Spyware msbb und co.

#1 Ich habe schon in diversen Threads gelesen aber hoffe trotzdem, dass mir ein paar Experten weiterhelfen können/wollen. Ich sitze hier vor einem Rechner, der ziemlich spyware "verseucht" ist. Frage an die Profis: Was muss ich wie löschen?
Meine Logfile sieht folgendermaßen aus:

Logfile of HijackThis v1.98.0
Scan saved at 16:29:42, on 09.07.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\gearsec.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\services\msxmidi.exe
C:\WINDOWS\System32\CePMTray.exe
C:\WINDOWS\System32\WLANSTA.EXE
C:\programme\u-storage tools2.1\ustorage.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\svchost.exe
C:\Programme\ScanSoft\OmniPagePro11.0\opware32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\ISTsvc\istsvc.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\programme\180solutions\msbb.exe
C:\WINDOWS\System32\gbhjid.exe
C:\WINDOWS\sxutst.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\runwin32.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\svchost.exe
C:\Programme\RagTime Privat\Konni\KonniSymbol.exe
C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\casm.exe
C:\WINDOWS\System32\yqhznlqy.exe
C:\Programme\Zone Labs\ZoneAlarm\zapro.exe
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Dokumente und Einstellungen\Klaus\Desktop\ende.com

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = in.webcounter.cc/-/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = 4-v.net/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\Klaus\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\Klaus\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 1-se.com/home.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = 4-v.net/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\Klaus\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\Klaus\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\Klaus\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = homepage.com
@www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\Klaus\LOKALE~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = homepage.com
@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = bestsearch.cc/2484/search.php?qq=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = all-find.net/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = homepage.com
@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: AutoSearch Class - {1E432263-6841-4653-8F02-366A2F77E339} - C:\PROGRA~2\WINDOW~2\WinSB1.DLL
F0 - system.ini: Shell=
F1 - win.ini: run=fntldr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O1 - Hosts: 81.223.4.114 server-sbg
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\System32\services\2.01.00.dll
O2 - BHO: (no name) - {63FB6550-B116-0FCA-8757-10550AD22847} - C:\WINDOWS\System32\ifgcpdpt.dll
O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {933732EA-0085-497E-A885-AAE883399757} - C:\WINDOWS\System32\lklpn.dll
O2 - BHO: EventHandler Class - {9FB534E3-67CB-4307-AE0A-9E8B5581BE2C} - C:\PROGRA~2\WINDOW~2\WinSB1.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programme\SideFind\sfbho.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Search Bar - {A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F} - C:\PROGRA~2\WINDOW~2\WinSB1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
O4 - HKLM\..\Run: [CP888M1] C:\PROGRA~1\EzButton\CP888M1.EXE
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programme\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [UStorage] c:\programme\u-storage tools2.1\ustorage.exe sys_auto_run C:\Programme\U-Storage Tools2.1
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Soundmx] \soundmx.exe
O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell32.dll /c /set
O4 - HKLM\..\Run: [Users System] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPagePro11.0\opware32.exe
O4 - HKLM\..\Run: [sys] regedit /s sys.reg
O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\system32\services\msxmidi.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [msbb] c:\programme\180solutions\msbb.exe
O4 - HKLM\..\Run: [mdozlkik] C:\WINDOWS\System32\gbhjid.exe
O4 - HKLM\..\Run: [Power Scan] C:\Programme\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [sxutst] C:\WINDOWS\sxutst.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunServices: [Users System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [rundll32] C:\windows\rundll32.exe
O4 - HKCU\..\Run: [runwin32] C:\WINDOWS\runwin32.exe
O4 - HKCU\..\Run: [wininet32] C:\WINDOWS\wininet32.exe
O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\msxmidi.exe
O4 - HKCU\..\Run: [dllhelp] c:\windows
O4 - HKCU\..\Run: [Users System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [Konni Symbol Autostart] "C:\Programme\RagTime Privat\Konni\KonniSymbol.exe"
O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\system32\services\msxmidi.exe
O4 - HKCU\..\Run: [Ctur] C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\casm.exe
O4 - HKCU\..\Run: [Andod] C:\WINDOWS\System32\yqhznlqy.exe
O4 - HKCU\..\RunServices: [Users System] C:\WINDOWS\svchost.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Programme\Zone Labs\ZoneAlarm\zapro.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Programme\Internet Explorer\PLUGINS\nppdf32.dll
O13 - DefaultPrefix: ehttp.cc/?
O13 - WWW Prefix: ehttp.cc/?
O16 - DPF: {11111111-1111-1111-1111-111111111237} - 66.117.42.151/1/deaDE21.exe
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - public.windupdates.com/get_file.php?bt=ie&p=0c8af29cad1529a0c2f12262efe492244d317f6ab2c86bff7585b7e883263ddf35912dd813dee463c744961d2b31add589650eef4d876c0fc2a2f745d64562:c31e3730b38c174130e1e2729109a237
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} - cl55.biz/tracker/eu_cax.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - 7090977.offshoreclicks.com/dialup_files/99950054.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{590D1E17-1EAD-4262-B003-26B32563DF0F}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1225823-DF80-4583-B225-2DCA14F23B35}: NameServer = 192.168.0.1
O18 - Protocol: msencarta - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL
O18 - Protocol: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\msero.dll
O18 - Protocol: msref - {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Reference 2001\MSREF.DLL
O18 - Filter: text/html - {1ADA6658-8016-4C8E-BC91-C1E5B7AA48C7} - C:\WINDOWS\System32\lklpn.dll
O18 - Filter: text/plain - {1ADA6658-8016-4C8E-BC91-C1E5B7AA48C7} - C:\WINDOWS\System32\lklpn.dll
O19 - User stylesheet: C:\WINDOWS\Web\tips.ini
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)
O20 - AppInit_DLLs: NVDESK32.DLL

#2 Laß da doch esrt mal ein Tool wie ad aware oder spybot drüberlaufen die bringen immer etwas mehr licht ins dunkle

#3 Phil H

Deaktivere die Wiederherstellung und versuche die Reinigung...auf eigenes Risiko !!!!

fixe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = in.webcounter.cc/-/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = 4-v.net/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\Klaus\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\Klaus\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 1-se.com/home.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = 4-v.net/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOKUME~1\Klaus\LOKALE~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOKUME~1\Klaus\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\Klaus\LOKALE~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = homepage.com
@www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOKUME~1\Klaus\LOKALE~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = homepage.com
@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = bestsearch.cc/2484/search.php?qq=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = all-find.net/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = homepage.com
@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
..........................................................................................
hier bin ich mir nicht sicher ...hast du diese Proxyeinstellung ?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
.........................................................................................
F1 - win.ini: run=fntldr.exe

O1 - Hosts: 81.223.4.114 server-sbg
O2 - BHO: TwaintecObj Class - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\System32\services\2.01.00.dll
O2 - BHO: (no name) - {63FB6550-B116-0FCA-8757-10550AD22847} - C:\WINDOWS\System32\ifgcpdpt.dll
O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll

O2 - BHO: (no name) - {933732EA-0085-497E-A885-AAE883399757} - C:\WINDOWS\System32\lklpn.dll
O2 - BHO: EventHandler Class - {9FB534E3-67CB-4307-AE0A-9E8B5581BE2C} - C:\PROGRA~2\WINDOW~2\WinSB1.DLL
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programme\SideFind\sfbho.dll

O3 - Toolbar: Windows Search Bar - {A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F} - C:\PROGRA~2\WINDOW~2\WinSB1.DLL

O4 - HKLM\..\Run: [svchost] C:\WINDOWS\svchost.exe

O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell32.dll /c /set
O4 - HKLM\..\Run: [Users System] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programme\ScanSoft\OmniPagePro11.0\opware32.exe
O4 - HKLM\..\Run: [sys] regedit /s sys.reg
O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\system32\services\msxmidi.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [msbb] c:\programme\180solutions\msbb.exe
O4 - HKLM\..\Run: [mdozlkik] C:\WINDOWS\System32\gbhjid.exe
O4 - HKLM\..\Run: [Power Scan] C:\Programme\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [sxutst] C:\WINDOWS\sxutst.exe
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\RunServices: [Users System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [rundll32] C:\windows\rundll32.exe
O4 - HKCU\..\Run: [runwin32] C:\WINDOWS\runwin32.exe
O4 - HKCU\..\Run: [wininet32] C:\WINDOWS\wininet32.exe
O4 - HKCU\..\Run: [AddClass] C:\WINDOWS\msxmidi.exe
O4 - HKCU\..\Run: [dllhelp] c:\windows
O4 - HKCU\..\Run: [Users System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [Konni Symbol Autostart] "C:\Programme\RagTime Privat\Konni\KonniSymbol.exe"
O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\system32\services\msxmidi.exe
O4 - HKCU\..\Run: [Ctur] C:\Dokumente und Einstellungen\Klaus\Anwendungsdaten\casm.exe
O4 - HKCU\..\Run: [Andod] C:\WINDOWS\System32\yqhznlqy.exe
O4 - HKCU\..\RunServices: [Users System] C:\WINDOWS\svchost.exe

8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll

O13 - DefaultPrefix: ehttp.cc/?
O13 - WWW Prefix: ehttp.cc/?
O16 - DPF: {11111111-1111-1111-1111-111111111237} - 66.117.42.151/1/deaDE21.exe
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - public.windupdates.com/get_file.php?bt=ie&p=0c8af29cad1529a0c2f12262efe492244d317f6ab2c86bff7585b7e883263ddf35912dd813dee463c744961d2b31add589650eef4d876c0fc2a2f745d64562:c31e3730b38c174130e1e2729109a237

O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} - cl55.biz/tracker/eu_cax.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - 7090977.offshoreclicks.com/dialup_files/99950054.cab

O18 - Filter: text/html - {1ADA6658-8016-4C8E-BC91-C1E5B7AA48C7} - C:\WINDOWS\System32\lklpn.dll
O18 - Filter: text/plain - {1ADA6658-8016-4C8E-BC91-C1E5B7AA48C7} - C:\WINDOWS\System32\lklpn.dll
O19 - User stylesheet: C:\WINDOWS\Web\tips.ini

NEUSTARTEN

1.Lade den Stinger
http://vil.nai.com/vil/stinger/

2.Lade Sp
http://www.rokop-security.de/main/article.php?sid=746
..........................................................................................................
Deinstalliere den Symantec...er ist zerstoert
3... Lade Antivir...stelle ein <alle Dateien scannen<
Gehe in den abgesicherten Modus...F8 beim Hochfahren druecken und mache einen Vollscann
http://www.free-av.de/


normal neustarten


4. Lade AdAware free und Spybot
http://www.rokop-security.de/main/article.php?sid=703

5. Lade Spysweeper free
http://www.spysweeper.com/

6. Loesche unter InternetOptionen die TemporaryInternetFiles und stelle eine neue Startseite ein.

7.Scanne mit dem escann...mwav.exe <alle Dateien<
http://www.mwti.net/antivirus/free_utilities.asp

8.Loesche unter InternetOptionen die TemporaryInternetfiles und poste das Endlog vom mwav.exe und das Log vom HijackThis

MfG
Sabina


MACHE DIE WINDOWSUPDATES !!!!!!!!!!!!
Start\Programme\WindowsUpdate
__________
MfG Sabina

rund um die PC-Sicherheit