Trojaner-Board - Hilfe ich hab nen trojaner

Moin, ich hab nen Trojaner und nen dropper nachfolgen die log datei!
kann mir jemand helfen den kram wieder los zu werden?

Logfile of HijackThis v1.99.1
Scan saved at 18:57:31, on 29.04.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Office keyboard utility\1.4\nhksrv.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\HanseNet\HANSEN~1\app\pppoeservice.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\apicj32.exe
C:\WINDOWS\popuper.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\intmonp.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Browser MOUSE\mouse32a.exe
C:\Programme\Office keyboard utility\1.4\OFFICEKB.exe
C:\Programme\Winamp\Winampa.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Programme\Netscape\Netscape\Netscp.exe
C:\Programme\Office keyboard utility\1.4\MMKEYB.EXE
C:\WorkPad\hotsync.exe
C:\Programme\Realtek\Rtl8180\RtlWake.exe
C:\Programme\Office keyboard utility\1.4\TrayMon.exe
C:\Programme\Office keyboard utility\1.4\osd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\crml.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qfind.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\iglnr.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\iglnr.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\iglnr.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\iglnr.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\iglnr.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\iglnr.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.qfind.net/search.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {FEFEC367-0557-50DA-92D8-EFF9A710070B} - C:\WINDOWS\d3sq.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Programme\Office keyboard utility\1.4\OFFICEKB.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Programme\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Programme\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [addnl.exe] C:\WINDOWS\system32\addnl.exe
O4 - HKLM\..\Run: [apijk32.exe] C:\WINDOWS\system32\apijk32.exe
O4 - HKLM\..\Run: [apizo32.exe] C:\WINDOWS\system32\apizo32.exe
O4 - HKLM\..\Run: [atlxd.exe] C:\WINDOWS\system32\atlxd.exe
O4 - HKLM\..\Run: [iecu32.exe] C:\WINDOWS\system32\iecu32.exe
O4 - HKLM\..\Run: [crml.exe] C:\WINDOWS\crml.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Programme\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\WorkPad\hotsync.exe
O4 - Global Startup: RtlWake.lnk = ?
O4 - Global Startup: WinManager.lnk = C:\Programme\PC-TV\WinManager\WinManager.exe
O9 - Extra button: Microsoft AntiSpyware helper - {9EA8FDC4-6486-40E6-AFD0-3022BB3B27AA} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9EA8FDC4-6486-40E6-AFD0-3022BB3B27AA} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {9EA8FDC4-6486-40E6-AFD0-3022BB3B27AA} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9EA8FDC4-6486-40E6-AFD0-3022BB3B27AA} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:tsk.mht!http://69.50.171.149/webace/s1//q.chm::/file.exe
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4904B0BE-2128-428E-9686-AD97C36F980C}: NameServer = 213.191.74.18 213.191.92.87
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\cruc.exe (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programme\Office keyboard utility\1.4\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\HanseNet\HANSEN~1\app\pppoeservice.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

danke im voraus

Ps: Es handelt sich um den Dropper Agent.BQ.2 und den trojaner Tr/Agent.BI
beide entdeckt von antivir!

Janosch
Janosch