Trojaner-Board - Trojaner löschen

Hier mein Hijack Log

Logfile of HijackThis v1.98.2
Scan saved at 15:52:11, on 15.10.2004
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

(Unable to list running processes (error#53))
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.176.201.9/ie/?loc=searchurl&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\lnmohga.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\lnmohga.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\System32\lnmohga.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\System32\lnmohga.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\lnmohga.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\System32\lnmohga.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von tele.ring
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.jet2web.net;*.aon.at;<local>
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7BC02FA1-AD0F-11D8-BAD5-00006AC54E4F} - C:\WINNT\System32\lnmohga.dll
O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [MGA QuickDesk] "C:\Programme\MGA NT PowerDesk\QDesk\MGAQDESK.EXE"
O4 - HKLM\..\Run: [MGA Hook] "C:\WINNT\System32\MGAHOOK.EXE"
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Programme\Navnt\POProxy.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\Navnt\npscheck.exe
O4 - HKLM\..\Run: [ICONFIG.EXE] C:\PROGRA~1\GEMEIN~1\SHUTTL~1\ICONFIG.EXE "Software\Shuttle Technology\epcfwnt\Flash"
O4 - HKLM\..\Run: [Folder Service] qjinfo.exe
O4 - HKLM\..\Run: [svchosts32] C:\WINNT\SYSTEM32\men.exe
O4 - HKLM\..\Run: [Micosoft Startup] systall.exe
O4 - HKLM\..\Run: [fI@HOME] C:\WINNT\SYSTEM32\vgdew.exe
O4 - HKLM\..\Run: [bcnswSX] C:\WINNT\SYSTEM32\bsqf.exe
O4 - HKLM\..\Run: [dvsfss] fbsfsdrs.exe
O4 - HKLM\..\RunServices: [dvsfss] fbsfsdrs.exe
O4 - HKCU\..\Run: [dvsfss] fbsfsdrs.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Programme\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Programme\Navnt\navapw32.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .mov: C:\PROGRA~1\Plus!\MICROS~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\Plus!\MICROS~1\PLUGINS\npqtplugin3.dll
O13 - WWW. Prefix: http://
O18 - Filter: text/html - {7BC02FA0-AD0F-11D8-BAD5-00000589EBD4} - C:\WINNT\System32\lnmohga.dll
O18 - Filter: text/plain - {7BC02FA0-AD0F-11D8-BAD5-00000589EBD4} - C:\WINNT\System32\lnmohga.dll

Danke Harald