Trojaner-Board - TR/Crypt.XPACK.Gen Trojaner im System gefunden

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - TR/Crypt.XPACK.Gen Trojaner im System gefunden (https://www.trojaner-board.de/68514-tr-crypt-xpack-gen-trojaner-system-gefunden.html)

12. teil:

1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2428] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2428] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, FF, 83 ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2428] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\ehome\mcrdsvc.exe[2428] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, FF, 84 ]
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Programme\Windows Media Player\wmpnetwk.exe[2568] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2748] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\alg.exe[2748] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, FF, 83 ]
.text C:\WINDOWS\System32\alg.exe[2748] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[2748] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\alg.exe[2748] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 7D, 84 ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Programme\Home Cinema\TV Enhance\TVEService.exe[3008] ole32.dll!OleRegEnumVerbs + 166 7754810C 2 Bytes [ 66, A5 ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]

13. teil:

.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, A7, 84 ]
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe[3036] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 41, 84 ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Programme\Windows Media Player\WMPNSCFG.exe[3288] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 6C, 84 ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe[3408] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 2F, 84 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[3552] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]

der 14. teil:

.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 52, 84 ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\system32\ctfmon.exe[3996] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\ctfmon.exe[3996] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtClose 7C91CFD0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtClose + 4 7C91CFD4 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtCreateFile 7C91D090 1 Byte [ FF ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtCreateFile + 2 7C91D092 1 Byte [ 1E ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtCreateKey 7C91D0D0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtCreateKey + 4 7C91D0D4 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtCreateSection 7C91D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtCreateSection + 4 7C91D164 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtDeleteKey 7C91D230 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtDeleteKey + 4 7C91D234 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtRenameKey 7C91DA40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtRenameKey + 4 7C91DA44 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtSetInformationFile 7C91DC40 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtSetInformationFile + 4 7C91DC44 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtTerminateProcess 7C91DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtTerminateProcess + 4 7C91DE54 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtWriteFile 7C91DF60 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtWriteFile + 4 7C91DF64 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtWriteFileGather 7C91DF70 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtWriteFileGather + 4 7C91DF74 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtWriteVirtualMemory 7C91DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[4092] ntdll.dll!NtWriteVirtualMemory + 4 7C91DF94 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\Explorer.EXE[4092] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes [ 43, E4, 59, 84 ]
.text C:\WINDOWS\Explorer.EXE[4092] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\Explorer.EXE[4092] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\Explorer.EXE[4092] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F2E0F5A

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7311040] spdy.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F731113C] spdy.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73110BE] spdy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73117FC] spdy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73116D2] spdy.sys
IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\an041ex1.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\an041ex1.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\an041ex1.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7321048] spdy.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7143DB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7143D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F7143CB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F7143B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F7143B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7143D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7143DB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F7143CB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F7143B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F7143CB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7143DB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7143D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7143DB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7143D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7143B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7143CB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F7143B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7143D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7143DB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F7143DB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F7143D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F7143CB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F7143B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F7143B30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F7143CB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7143DB0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7143D50] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

und der letzte teil des gmer logs (endlich):

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 86FD51F8
Device \FileSystem\Fastfat \FatCdrom 8695A500
Device \Driver\usbstor \Device\0000008f 8695B500
Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 86CB51F8
Device \Driver\PCI_PNP7952 \Device\00000051 spdy.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F671F8
Device \Driver\dmio \Device\DmControl\DmConfig 86F671F8
Device \Driver\dmio \Device\DmControl\DmPnP 86F671F8
Device \Driver\dmio \Device\DmControl\DmInfo 86F671F8
Device \Driver\usbuhci \Device\USBPDO-1 86CB51F8
Device \Driver\usbuhci \Device\USBPDO-2 86CB51F8
Device \Driver\usbuhci \Device\USBPDO-3 86CB51F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{AD474FDF-275F-4818-B9F3-B7D031457C16} 86B73500
Device \Driver\usbehci \Device\USBPDO-4 86C871F8
Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\sptd \Device\3568485452 spdy.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD71F8
Device \Driver\Cdrom \Device\CdRom0 86CBB1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD71F8
Device \Driver\Cdrom \Device\CdRom1 86CBB1F8
Device \Driver\Cdrom \Device\CdRom2 86CBB1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86B73500
Device \Driver\usbstor \Device\00000091 8695B500
Device \Driver\NetBT \Device\NetbiosSmb 86B73500
Device \Driver\usbstor \Device\00000092 8695B500
Device \Driver\usbstor \Device\00000093 8695B500
Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\usbuhci \Device\USBFDO-0 86CB51F8
Device \Driver\usbuhci \Device\USBFDO-1 86CB51F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86BB7500
Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\usbuhci \Device\USBFDO-2 86CB51F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86BB7500
Device \Driver\usbuhci \Device\USBFDO-3 86CB51F8
Device \Driver\usbehci \Device\USBFDO-4 86C871F8
Device \Driver\Ftdisk \Device\FtControl 86FD71F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{02356E98-FF34-4314-AAE7-EA7016E8BAD1} 86B73500
Device \Driver\an041ex1 \Device\Scsi\an041ex11 86C751F8
Device \Driver\an041ex1 \Device\Scsi\an041ex11Port3Path0Target0Lun0 86C751F8
Device \FileSystem\Fastfat \Fat 8695A500

AttachedDevice \FileSystem\Fastfat \Fat FLTMGR.SYS (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 86A25500

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0A 0x48 0x28 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x53 0xA8 0x36 0xB0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA7 0xED 0xE2 0xEF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0A 0x48 0x28 0x86 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x53 0xA8 0x36 0xB0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA7 0xED 0xE2 0xEF ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION E4C496E5198B0293A9D1FAA92C0BC34DBE0C91848A543890DFFE784C948B9D9D579975F1354630CFF9BE460F24C47C152D26FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFE BC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E6678EDD5E5BE2F6E667A2D97226D213B555FC993073F05E6C6651F9B35C4107D82C12672119 EB71B36AADC92CD990AF4DFC23E83A44B7B8A9BB4F7D23B1245B055B4E9A09B2BB13F61864DE38ED7C1C92C0847A98410666AC7D5704AEBF2C501B74DD9B35779FB0973A9C5F360D243725 1261B1C39E57160EFE09CC3A01867EEA2360260FC8967141EE1825389DF6D4A8A5BC2498682C668A2BC7CA884765756B253D2BE65A216FC169DC3D36D966BD64C2DC9DD6FC07ED04FD3B26 C5B4FAB6B54C1C50ED36C53B8C71B4EA0CCEE8ACC4C6CD1CA38EEFB6FD0A51BA7D42823988006AEDBAB88DD638622D22F95F7AD3D9A05DD2872672BB23F3B91821BAB665C4B9D88E479287 3A012A990DA14099D45755A0A66D1C9EEEBEF3E80007BE589971875D74F249C2CD444D10098A7BC749157DED33A72087B4C258946C67C0AC28378C319300B3D6F30664E928226F8C3C0FC4 5FC7E835456743823C07600BFC58E4FED19514015D7E6B9746AE364D722EE56CD4E4CA31F2D2F9E71EAF73B694626DA7FE543B30F2B2C1A88697791A081
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@j!s!i!`!r!`!e!d!\30!\30!t!e!s!m!s!y! 71230

---- EOF - GMER 1.0.14 ----

nun der blacklight log:

01/13/09 22:30:44 [Info]: BlackLight Engine 2.2.1092 initialized
01/13/09 22:30:44 [Info]: OS: 5.1 build 2600 (Service Pack 3)
01/13/09 22:30:44 [Note]: 7019 4
01/13/09 22:30:44 [Note]: 7005 0
01/13/09 22:30:49 [Note]: 7006 0
01/13/09 22:30:49 [Note]: 7011 4092
01/13/09 22:30:49 [Note]: 7035 0
01/13/09 22:30:49 [Note]: 7026 0
01/13/09 22:30:49 [Note]: 7026 0
01/13/09 22:30:52 [Note]: FSRAW library version 1.7.1024
01/13/09 23:19:44 [Note]: 7007 0

_________________________________________________________________

und hier der highjackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:10:06, on 14.01.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\Spyware Doctor\pctsAuxs.exe
C:\Programme\Spyware Doctor\pctsSvc.exe
C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Programme\Windows Media Player\wmpnetwk.exe
C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\SMSC\SetIcon.exe
C:\Programme\Home Cinema\TV Enhance\TVEService.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
C:\Programme\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Media Player\WMPNSCFG.exe
C:\Programme\Exif Launcher\QuickDCF.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\WinRAR\WinRAR.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SetIcon] \Programme\SMSC\SetIcon.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Programme\Home Cinema\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TVEService] "C:\Programme\Home Cinema\TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ISTray] "C:\Programme\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Programme\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programme\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Exif Launcher.lnk = C:\Programme\Exif Launcher\QuickDCF.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programme\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160402350437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161001832152
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: T-Online WLAN Adapter Steuerungsdienst (MZCCntrl) - Deutsche Telekom AG, Marmiko IT-Solutions GmbH - C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 10048 bytes

was ist nun? ist alles in ordnung, oder versteckt sich irgendwo etwas bösartiges?

Hey ;)

ComboFix

Lade dir das Tool hier herunter auf den Desktop -> KLICK

Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:

Schliesse alle Anwendungen und Programme, vor allem deine Antiviren-Software und andere Hintergrundwächter, sowie deinen Internetbrowser.
Vermeide es auch explizit während das Combofix läuft die Maus und Tastatur zu benutzen.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Starte nun die combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen und lass dein System durchsuchen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte abkopieren und in deinen Beitrag einfügen. Das log findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten.

(ausführliche Anleitung -> Ein Leitfaden und Tutorium zur Nutzung von ComboFix)

ok, hier ist mein combo-fix log:

ComboFix 09-01-15.01 - Ritzi 2009-01-16 12:53:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1031.18.2046.1481 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Ritzi\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated)

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

((((((((((((((((((((((( Dateien erstellt von 2008-12-16 bis 2009-01-16 ))))))))))))))))))))))))))))))
.

2009-01-14 17:33 . 2009-01-14 17:33 <DIR> d-------- c:\programme\Lavalys
2009-01-13 23:23 . 2009-01-13 23:23 250 --a------ c:\windows\gmer.ini
2009-01-13 22:28 . 2009-01-13 22:30 <DIR> d-------- c:\programme\blacklight
2009-01-13 19:04 . 2009-01-13 19:04 <DIR> d-------- c:\programme\IObit
2009-01-13 19:04 . 2009-01-13 19:10 <DIR> d-------- c:\dokumente und einstellungen\Ritzi\Anwendungsdaten\IObit
2008-12-23 19:34 . 2008-12-23 19:34 <DIR> d-------- C:\Downloads
2008-12-18 20:02 . 2008-12-18 20:02 <DIR> d--h----- c:\programme\InstallShield Installation Information
2008-12-18 20:02 . 2008-12-18 20:02 <DIR> d-------- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Fallout3
2008-12-18 20:01 . 2008-12-18 20:01 <DIR> d-------- c:\programme\Bethesda Softworks
2008-12-18 20:00 . 2008-12-18 20:00 <DIR> d-------- c:\programme\MSBuild
2008-12-18 19:58 . 2008-12-18 19:58 <DIR> d-------- c:\windows\system32\XPSViewer
2008-12-18 19:58 . 2008-12-18 19:58 <DIR> d-------- c:\programme\Reference Assemblies
2008-12-18 19:57 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2008-12-18 19:56 . 2008-12-18 19:56 <DIR> d-------- c:\windows\system32\xlive
2008-12-18 19:56 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-12-18 19:56 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2008-12-18 19:56 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll
2008-12-18 19:49 . 2008-12-18 19:49 <DIR> d-------- c:\programme\DAEMON Tools Toolbar
2008-12-18 19:49 . 2008-12-19 12:23 <DIR> d-------- c:\programme\DAEMON Tools Lite
2008-12-18 19:18 . 2008-12-18 19:18 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2008-12-18 19:17 . 2008-12-18 19:17 <DIR> d-------- c:\dokumente und einstellungen\Ritzi\Anwendungsdaten\DAEMON Tools

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 11:42 --------- d---a-w c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2009-01-15 18:52 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2009-01-15 13:06 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2009-01-14 15:40 --------- d-----w c:\programme\Spyware Doctor
2009-01-13 17:50 --------- d-----w c:\programme\QuickTime
2009-01-11 11:01 --------- d-----w c:\programme\QIP Infium
2009-01-11 10:57 --------- d-----w c:\programme\CCleaner
2009-01-11 10:55 --------- d-----w c:\programme\qip
2008-12-26 23:32 --------- d-----w c:\dokumente und einstellungen\Ritzi\Anwendungsdaten\CyberLink
2008-12-20 13:38 --------- d-----w c:\programme\Games
2008-12-20 13:38 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan
2008-12-18 18:55 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 18:22 --------- d-----w c:\dokumente und einstellungen\Ritzi\Anwendungsdaten\QIP
2008-11-28 12:24 --------- d-----w c:\programme\iTunes
2008-11-28 12:24 --------- d-----w c:\programme\iPod
2008-11-28 12:24 --------- d-----w c:\programme\Gemeinsame Dateien\Apple
2008-11-28 12:24 --------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-20 14:58 16,438 ----a-w c:\dokumente und einstellungen\Ritzi\Anwendungsdaten\wklnhst.dat
2008-11-18 19:05 --------- d-----w c:\programme\Shutter
2008-10-28 19:06 729,088 ----a-w c:\windows\GPInstall.exe
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:04 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2006-10-09 11:55 8 --sh--r c:\windows\system32\EC23ACB85A.sys
2006-10-09 11:55 4,704 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-27 11:18 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008082720080828\index.dat
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="c:\programme\Valve\Steam\Steam.exe" [2008-10-10 1410296]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Advanced SystemCare 3"="c:\programme\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SetIcon"="\Programme\SMSC\SetIcon.exe" [2004-04-28 42496]
"LanguageShortcut"="c:\programme\Home Cinema\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"TVEService"="c:\programme\Home Cinema\TV Enhance\TVEService.exe" [2006-10-19 151552]
"InstantOn"="c:\programme\CyberLink\PowerCinema Linux\ion_install.exe" [2006-06-21 93640]
"avgnt"="c:\programme\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 266497]
"ToADiMon.exe"="c:\programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2007-02-15 282624]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-02-24 2372760]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-09 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"T-Online_Software_6\WLAN-Access Finder"="c:\programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2007-01-17 651316]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Exif Launcher.lnk - c:\programme\Exif Launcher\QuickDCF.exe [2007-01-01 184320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-03-05 17:36 140976 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\HOMECI~1\MAGICD~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
--a------ 2007-12-23 00:03 916240 c:\programme\Eraser\Eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 10:34 5724184 c:\programme\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2006-11-24 01:06 487424 c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVBroadcast]
--a------ 2006-10-19 23:43 814080 c:\programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2008-05-02 05:15 15872 c:\programme\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowBlinds]
--a------ 2005-11-22 00:21 94208 c:\programme\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programme\\NetMeeting\\Conf.exe"=
"c:\\Programme\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Programme\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"c:\\Programme\\Valve\\Steam\\Steam.exe"=
"c:\\Programme\\qip\\qip.exe"=
"c:\\Programme\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\oldfieldfrippandhismagicalstardustlauriestripes\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Programme\\TmNationsForever\\TmForever.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Valve\\Steam\\SteamApps\\ritzii_xd_erdnuss\\condition zero deleted scenes\\hl.exe"=

R0 pxark;pxark;c:\windows\system32\drivers\pxark.sys [2008-10-12 25400]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2006-10-10 11264]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2006-10-17 1105664]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-10-23 7040]
R4 MZCCntrl;T-Online WLAN Adapter Steuerungsdienst;c:\programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [2006-12-07 61440]
R4 srvcPVR;Sceneo PVR Service;c:\programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe [2006-10-31 1441280]
R4 SVKP;SVKP;c:\windows\system32\SVKP.sys [2007-02-18 2368]
R4 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2006-10-23 282709]
R4 TVESched;TVEnhance Task Scheduler (TTS));c:\programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [2006-10-23 122971]
S3 DMSKSSRh;DMSKSSRh;\??\c:\dokume~1\Ritzi\LOKALE~1\Temp\DMSKSSRh.sys --> c:\dokume~1\Ritzi\LOKALE~1\Temp\DMSKSSRh.sys [?]
S3 MACNDIS5;MACNDIS5 NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MACNDIS5.SYS [2006-12-07 17280]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-10-12 38528]
S3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-12-07 17152]
S3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-12-07 17536]
S3 sdAuxService;PC Tools Auxiliary Service;c:\programme\Spyware Doctor\pctsAuxs.exe [2008-10-13 356920]
S4 CSIScanner;CSIScanner;"c:\programme\PrevxCSI\prevxcsi.exe" /service --> c:\programme\PrevxCSI\prevxcsi.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Inhalt des "geplante Tasks" Ordners

2008-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com/
uDefault_Search_URL = hxxp://search.qip.ru
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\Ritzi\Anwendungsdaten\Mozilla\Firefox\Profiles\f5y96i87.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/default
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\programme\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - plugin: c:\programme\Java\jre1.5.0_08\bin\NPJava11.dll
FF - plugin: c:\programme\Java\jre1.5.0_08\bin\NPJava12.dll
FF - plugin: c:\programme\Java\jre1.5.0_08\bin\NPJava13.dll
FF - plugin: c:\programme\Java\jre1.5.0_08\bin\NPJava14.dll
FF - plugin: c:\programme\Java\jre1.5.0_08\bin\NPJava32.dll
FF - plugin: c:\programme\Java\jre1.5.0_08\bin\NPJPI150_08.dll
FF - plugin: c:\programme\Java\jre1.5.0_08\bin\NPOJI610.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 12:54:02
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"7040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="E4C496E5198B0293A9D1FAA92C0BC34DBE0C91848A543890DFFE784C948B9D9D579975F1354630CFF9BE460F24C47C152D26FEBC9E127BECC74C FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E6678EDD5E5BE2F6E667A2D97226D213B555FC9930 73F05E6C6651F9B35C4107D82C12672119EB71B36AADC92CD990AF4DFC23E83A44B7B8A9BB4F7D23B1245B055B4E9A09B2BB13F61864DE38ED7C1C92C0847A98410666AC7D5704AEBF2C50 1B74DD9B35779FB0973A9C5F360D2437251261B1C39E57160EFE09CC3A01867EEA2360260FC8967141EE1825389DF6D4A8A5BC2498682C668A2BC7CA884765756B253D2BE65A216FC169DC 3D36D966BD64C2DC9DD6FC07ED04FD3B26C5B4FAB6B54C1C50ED36C53B8C71B4EA0CCEE8ACC4C6CD1CA38EEFB6FD0A51BA7D42823988006AEDBAB88DD638622D22F95F7AD3D9A05DD28726 72BB23F3B91821BAB665C4B9D88E4792873A012A990DA14099D45755A0A66D1C9EEEBEF3E80007BE589971875D74F249C2CD444D10098A7BC749157DED33A72087B4C258946C67C0AC2837 8C319300B3D6F30664E928226F8C3C0FC45FC7E835456743823C07600BFC58E4FED19514015D7E6B9746AE364D722EE56CD4E4CA31F2D2F9E71EAF73B694626DA7FE543B30F2B2C1A88697 791A08145C4773C2C9C0B1384291BE7B06B445746467BDE261163A4E75E9518F0532E0545A3E9E4B44E0234D1F1CE5AFE0C76232852ED885DADC597F1CC210F7D3C012CBECCD849D81E4EF 39B4399F4AB20A46AF2D035D34DC01F7E7EA2EF1E6444836CAC207138B28F3449C4AAF3EF78BE4CBF7DE809A9A83D1C420BCBBE8251B9FED94310DFC1B4588CE844F55529EE119D489BE54 A61ACA75F132110F2AB17D6ED961AE97BA87C8F04478D31BB7558D3B46D598425C4897E3359E8A5F303CFA34225E57F486BF8751DBF00C0108E5CD328742591ED6EB2EEA47D6EFF6BA2CFE 4370A9EB83DFE5391F505B511BA3D1C2B9852A92547702BA2A66422CB54A195EBF7358CFB80951FAA5E1962093AFCC7261B25AF962E3BACA97D3BB4E8F255150245EF10B9C0B0BCC04D4FA 1B2814BBC60E0195EAD9067CCFFAD593090BD5D7F03DE7F3494AAE52942B70CE05A97C3D0C76EB1162E209DE2271368BB3442ADFBF2FC9CC5AF2061918E400D047FCD91FF2A56DF783B5DE ACFAEBC1DAC9E8B4559E6DC2E1B25CE10706C9D331EF9C5FE5937D87E712A13DE8F8AEC92D683ECB525643970A69DC59F5EC493F94AD9406486531BE7378891E469E532521539909AB91CD 8B113BDFC8744326991557860AB146C61C9E45623DAE5246AD4972E7CA6660FE6CB788E8CFC5DE77BE3FE528EAC1781CAB652AB61B3D5EC7BFADCFA633B9359B8732"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
Zeit der Fertigstellung: 2009-01-16 12:55:24
ComboFix-quarantined-files.txt 2009-01-16 11:55:22
ComboFix2.txt 2009-01-16 11:48:38

Vor Suchlauf: 13 Verzeichnis(se), 178.399.776.768 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 178,382,991,360 Bytes frei

221 --- E O F --- 2009-01-14 17:22:39

und, wie siehts aus? alles sauber oder irgendwo ein virus?

hallo? ich hoffe mal ihr habt mich nicht vergessen...

hallo? was soll das denn? wieso wird man hier einfach im stich gelassen?