girlthing | 22.12.2010 11:11 | laptop langsam - 3 viren entdeckt heihei!
könnt ihr mir bitte bei der auswertung helfen?
da mein laptop etwas langsam geht, zusätzlich das security center 3 viren entdeckt hat (trojan.win32.vundo.gen!X; trojan.win32.magalent; exploit.win32.pidief.bn), hab ich mal ein paar scans drüber laufen lassen.
die viren wurden jetzt mal entfernt. der erste HJT Log zeigte ein paar unstimmigkeiten auf.
Runscanner-Log (benutze ausschließlich firefox): Code:
Runscanner logfile hxxp://www.runscanner.net
* = signed file
- = file not found
General info
------------
Computer name : DELL-PC
Creation time : 22.12.2010 10:36:01
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 8.0.7600.16385
OS : Windows 7 Home Premium
OS Build : 7600
OS SP :
RunScanner Version : 2.0.0.50
User Language : Deutsch (Österreich)
User rights : Administrator
Windows folder : C:\Windows
Running processes
-----------------
* C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
* C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
* C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
* C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe (Andrea Electronics Corporation)
* C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
* C:\Windows\System32\services.exe (Microsoft Corporation)
* C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
* C:\Windows\System32\csrss.exe (Microsoft Corporation)
* C:\Windows\System32\csrss.exe (Microsoft Corporation)
* C:\Windows\System32\dwm.exe (Microsoft Corporation)
* C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
* C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
* C:\Windows\System32\hkcmd.exe (Intel Corporation)
* C:\Windows\System32\conhost.exe (Microsoft Corporation)
* C:\Windows\System32\taskhost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
* C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe (IDT, Inc.)
* C:\Windows\System32\igfxsrvc.exe (Intel Corporation)
* C:\Windows\System32\igfxtray.exe (Intel Corporation)
* C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
* C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
* C:\Windows\System32\lsass.exe (Microsoft Corporation)
* C:\Windows\System32\lsm.exe (Microsoft Corporation)
C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
* C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
* C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
* C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
* C:\Windows\System32\igfxpers.exe (Intel Corporation)
* C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
* C:\Users\dell\Downloads\runscanner.exe (Runscanner.net)
* C:\Windows\System32\spoolsv.exe (Microsoft Corporation)
* C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
* C:\Windows\system32\audiodg.exe (Microsoft Corporation)
* C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
* C:\Windows\System32\winlogon.exe (Microsoft Corporation)
* C:\Windows\explorer.exe (Microsoft Corporation)
* C:\Windows\System32\smss.exe (Microsoft Corporation)
* C:\Windows\System32\wininit.exe (Microsoft Corporation)
* C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
* C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
* C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
* C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
Unrated items
-------------
010 C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Machine Debug Manager)
011 * C:\Windows\system32\DRIVERS\Apfiltr.sys (Alps Touch Pad Driver)
011 C:\Windows\System32\Drivers\sptd.sys (sptd)
040 C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) {40c3cc16-7269-4b32-9531-17f2950fb06f}
040 C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.) {91da5e8a-3318-4f8c-b67e-5964de3ab546}
041 C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) {40c3cc16-7269-4b32-9531-17f2950fb06f}
041 C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.) {91da5e8a-3318-4f8c-b67e-5964de3ab546}
045 C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.) {91DA5E8A-3318-4F8C-B67E-5964DE3AB546}
052 C:\Program Files (x86)\Winload\tbWinl.dll (Conduit Ltd.) {40c3cc16-7269-4b32-9531-17f2950fb06f}
052 C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.) {91da5e8a-3318-4f8c-b67e-5964de3ab546}
060 GUID / CLSID not found {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
061 C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll (DivX, Inc.) {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992}
061 C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll (DivX, Inc.) {83238FAE-D346-4E12-8734-D42F7554B3E6}
069 C:\Windows\system32\pdfcmnnt.dll
100 Start Page HKCU : hxxp://start.icq.com/
105 E&xport to Microsoft Excel : res://C:\PROGRA~2\MICROS~2\OFFICE12\EXCEL.EXE/3000
170 {05c22bf3-ff1a-11df-89f8-0025647fec42} : E:\Autorun.exe
173 GUID / CLSID not found {0365FE2C-F183-4091-AC82-BFC39FB75C49}
173 GUID / CLSID not found {B41DB860-64E4-11D2-9906-E49FADC173CA}
173 C:\Program Files\WinRAR\rarext32.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 GUID / CLSID not found {0365FE2C-F183-4091-AC82-BFC39FB75C49}
221 GUID / CLSID not found {B41DB860-64E4-11D2-9906-E49FADC173CA}
221 C:\Program Files\WinRAR\rarext32.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
223 GUID / CLSID not found {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 GUID / CLSID not found {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 GUID / CLSID not found {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
225 GUID / CLSID not found {B41DB860-64E4-11D2-9906-E49FADC173CA}
225 GUID / CLSID not found {B41DB860-64E4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext32.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Program Files\WinRAR\rarext32.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 GUID / CLSID not found {0365FE2C-F183-4091-AC82-BFC39FB75C49}
227 GUID / CLSID not found {B41DB860-64E4-11D2-9906-E49FADC173CA}
227 C:\Program Files\WinRAR\rarext32.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
229 GUID / CLSID not found {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
251 GUID / CLSID not found {B41DB860-64E4-11D2-9906-E49FADC173CA}
251 C:\Program Files\WinRAR\rarext32.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Missing files
-------------
003 C:\Program Files (x86)\Electronic Arts\EADM\Core.exe
011 c:\windows\system32\DRIVERS\Rts516xIR.sys
011 c:\windows\system32\DRIVERS\RtsUCcid.sys
032 rdpclip Malware-Log (der fand keine infizierten objekte): Code:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Datenbank Version: 5375
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
22.12.2010 10:47:09
mbam-log-2010-12-22 (10-47-09).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 224091
Laufzeit: 26 Minute(n), 23 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden) und der HJT-Log, der NACH den scans erneut gemacht wurde. Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:49:19, on 22.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\dell\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
R3 - URLSearchHook: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\tbWinl.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE12\EXCEL.EXE/3000
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6999 bytes gibts noch was zu scannen? bitte um hilfe!
vielen, vielen danke
glg |