at 21:21:31, on 09/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\Programme\NettalkIRCD\NettalkIRCD.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\evntsvc.exe
C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\jokdergg.exe
C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\qldnaqwp.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\WINDOWS\System32\??plorer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\ataa\upam.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\Programme\BearShare\BearShare.exe
C:\Programme\BearShare\BearShare.exe
C:\Programme\mozilla.org\Mozilla\mozilla.exe
C:\Programme\ahead\Nero\nero.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\System32\taskmgr.exe
C:\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.de/0SEDEDE/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.gmx.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://www.gmx.de/
O2 - BHO: 12Ghosts Popup-Killer - {00000000-0007-5041-4354-0020e48020af} - C:\Programme\12Ghosts\12popup.dll
O2 - BHO: ZServObj Class - {00000000-C1EC-0345-6EC2-4D0300000000} - C:\WINDOWS\ZServ.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0713D61A-1AFC-3659-8D99-45D1EE64C7CF} - C:\WINDOWS\System32\vgkntf.dll
O2 - BHO: (no name) - {7646E86C-26F3-542E-8E5E-5927C296BF93} - C:\WINDOWS\System32\kwogvhzr.dll
O2 - BHO: (no name) - {EA041E3C-D1F4-FD23-D949-FD4D85D57290} - C:\WINDOWS\System32\gzqxq.dll
O2 - BHO: (no name) - {EAAEC1E5-0824-70A6-5087-24D02D2022C4} - C:\WINDOWS\System32\skqp.dll
O2 - BHO: (no name) - {F9FE7DC4-E400-CDD3-7927-9B5B255B6092} - C:\WINDOWS\System32\tmekc.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar\01.01.1601.0\de\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - C:\Programme\12Ghosts\12popup.dll
O4 - HKLM\..\Run: [WinFavorites] C:\Program Files\WinFavorites\WinFavorites.exe1
O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Programme\STOPzilla!\Stopzilla.exe /autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DSB] C:\Programme\DSB\DSB.exe
O4 - HKLM\..\Run: [cqdxzp] C:\WINDOWS\System32\jokdergg.exe
O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Programme\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe /L ElbyCDFL
O4 - HKLM\..\Run: [checkup115] C:\WINDOWS\System32\lssas.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [bblwuoxm] C:\WINDOWS\qldnaqwp.exe
O4 - HKLM\..\Run:
C:\WINDOWS\System32\dgozjg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe -atboottime
O4 - HKLM\..\Run: [BujSrv32] C:\WINDOWS\bujsrv.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKCU\..\Run: [winlogx] C:\WINDOWS\System32\service.exe %srun%
O4 - HKCU\..\Run: [Juput] C:\WINDOWS\System32\??plorer.exe
O4 - HKCU\..\Run: [diagdisc] C:\WINDOWS\System32\dirrun.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Edrs] C:\Programme\ataa\upam.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VR-NetWorld Auftragsprüfung.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: concept/design's onlineTV - {54C7F28F-0A7B-4CE4-A861-025F98D56A93} - C:\Programme\onlineTV\onlineTV.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra->Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra->Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web8.cab
O16 - DPF: {BEC65CAF-8156-CFAD-DD7E-AD4D1E173FBB} (DownloadUL Class) - http://public.searchbarcash.com/cab/005/ocgvprml.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O20 - Winlogon Notify: WB - C:\Programme\Stardock\Object Desktop\ThemeManager\fastload.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NettalkIRCD (NtIrcd) - Nicolas Kruse - C:\Programme\NettalkIRCD\NettalkIRCD.exe
Wie muss ich jetzt weiter machen?
gruß matze