Bitte um Check - TR/Spy.Tofger.BI.2

joachim

Hallo zusammen,

ich brauche dringend Hilfe, um o.g. Trojaner loszukriegen.

Hier das Ergebnis von eScan im abgesicherten Modus:

File C:\WINDOWS\gx9fzj83m9.exe infected by "not-a-virus:AdvWare.ToolBar.EliteBar.b" Virus. Action Taken: File Renamed.
File C:\WINDOWS\winec.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\netsm.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\ipzg.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\nethb32.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\javadc32.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\winvt32.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\ipki.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\javaen.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\mswl32.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\d3mw32.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: File Deleted.
File C:\WINDOWS\netld.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\ipqk.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\mfceq.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\addgo.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: File Deleted.
File C:\WINDOWS\SYSTEM\d3gn32.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\SYSTEM\mfcnh.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\SYSTEM\ntqi.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\SYSTEM\crce32.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\SYSTEM\apite.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\SYSTEM\ieqc.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\SYSTEM\nthk32.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\SYSTEM\atlab32.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\SYSTEM\mspz.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\SYSTEM\netko.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\SYSTEM\winbn32.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\SYSTEM\sdkcr.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\SYSTEM\ntqs32.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\SYSTEM\sysoq.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\SYSTEM\crgj.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\SYSTEM\atlcw32.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: File Deleted.
File C:\WINDOWS\SYSTEM\msbe.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\SYSTEM\mspb.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: File Deleted.
File C:\WINDOWS\SYSTEM\apiqb32.exe infected by "TrojanDownloader.Win32.Agent.bq" Virus. Action Taken: File Deleted.
File C:\WINDOWS\SYSTEM\wincd.exe infected by "TrojanDownloader.Win32.Agent.ap" Virus. Action Taken: File Renamed.
File C:\WINDOWS\COMMAND\EBD\EBD.CAB tagged as not-a-virus:Tool.DOS.Restart. No Action Taken.
File C:\WINDOWS\Downloaded Program Files\msits.exe infected by "TrojanDownloader.Win32.Agent.aw" Virus. Action Taken: File Deleted.
File C:\WINDOWS\Downloaded Program Files\v2.dll infected by "not-a-virus:AdvWare.ToolBar.EliteBar.b" Virus. Action Taken: File Renamed.
File C:\WINDOWS\Downloaded Program Files\on-line.exe infected by "Trojan.Win32.Dialer.by" Virus. Action Taken: File Deleted.
File C:\win98-cd\ebd.cab tagged as not-a-virus:Tool.DOS.Restart. No Action Taken.

Und dann das HiJackThisLog, ebenfalls im abgesicherten Modus:

Logfile of HijackThis v1.98.2
Scan saved at 02:20:34, on 01.09.04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\ABLAGE\DOWNLOAD\PROGIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\ejvij.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\ejvij.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\ejvij.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\ejvij.dll/sp.html#29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\ejvij.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\ejvij.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von Lycos Europe
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: Class - {ADBB2B32-9D6D-2822-DB06-CF181C871E64} - C:\WINDOWS\IPTP.DLL
O2 - BHO: Class - {B77E8E18-89DB-8257-A7FB-38BE68EA01F2} - C:\WINDOWS\IPTP.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.ExE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Touch Manager] C:\Programme\Netropa\Touch Manager\TouchMgr.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\Dexxa\Dexxa Optical Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - Startup: Office-Start.lnk = C:\Programme\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft-Indexerstellung.lnk = C:\Programme\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Ähnliche Seiten - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Verweisseiten - res://C:\PROGRAMME\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.140/code/PWActiveXImgCtl.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.johannrain-softwareentwic...itdefender.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: v2cab - http://searchmiracle.com/cab/v2cab.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/420/online.chm::/on-line.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...a29296baabe1d6
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.185.252.136,194.25.2.129,192.168.1.1

Und jetzt?? Ich hab sowas von keine Ahnung und bin für jede Hilfe dankbar!!!

Gruß

Joachim :-)