Trojan.Downloader.Istbar.W and...winupdt.A

My machine is infected with two "trojans" which I can`t delete.
Bitdefender recognizes: Trojan.Downloader.Istbar.W and
Trojan.Downloader.Winupdt.A but cannot manage the problem.
Updated Spybot, AdAware, CWShredder, Bazooka, even don`t find them.
Trojans are resistant in my temporary internet files (IE5/content) (2.6 MB)!
Can see the content of these files only in my Ghooost backup-file.

Please help

Logfile of HijackThis v1.98.2
Scan saved at 00:18:43, on 16.09.2004
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programme\Gemeinsame Dateien\Softwin\BitDefender Scan Server\bdss.exe
C:\Programme\Softwin\BitDefender Professional Edition\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Test\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Programme\Softwin\BitDefender Professional Edition\bdnagent.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Programme\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093971277187
O17 - HKLM\System\CCS\Services\Tcpip\..\{B76E1FAE-47B2-40BF-8DB2-E7F65D43186D}: NameServer = 192.92.138.35 193.81.83.2

 

Hi Günter,

The HijackThis log you posted seems correct.
Do the following operation for each user accounts of your system including Administrator :
Clear your Internet cache :
Click Start Button, click Settings, click Control Panel, click Internet Options, click Delete files button, click Delete cookies

 

Hallo!
Thx. But still all done with no efect!
Also hidden files are visible, I can`t see the the files in the folder. And the folder (temporary IEFiles) has about 2.6 MB! As I mentioned above I can look the files only in my backup`s in Ghoost 2003 (with Ghoost Explorer)

 

Hum !
I have another possible solution :
Log on with administrator account;
Create a new folder something like C:\IeCache;
Go to Internet Options, click the button Settings (or Parameters), clic the button Move the folder to get the IE content into C:\IECache (normally, the 2,6 MB file will not follow)
You will be asked to reboot;
Delete manually the file that will stay in the old IE buffer

 

Duh ! I just realize that Ghost is a recovery tool that allows you to recover data on the hard drive even if they have been deleted. It's possible you copied 2 viruses which were deleted by your anti-virus but physically, they are still present on the hard drive.
It's the explanation of why no anti-virus was able to locate them
So, I suggest you to drop my prior post and to defrag your C: drive.
Make another Ghost image. Normally, you should see no more viruses.

 

Hi!
First advice to move the Cache folder worked!!!!
Beasts are gone, many Thx!!!
Donation on the way ;-)
Usually I was very happy with Symantec`s Ghoost.
But in all my Backup`s I found the two guys.
Always I backup / restore the whole Partition, though I felt very secure, but I thought when restoring a partition, all former files are deleted. mhh
Anyway: THX a lot