schaut euch das log an und helft mir bitte
is von einer kollegin von mir

Logfile of HijackThis v1.99.1
Scan saved at 18:17:01, on 06.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Programme\AVPersonal\AVSCHED32.EXE
C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE
C:\Programme\ZyXEL\ZyAIR B-200 Wireless LAN USB Adapter\WLUSBCFG.exe
C:\Programme\StreamCast\Morpheus\morphexe.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programme\Messenger Plus! 3\MsgPlus.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Judith\Eigene Dateien\Meine empfangenen Dateien\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ymxuizjvqvylfc.uk/W9CsYsD...F8V/UbQa_.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ez-finder.com/?1161
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lookfor.cc?pin=52409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://lookfor.cc/sp.php?pin=52409
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lookfor.cc?pin=52409
R3 - URLSearchHook: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\webdlg32.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe
O1 - Hosts: 64.233.167.104 www.symantec.com
O1 - Hosts: 64.233.167.104 www.sophos.com
O1 - Hosts: 64.233.167.104 www.mcafee.com
O1 - Hosts: 64.233.167.104 www.viruslist.com
O1 - Hosts: 64.233.167.104 www.f-secure.com
O1 - Hosts: 64.233.167.104 www.avp.com
O1 - Hosts: 64.233.167.104 www.kaspersky.com
O1 - Hosts: 64.233.167.104 www.networkassociates.com
O1 - Hosts: 64.233.167.104 www.ca.com
O1 - Hosts: 64.233.167.104 www.my-etrust.com
O1 - Hosts: 64.233.167.104 www.nai.com
O1 - Hosts: 64.233.167.104 www.trendmicro.com
O1 - Hosts: 64.233.167.104 www.grisoft.com
O1 - Hosts: 64.233.167.104 securityresponse.symantec.com
O1 - Hosts: 64.233.167.104 symantec.com
O1 - Hosts: 64.233.167.104 sophos.com
O1 - Hosts: 64.233.167.104 mcafee.com
O1 - Hosts: 64.233.167.104 liveupdate.symantecliveupdate.com
O1 - Hosts: 64.233.167.104 viruslist.com
O1 - Hosts: 64.233.167.104 f-secure.com
O1 - Hosts: 64.233.167.104 kaspersky.com
O1 - Hosts: 64.233.167.104 kaspersky-labs.com
O1 - Hosts: 64.233.167.104 avp.com
O1 - Hosts: 64.233.167.104 networkassociates.com
O1 - Hosts: 64.233.167.104 ca.com
O1 - Hosts: 64.233.167.104 mast.mcafee.com
O1 - Hosts: 64.233.167.104 my-etrust.com
O1 - Hosts: 64.233.167.104 download.mcafee.com
O1 - Hosts: 64.233.167.104 dispatch.mcafee.com
O1 - Hosts: 64.233.167.104 secure.nai.com
O1 - Hosts: 64.233.167.104 nai.com
O1 - Hosts: 64.233.167.104 update.symantec.com
O1 - Hosts: 64.233.167.104 updates.symantec.com
O1 - Hosts: 64.233.167.104 us.mcafee.com
O1 - Hosts: 64.233.167.104 liveupdate.symantec.com
O1 - Hosts: 64.233.167.104 customer.symantec.com
O1 - Hosts: 64.233.167.104 rads.mcafee.com
O1 - Hosts: 64.233.167.104 trendmicro.com
O1 - Hosts: 64.233.167.104 grisoft.com
O1 - Hosts: 64.233.167.104 sandbox.norman.no
O1 - Hosts: 64.233.167.104 www.pandasoftware.com
O1 - Hosts: 64.233.167.104 uk.trendmicro-europe.com
O2 - BHO: sPeerObj Class - {00000097-7C67-4BA6-8B42-05128941688A} - C:\WINDOWS\speeryox.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Programme\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O2 - BHO: (no name) - {2AA0D77D-C8A5-66CE-BC1B-8F3AAE9652B5} - C:\WINDOWS\adddr.dll (file missing)
O2 - BHO: IE Search Toolbar Helper - {2C5175A2-ADF3-4F57-AB70-BA90FD60A383} - C:\Programme\IESearchToolbar\IESearchToolbar.dll
O2 - BHO: StartBHO Class - {30192F8D-0958-44E6-B54D-331FD39AC959} - C:\WINDOWS\webdlg32.dll (file missing)
O2 - BHO: (no name) - {4F766EC4-211C-AC42-9FA4-99E5B875A4CF} - C:\WINDOWS\netuw.dll
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL (file missing)
O2 - BHO: Pop Class - {A9AEE0DD-89E1-40EE-8749-A18650CC2175} - C:\WINDOWS\winsx.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll (file missing)
O2 - BHO: (no name) - {E8A82A63-6FBD-9A72-873C-84F915E1650D} - C:\DOKUME~1\Lukas\ANWEND~1\ENCLOU~1\MAPIPLATFORM.exe (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll (file missing)
O3 - Toolbar: IE Search Toolbar - {EB381422-F797-4A98-A266-9DC490821907} - C:\Programme\IESearchToolbar\IESearchToolbar.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRA~1\ISTbar\istbar.dll (file missing)
O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\webdlg32.dll (file missing)
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programme\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [apifm.exe] C:\WINDOWS\system32\apifm.exe
O4 - HKLM\..\Run: [mshelp32] C:\WINDOWS\System32\mshelp32.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [doit.exe] doit.exe
O4 - HKLM\..\Run: [IST Service] C:\Programme\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [GZ7rJ] C:\WINDOWS\huhxpgfm.exe
O4 - HKLM\..\Run: [WebRebates0] C:\Programme\Web_Rebates\WebRebates0.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SRNMIC~1\SOLOSENT.EXE
O4 - HKLM\..\Run: [SoloSchedule] C:\PROGRA~1\SRNMIC~1\SOLOCFG.EXE
O4 - HKLM\..\Run: [SoloSysCheck] C:\PROGRA~1\SRNMIC~1\SYSCHECK.COM
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r
O4 - HKLM\..\RunServices: [doit.exe] doit.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programme\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ownsaudio] C:\DOKUME~1\userin\ANWEND~1\BLAHRE~1\Bin Surf Knob.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Morpheus.lnk = C:\Programme\StreamCast\Morpheus\morpheus.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programme\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Symantec Fax Starter Edition-Anschluss.lnk = C:\Programme\Microsoft Office\Office\1031\OLFSNT40.EXE
O4 - Global Startup: ZyAIR B-200 Wireless LAN USB Adapter Utility.lnk = C:\Programme\ZyXEL\ZyAIR B-200 Wireless LAN USB Adapter\WLUSBCFG.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZNxdm414YYCH
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programme\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programme\SideFind\sidefind.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 64.62.171.156
O15 - Trusted IP range: 64.62.171.156 (HKLM)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {14F65762-96FB-44B9-8DAC-93845F377A0E} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {182F7C66-5882-4976-8FD4-63A8317563B0} - http://66.117.37.5/1/rdgCH155.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...p1.0.0.8-2.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab30149.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://horse-active.net/ang/loader2.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: AntiVir Update Temp (TmpUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\DOKUME~1\JUDITH\LOKALE~1\TEMP\_VWUPSRV.EXE
O23 - Service: Network Security Service (�%AF夶À¨) - Unknown owner - C:\WINDOWS\system32\apirx32.exe (file missing)

Das System ist total verseucht!
http://www3.ca.com/securityadvisor/v....aspx?id=39437
http://www.sophos.com/virusinfo/anal...2forbotek.html
Diese 2 Schädlinge sind nur ein kleiner Teil dessen, was sich da sonst noch so tummelt.

=> Als einzig vernünftige Lösung bleibt nur das:
"System neu aufsetzen und vor der ersten Internetverbindung entsprechend absichern".

ich stimme zu


ps: mir gefallt deine signatur^^

der burner Xd