TR/Crypt.ZPACK.Gen C:\WINDOWS\Temp\uagx.tmp\svchost.exe

Mike85 · 30.04.2010, 21:44

Antivir springt bei mir alle 3 Minuten auf wegen TR/Crypt.ZPACK.Gen was immer in verschiedenen Ordnern unter C:\WINDOWS\Temp\uagx.tmp\svchost.exe erscheint. Die Buchstaben vor .tmp ändern sich dabei ständig.

Zusätzlich öffnet mein Browser (Firefox) gelegentlich Seiten von ganz alleine in neuen Tabs.

Kurzes Vorwort: Antivir, Mbam, Spybot SD, Adware und so weiter konnten das Problem nicht beheben, ich hoffe ihr könnt es

RSIT log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mike at 2010-04-30 22:25:06
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 11 GB (38%) free of 30 GB
Total RAM: 2047 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:23, on 30.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\RunDLL32.exe
E:\Sandboxie\SbieCtrl.exe
D:\Programme\S-AntiSpy\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programme\Avira\AntiVir Desktop\avguard.exe
D:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe
D:\Programme\Hamachi\hamachi-2.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
E:\Sandboxie\SbieSvc.exe
C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
D:\Programme\Gamma Control\Gammacontrol.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\svchost.exe
D:\Programme\Firefox\firefox.exe
C:\Dokumente und Einstellungen\Mike\Desktop\RSIT.exe
D:\Programme\HJT\Mike.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Programme\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [SandboxieControl] "E:\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Programme\S-AntiSpy\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Programme\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Programme\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://D:\Programme\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Programme\Free Download Manager\dllink.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{5FFD95F1-560F-45BC-98AD-50884DDD40D6}: NameServer = 195.50.140.248 195.50.140.114
O20 - Winlogon Notify: !SASWinLogon - D:\Programme\S-AntiSpy\SASWINLO.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - D:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Google Update Service (gupdate1c991de2b712f58) (gupdate1c991de2b712f58) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Programme\Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - E:\Sandboxie\SbieSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 4627 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-01 7618560]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=D:\Programme\Alcohol 52\axcmd.exe [2008-03-20 216520]
"SandboxieControl"=E:\Sandboxie\SbieCtrl.exe [2010-04-14 395496]
"SUPERAntiSpyware"=D:\Programme\S-AntiSpy\SUPERAntiSpyware.exe [2010-03-29 2012912]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
D:\Programme\Photoshop\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-23 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
D:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
C:\Programme\Softwin\BitDefender8\bdmcon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDNewsAgent]
C:\Programme\Softwin\BitDefender8\bdnagent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eicgdvxlqfdnrpi]
C:\WINDOWS\System32\regsvr32.exe [2008-04-14 12288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Programme\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
D:\Programme\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ins3DT]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
E:\Sandboxie\SbieCtrl.exe [2010-04-14 395496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
D:\Programme\Skype\Phone\Skype.exe [2006-06-26 20005928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
D:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
D:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Browser"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
D:\Programme\S-AntiSpy\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=D:\Programme\S-AntiSpy\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoBandCustomize"=0
"NoToolbarCustomize"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoBandCustomize"=
"NoToolbarCustomize"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\DNA\btdna.exe"="C:\Programme\DNA\btdna.exe:*:Enabled

NA"
"D:\Programme\BitTorrent\bittorrent.exe"="D:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"D:\Programme\Skype\Phone\Skype.exe"="D:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Programme\Yahoo Messenger\YahooMessenger.exe"="D:\Programme\Yahoo Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\Programme\Yahoo Messenger\YServer.exe"="D:\Programme\Yahoo Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"E:\Spiele\World of Warcraft\WoW-3.2.0-deDE-downloader.exe"="E:\Spiele\World of Warcraft\WoW-3.2.0-deDE-downloader.exe:*:Enabled:Blizzard Downloader"
"E:\Spiele\World of Warcraft\Launcher.exe"="E:\Spiele\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-04-30 22:25:06 ----D---- C:\rsit
2010-04-29 23:55:26 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RH_Backups
2010-04-29 21:55:02 ----A---- C:\WINDOWS\setuplog.txt
2010-04-29 16:25:14 ----D---- C:\Dokumente und Einstellungen\Mike\Anwendungsdaten\TuneUp Software
2010-04-29 16:24:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
2010-04-29 16:24:26 ----SHD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-29 13:15:10 ----A---- C:\WINDOWS\system32\2cfa0e60.exe
2010-04-29 13:15:00 ----A---- C:\WINDOWS\system32\xyfkzzxrimt.exe
2010-04-29 11:33:46 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2010-04-29 10:32:46 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-04-28 22:07:15 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
2010-04-28 22:07:10 ----D---- C:\Dokumente und Einstellungen\Mike\Anwendungsdaten\SUPERAntiSpyware.com
2010-04-28 21:56:45 ----A---- C:\WINDOWS\SGDetectionTool.dll
2010-04-28 21:56:45 ----A---- C:\WINDOWS\BDTSupport.dll
2010-04-28 21:56:44 ----A---- C:\WINDOWS\PCTBDRes.dll
2010-04-28 21:56:44 ----A---- C:\WINDOWS\PCTBDCore.dll
2010-04-28 21:54:05 ----D---- C:\Programme\Gemeinsame Dateien\PC Tools
2010-04-28 21:54:05 ----D---- C:\Dokumente und Einstellungen\Mike\Anwendungsdaten\PC Tools
2010-04-28 21:54:05 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
2010-04-28 16:39:29 ----D---- C:\Dokumente und Einstellungen\Mike\Anwendungsdaten\Free Download Manager
2010-04-28 16:33:38 ----HDC---- C:\WINDOWS\ie8
2010-04-28 11:26:43 ----D---- C:\Programme\Gemeinsame Dateien\Softwin
2010-04-28 11:07:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-28 11:05:19 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-28 11:05:11 ----D---- C:\Programme\Lavasoft
2010-04-27 09:10:58 ----A---- C:\mbam-error.txt
2010-04-26 22:11:33 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX
2010-04-14 15:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 15:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 15:31:40 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
2010-04-14 15:30:31 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-04-14 15:30:28 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 15:30:24 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 15:30:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 15:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-09 15:06:48 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
2010-04-09 15:06:48 ----AT---- C:\WINDOWS\system32\SIntf32.dll
2010-04-09 15:06:48 ----AT---- C:\WINDOWS\system32\SIntf16.dll
2010-04-09 15:00:23 ----A---- C:\WINDOWS\DIIUnin.exe
2010-04-08 23:14:54 ----RD---- C:\Sandbox
2010-04-08 23:12:37 ----A---- C:\WINDOWS\Sandboxie.ini
2010-04-01 15:44:26 ----A---- C:\WINDOWS\system32\bf3cecf6.dll
2010-03-31 15:38:00 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$

======List of files/folders modified in the last 1 months======

2010-04-30 22:24:45 ----D---- C:\WINDOWS\Temp
2010-04-30 22:16:35 ----D---- C:\WINDOWS\system32\drivers
2010-04-30 21:53:37 ----D---- C:\WINDOWS\system32
2010-04-30 21:53:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-30 21:51:07 ----SD---- C:\WINDOWS\Tasks
2010-04-30 21:49:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-30 21:49:22 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2010-04-30 21:48:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-30 19:33:56 ----A---- C:\YServer.txt
2010-04-30 19:00:12 ----D---- C:\Programme\Gemeinsame Dateien\Blizzard Entertainment
2010-04-30 18:17:15 ----RD---- C:\Programme
2010-04-29 22:11:00 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-04-29 21:55:30 ----A---- C:\WINDOWS\system32\wpa.bak
2010-04-29 21:55:02 ----D---- C:\WINDOWS
2010-04-29 21:49:34 ----HD---- C:\Programme\InstallShield Installation Information
2010-04-29 21:49:33 ----D---- C:\Programme\Gemeinsame Dateien\Panda Software
2010-04-29 21:46:42 ----D---- C:\WINDOWS\system32\wbem
2010-04-29 21:25:27 ----D---- C:\WINDOWS\AppPatch
2010-04-29 21:11:13 ----D---- C:\WINDOWS\Prefetch
2010-04-29 17:41:53 ----D---- C:\Dokumente und Einstellungen\Mike\Anwendungsdaten\Mozilla
2010-04-29 16:40:20 ----SHD---- C:\WINDOWS\Installer
2010-04-29 16:40:20 ----SHD---- C:\Config.Msi
2010-04-29 16:25:28 ----D---- C:\WINDOWS\system32\config
2010-04-29 14:47:14 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2010-04-29 14:47:14 ----HD---- C:\WINDOWS\inf
2010-04-29 14:46:22 ----D---- C:\WINDOWS\WinSxS
2010-04-29 14:28:17 ----A---- C:\WINDOWS\win.ini
2010-04-29 13:52:28 ----SH---- C:\boot.ini
2010-04-29 13:52:28 ----A---- C:\WINDOWS\system.ini
2010-04-29 09:24:02 ----D---- C:\WINDOWS\Debug
2010-04-28 22:54:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-28 22:54:55 ----D---- C:\WINDOWS\system32\de-de
2010-04-28 22:54:55 ----D---- C:\WINDOWS\Help
2010-04-28 22:54:55 ----D---- C:\Programme\Internet Explorer
2010-04-28 22:06:31 ----D---- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2010-04-28 21:54:05 ----D---- C:\Programme\Gemeinsame Dateien
2010-04-28 16:34:41 ----D---- C:\WINDOWS\WBEM
2010-04-28 16:34:34 ----D---- C:\WINDOWS\Media
2010-04-28 14:18:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-28 14:13:18 ----D---- C:\Dokumente und Einstellungen\Mike\Anwendungsdaten\DNA
2010-04-28 11:05:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2010-04-28 09:52:00 ----SHD---- C:\System Volume Information
2010-04-28 09:52:00 ----D---- C:\WINDOWS\system32\Restore
2010-04-27 21:49:59 ----D---- C:\WINDOWS\Cursors
2010-04-27 18:54:43 ----D---- C:\WINDOWS\Minidump
2010-04-15 01:34:27 ----D---- C:\Programme\Google
2010-04-14 15:31:48 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-07 23:48:46 ----SD---- C:\Dokumente und Einstellungen\Mike\Anwendungsdaten\Microsoft
2010-04-06 10:52:56 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\D:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-04-27 96104]
R1 SASDIFSV;SASDIFSV; \??\D:\Programme\S-AntiSpy\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\D:\Programme\S-AntiSpy\SASKUTIL.SYS []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]
R1 Tcpip6;Microsoft IPv6-Protokolltreiber; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 irda;IrDA-Protokoll; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-04-23 26176]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-01 4484608]
R3 irsir;Microsoft serieller Infrarottreiber; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12288]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2008-03-25 54400]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2008-03-25 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2008-02-15 14336]
R3 Rasirda;WAN-Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SASENUM;SASENUM; \??\D:\Programme\S-AntiSpy\SASENUM.SYS []
R3 SbieDrv;SbieDrv; \??\E:\Sandboxie\SbieDrv.sys []
R3 tunmp;Microsoft Tun-Miniportadaptertreiber; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S1 ensqio;ensqio; C:\WINDOWS\system32\DRIVERS\ensqio.sys []
S1 sbpcint4;SB AudioPCI 128; C:\WINDOWS\system32\DRIVERS\sbpcint4.sys []
S3 aanasag2;aanasag2; C:\WINDOWS\system32\drivers\aanasag2.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 glauiad;Lucent USB IAD LAN Modem; C:\WINDOWS\system32\DRIVERS\glauiad.sys [2003-07-22 30373]
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 PavSRK.sys;PavSRK.sys; \??\C:\WINDOWS\system32\PavSRK.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 V0330VID;WebCam Vista; C:\WINDOWS\system32\DRIVERS\V0330Vid.sys [2006-11-03 178913]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6-Hilfsdienst; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Programme\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
R2 AntiVirService;Avira AntiVir Guard; D:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-10-01 185089]
R2 Browser Defender Update Service;Browser Defender Update Service; D:\Programme\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; D:\Programme\Hamachi\hamachi-2.exe [2009-09-16 1074496]
R2 Irmon;Infrarotüberwachung; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2010-04-28 1284840]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-01 155715]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R2 SbieSvc;Sandboxie Service; E:\Sandboxie\SbieSvc.exe [2010-04-14 73960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 YahooAUService;Yahoo! Updater; C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 gupdate1c991de2b712f58;Google Update Service (gupdate1c991de2b712f58); C:\Programme\Google\Update\GoogleUpdate.exe [2009-02-18 133104]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 sdAuxService;PC Tools Auxiliary Service; D:\Programme\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S3 sdCoreService;PC Tools Security Service; D:\Programme\Spyware Doctor\pctsSvc.exe [2010-03-15 1142224]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

poste gleich noch mehr, kriege grad immer "Die Verbindung zum Server wurde zurückgesetzt, während die Seite geladen wurde." wenn ich versuche zu posten.

kann weiterhin nicht posten, könnte sich jemand über private nachrichten melden wegen dem trojaner dings da? was anderes fällt mir grad nicht ein solang ich nicht posten kann (was für ne blöde situation).

cosinus · 01.05.2010, 19:06

Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

TR/Crypt.ZPACK.Gen C:\WINDOWS\Temp\uagx.tmp\svchost.exe

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.ZPACK.Gen C:\WINDOWS\Temp\uagx.tmp\svchost.exe

TR/Crypt.ZPACK.Gen C:\WINDOWS\Temp\uagx.tmp\svchost.exe

TR/Crypt.ZPACK.Gen C:\WINDOWS\Temp\uagx.tmp\svchost.exe

Ähnliche Themen: TR/Crypt.ZPACK.Gen C:\WINDOWS\Temp\uagx.tmp\svchost.exe