Trojaner-Board - IE hijack

hi, habe den hijack mit der cool websearch startseite und ich krieg ihn einfach nicht ganz raus aus meinem system (XP), habe mir schon paar einträge durchgelesen, die anleitung auf dieser yellow-page haut nicht hin, den schlüssel findet er nicht.

was ich bisher ausprobiert habe: cwshredder, adaware, antivir, spybot, hier mein logfile von hijack this:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\obd.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.holgerbanse.de/version2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=ftp-proxy.btx.dtag.de:80;http=213.234.124.23:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <local>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.holger-banse.de"); (C:\Programme\Netscape\Users\dsf\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ICQ Lite] D:\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [AVGCtrl] D:\Antivir\AVGNT.EXE /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunServices: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20...eInstaller.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{19E852A4-3DE9-4AE8-B406-AC4B30AD2186}: NameServer = 194.25.2.129,141.1.1.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4DC6E38-407C-42B2-8F73-54EC393F3AF0}: NameServer = 141.1.1.1,194.25.2.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA20EDB8-412A-48EE-BBE8-2FC8CC0AFDC7}: NameServer = 141.1.1.12,194.25.2.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{D93B86E8-D1A0-41D5-8097-27541637BCAE}: NameServer = 141.1.1.12,194.25.2.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{19E852A4-3DE9-4AE8-B406-AC4B30AD2186}: NameServer = 194.25.2.129,141.1.1.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{19E852A4-3DE9-4AE8-B406-AC4B30AD2186}: NameServer = 194.25.2.129,141.1.1.12