Hallo an alle!!
Haben mir einen Trojaner eingefangen siehe titel!! bei jedem Neustart von Windows ist er wieder da!!! Des weiteren habe ich keine rechte Maustaste mehr auf allen Internetseiten und kann auch keine Dateianhängez.B in gmx anfügen und auch die entferntaste geht nimmer.
Könnt ihr mir weiterhelfen!!! Mache schon ne Woche rum und es gibt sehr wenig über den Trojaner!!!

anbei mein Logfile!!!
Danke für eure Hilfe!!
Gruß
Wolf332

Files siehe oben

Ich würde denken, dass Du erst mal ein komplettes HJT-Log posten solltest.

Hier das neue file Teil 1


StartupList report, 10.11.2005, 22:20:56
StartupList version: 1.52.2
Started from : E:\Dokumente und Einstellungen\**********\Desktop\HijackThis.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\system32\ad_elmd.exe
E:\WINNT\System32\svchost.exe
E:\PROGRA~1\borland\INTERB~1\Bin\ibguard.exe
e:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
E:\Programme\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe
E:\WINNT\system32\regsvc.exe
C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\system32\Service.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\mspmspsv.exe
E:\WINNT\system32\svchost.exe
E:\Programme\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlagent.EXE
E:\WINNT\Explorer.EXE
E:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Programme\FreePDF\FreePDFA.exe
E:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
E:\PROGRA~1\mcafee.com\agent\mcagent.exe
e:\progra~1\mcafee.com\vso\mcvsescn.exe
E:\Programme\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
e:\PROGRA~1\mcafee.com\vso\mcshield.exe
E:\PROGRA~1\borland\INTERB~1\Bin\ibserver.exe
E:\Programme\Internet Explorer\IEXPLORE.EXE
E:\Programme\Internet Explorer\IEXPLORE.EXE
E:\Programme\Internet Explorer\IEXPLORE.EXE
E:\Programme\Internet Explorer\IEXPLORE.EXE
E:\Dokumente und Einstellungen\************\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[E:\Dokumente und Einstellungen\********\Startmenü\Programme\Autostart]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[E:\Dokumente und Einstellungen\All Users.WINNT\Startmenü\Programme\Autostart]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = E:\WINNT\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ATIPTA = E:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
FreePDFAssistent = E:\Programme\FreePDF\FreePDFA.exe
NeroFilterCheck = E:\WINNT\system32\NeroCheck.exe
VSOCheckTask = "e:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
VirusScan Online = "e:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
MCAgentExe = e:\PROGRA~1\mcafee.com\agent\mcagent.exe
MCUpdateExe = E:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
Synchronization Manager = mobsync.exe /logon

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PowerBar = "E:\Programme\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

Teil 2

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = E:\WINNT\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = E:\WINNT\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = "E:\WINNT\System32\shmgrate.exe" OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = "E:\WINNT\System32\shmgrate.exe" OCInstallUserConfigOE

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection E:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{6A5110B5-E14B-4268-A065-EF89FF33C325}] *
StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection E:\WINNT\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = E:\WINNT\system32\Rundll32.exe E:\WINNT\system32\mscories.dll,Install

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from E:\WINNT\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from E:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

E:\WINNT\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
E:\WINNT\Explorer\Explorer.exe: not present
E:\WINNT\System\Explorer.exe: not present
E:\WINNT\System32\Explorer.exe: not present
E:\WINNT\Command\Explorer.exe: not present
E:\WINNT\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in E:\WINNT
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registrierungs-Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO's found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

McAfee.com Update Check (KONST-Wolfgang Suess).job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://E:\WINNT\Java\classes\dajava.cab
OSD = E:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://E:\WINNT\Java\classes\xmldso.cab
OSD = E:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd

[InstaFred Control]
InProcServer32 = E:\WINNT\DOWNLO~1\InstFred.ocx
CODEBASE = file://E:\Programme\MDT5\InstFred.ocx

[AcDcToday-Steuerung]
InProcServer32 = E:\WINNT\DOWNLO~1\ACDCTO~1.OCX
CODEBASE = file://E:\Programme\MDT5\AcDcToday.ocx

[Shockwave Flash Object]
InProcServer32 = E:\WINNT\system32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[AcPreview-Steuerung]
InProcServer32 = E:\WINNT\DOWNLO~1\ACPREV~1.OCX
CODEBASE = file://E:\Programme\MDT5\AcPreview.ocx

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: E:\WINNT\System32\rnr20.dll
NameSpace #2: E:\WINNT\System32\winrnr.dll
Protocol #1: E:\WINNT\system32\msafd.dll
Protocol #2: E:\WINNT\system32\msafd.dll
Protocol #3: E:\WINNT\system32\msafd.dll
Protocol #4: E:\WINNT\system32\rsvpsp.dll
Protocol #5: E:\WINNT\system32\rsvpsp.dll
Protocol #6: E:\WINNT\system32\msafd.dll
Protocol #7: E:\WINNT\system32\msafd.dll
Protocol #8: E:\WINNT\system32\msafd.dll
Protocol #9: E:\WINNT\system32\msafd.dll
Protocol #10: E:\WINNT\system32\msafd.dll
Protocol #11: E:\WINNT\system32\msafd.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI-Treiber: System32\DRIVERS\ACPI.sys (system)
Autodesk License Manager: E:\WINNT\system32\ad_elmd.exe (autostart)
Umgebung für die AFD-Netzwerkunterstützung: \SystemRoot\System32\drivers\afd.sys (autostart)
Warndienst: %SystemRoot%\System32\services.exe (manual start)
Anwendungsverwaltung: %SystemRoot%\system32\services.exe (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
Asynchroner RAS -Medientreiber: System32\DRIVERS\asyncmac.sys (manual start)
Standard-IDE/ESDI-Festplattencontroller: System32\DRIVERS\atapi.sys (system)
ATI Smart: E:\WINNT\system32\ati2sgag.exe (disabled)
ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
Protokoll für ATM ARP-Client: System32\DRIVERS\atmarpc.sys (manual start)
Audiostubtreiber: System32\DRIVERS\audstub.sys (manual start)
Intelligenter Hintergrundübertragungsdienst: %SystemRoot%\System32\svchost.exe -k BITSgroup (manual start)
Computerbrowser: %SystemRoot%\System32\services.exe (autostart)
C-Dilla: \??\E:\WINNT\system32\drivers\CDANT.SYS (manual start)
C-DillaSrv: E:\WINNT\system32\DRIVERS\CDANTSRV.EXE (disabled)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM-Laufwerktreiber: System32\DRIVERS\cdrom.sys (system)
Indexdienst: E:\WINNT\System32\cisvc.exe (manual start)
Ablagemappe: %SystemRoot%\system32\clipsrv.exe (manual start)
C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start)
DHCP-Client: %SystemRoot%\System32\services.exe (autostart)
Datenträgertreiber: System32\DRIVERS\disk.sys (system)
dmboot: System32\drivers\dmboot.sys (disabled)
Treiber für die Verwaltung logischer Datenträger: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Verwaltung logischer Datenträger: %SystemRoot%\System32\services.exe (autostart)
Microsoft DirectMusic SW-Synthesizer (WDM): system32\drivers\DMusic.sys (manual start)
DNS-Client: %SystemRoot%\System32\services.exe (autostart)
Ereignisprotokoll: %SystemRoot%\system32\services.exe (autostart)
COM+-Ereignissystem: E:\WINNT\System32\svchost.exe -k netsvcs (manual start)
Faxdienst: %systemroot%\system32\faxsvc.exe (manual start)
Diskettencontrollertreiber: System32\DRIVERS\fdc.sys (manual start)
Diskettentreiber: System32\DRIVERS\flpydisk.sys (manual start)
Treiber für Datenträger-Manager: System32\DRIVERS\ftdisk.sys (system)
Gameport-Enumerator: System32\DRIVERS\gameenum.sys (manual start)
Standardpaketklassifizierung: System32\DRIVERS\msgpc.sys (manual start)
Microsoft HID Class-Treiber: System32\DRIVERS\hidusb.sys (autostart)
i8042-Tastatur- und PS/2-Mausanschluss-Treiber: System32\DRIVERS\i8042prt.sys (system)
InterBase Guardian: E:\PROGRA~1\borland\INTERB~1\Bin\ibguard.exe -s (autostart)
InterBase Server: E:\PROGRA~1\borland\INTERB~1\Bin\ibserver.exe -s -g (manual start)
Filtertreiber für IP-Verkehr: System32\DRIVERS\ipfltdrv.sys (manual start)
IP/IP-Tunneltreiber: System32\DRIVERS\ipinip.sys (manual start)
IP-Netzwerkadressenübersetzer: System32\DRIVERS\ipnat.sys (manual start)
IPSEC-Treiber: System32\DRIVERS\ipsec.sys (manual start)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP-ISA/EISA-Bus-Treiber: System32\DRIVERS\isapnp.sys (system)
Tastaturklassentreiber: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel-Waveaudiomixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\services.exe (autostart)
Arbeitsstationsdienst: %SystemRoot%\System32\services.exe (autostart)
TCP/IP-NetBIOS-Hilfsprogramm: %SystemRoot%\System32\services.exe (autostart)
McAfee.com McShield: e:\PROGRA~1\mcafee.com\vso\mcshield.exe (manual start)
McAfee SecurityCenter Update Manager: E:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (manual start)
McAfee.com VirusScan Online Realtime Engine: e:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding (autostart)
Nachrichtendienst: %SystemRoot%\System32\services.exe (autostart)
NetMeeting-Remotedesktop-Freigabe: E:\WINNT\System32\mnmsrvc.exe (manual start)
Mausklassentreiber: System32\DRIVERS\mouclass.sys (system)
HID-Maustreiber: System32\DRIVERS\mouhid.sys (manual start)
BDA MPE Filter: System32\DRIVERS\MPE.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: E:\WINNT\System32\msdtc.exe (manual start)
Windows Installer: E:\WINNT\System32\MsiExec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Proxy für Streaming Clock: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Proxy für Streaming Quality Manager: system32\drivers\MSPQM.sys (manual start)
MSSQL$WINCCFLEXIBLE: E:\Programme\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe -sWINCCFLEXIBLE (autostart)
MSSQLServerADHelper: E:\Programme\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
NaiFiltr: \??\E:\Programme\McAfee.com\VSO\NaiFiltr.sys (manual start)
NaiFsRec: System32\drivers\NaiFsRec.sys (system)
RAS-NDIS-TAPI-Treiber: System32\DRIVERS\ndistapi.sys (manual start)
NDIS-Benutzermodus-E/A-Protokoll: System32\DRIVERS\ndisuio.sys (manual start)
RAS-NDIS-WAN-Treiber: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS-Schnittstelle: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Netzwerk-DDE-Dienst: %SystemRoot%\system32\netdde.exe (manual start)
Netzwerk-DDE-Serverdienst: %SystemRoot%\system32\netdde.exe (manual start)
NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)
Anmeldedienst: %SystemRoot%\System32\lsass.exe (manual start)
Netzwerkverbindungen: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT-LM-Sicherheitsdienst: %SystemRoot%\System32\lsass.exe (manual start)
Wechselmedien: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Filtertreiber für IPX-Verkehr: System32\DRIVERS\nwlnkflt.sys (manual start)
Treiber für IPX-Verkehrsweiterleitung: System32\DRIVERS\nwlnkfwd.sys (manual start)
Microsoft USB-Open Host-Controllertreiber: System32\DRIVERS\openhci.sys (manual start)
Office Source Engine: E:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (manual start)
Parallelklassentreiber: System32\DRIVERS\parallel.sys (manual start)
Treiber für parallelen Anschluss: System32\DRIVERS\parport.sys (system)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Plug & Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC-Richtlinienagent: %SystemRoot%\System32\lsass.exe (autostart)
WAN-Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Geschützter Speicher: %SystemRoot%\system32\services.exe (autostart)
Treiber für direkte Parallelverbindung: System32\DRIVERS\ptilink.sys (manual start)
Treiber für automatische RAS-Verbindung: System32\DRIVERS\rasacd.sys (system)
Verwaltung für automatische RAS-Verbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN-Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
RAS-Verbindungsverwaltung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Parallelanschluss (direkt): System32\DRIVERS\raspti.sys (manual start)
Microsoft Streaming Network-RCA (Raw Channel Access): system32\drivers\RCA.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
Filtertreiber für digitale CD-Audiowiedergabe: System32\DRIVERS\redbook.sys (system)
Routing und RAS: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote-Registrierungsdienst: %SystemRoot%\system32\regsvc.exe (autostart)
RPC-Locator: %SystemRoot%\System32\locator.exe (manual start)
Remoteprozeduraufruf (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe -s (manual start)
SIMATIC IEPG Help Service: C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe (autostart)
Siemens PC/PPI Cable: System32\Drivers\S7oppilx.sys (manual start)
s7oppitx: \SystemRoot\System32\Drivers\S7oppitx.sys (manual start)
s7otranx: \SystemRoot\System32\Drivers\S7otranx.sys (autostart)
Sicherheitskontenverwaltung: %SystemRoot%\system32\lsass.exe (autostart)
Smartcard-Hilfsprogramm: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smartcard: %SystemRoot%\System32\SCardSvr.exe (manual start)
Taskplaner: %SystemRoot%\system32\MSTask.exe (autostart)
Dienst "Ausführen als": %SystemRoot%\system32\services.exe (autostart)
Systemereignisbenachrichtigung: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum-Filtertreiber: System32\DRIVERS\serenum.sys (manual start)
Treiber für seriellen Anschluss: System32\DRIVERS\serial.sys (system)
Service: E:\WINNT\system32\Service.exe (autostart)
Gemeinsame Nutzung der Internetverbindung: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
SiS AGP Filter: System32\DRIVERS\SISAGPx.sys (system)
SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
SIMATIC Industrial Ethernet (ISO): system32\DRIVERS\sntie.sys (autostart)
Druckwarteschlange: %SystemRoot%\system32\spoolsv.exe (autostart)
SQLAgent$WINCCFLEXIBLE: E:\Programme\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlagent.EXE -i WINCCFLEXIBLE (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
TerraCAM USB: system32\drivers\STV673.sys (manual start)
Software-Bus-Treiber: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetablesynthesizer: system32\drivers\swmidi.sys (manual start)
SymEvent: \??\E:\Programme\Symantec\SYMEVENT.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
Microsoft System-Audiogerät: system32\drivers\sysaudio.sys (manual start)
Leistungsdatenprotokolle und Warnungen: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telefonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP-Protokolltreiber: System32\DRIVERS\tcpip.sys (system)
Telnet: %SystemRoot%\system32\tlntsvr.exe (manual start)
Überwachung verteilter Verknüpfungen (Client): %SystemRoot%\system32\services.exe (autostart)
Microcode Aktualisierungstreiber: System32\DRIVERS\update.sys (manual start)
Unterbrechungsfreie Spannungsversorgung: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
Microsoft USB-Standardhubtreiber: System32\DRIVERS\usbhub.sys (manual start)
USB 2.0 Root Hub Support: System32\DRIVERS\usbhub20.sys (manual start)
USB-Massenspeichertreiber: System32\DRIVERS\USBSTOR.SYS (manual start)
Hilfsprogramm-Manager: %SystemRoot%\System32\UtilMan.exe (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Windows-Zeitgeber: %SystemRoot%\System32\services.exe (manual start)
RAS-IP-ARP-Treiber: System32\DRIVERS\wanarp.sys (manual start)
Treiber für Microsoft WINMM-WDM-Audiokompatibilität: system32\drivers\wdmaud.sys (manual start)
Windows-Verwaltungsinstrumentation: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart)
WMDM PMSP Service: E:\WINNT\system32\mspmspsv.exe (autostart)
Dienst für Seriennummern der tragbaren Medien: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows-Verwaltungsinstrumentations-Treibererweiterungen: %SystemRoot%\system32\Services.exe (manual start)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatische Updates: %systemroot%\system32\svchost.exe -k wugroup (autostart)
Drahtloskonfiguration: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: E:\WINNT\system32\NETSHELL.dll
SysTray: stobject.dll
WebCheck: E:\WINNT\system32\webcheck.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 29.532 bytes
Report generated in 0,094 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

@wolf332

poste bitte ein HJT logfile nach dieser anleitung
http://www.trojaner-board.de/showthread.php?t=17493

chaosman

Habe ich doch schon gemacht!! ist kein h**P drin und persönliches ist drausen !! was stimmt denn nicht