Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   nervende PopUps und Start Probleme (https://www.trojaner-board.de/37703-nervende-popups-start-probleme.html)

geheim 05.04.2007 13:01
nervende PopUps und Start Probleme
 
Hi,
ich habe mir gestern den VirtuMonde eingefangen, den ich mit Spyware Doctor erfolgreich entfernen konnte. Nun bekomme ich aber noch ununterbrochen PopUps von z.B. "DriveCleaner" oder "WinAntiVirPro 2007".
Außerdem startet mein PC nur noch sehr sehr langsam und mein Dokumente Ordner öffnet sich bei jedem Start, was ich natürlich nicht will.
Ich habe Windows Vista Ultimate

Hier ist mein HijackThis Logfile:

Code:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:00:35, on 05.04.2007
Platform: Windows Vista  (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Programme\Windows Defender\MSASCui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Programme\Java\jre1.5.0_11\bin\jusched.exe
C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programme\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\Speech\Common\sapisvr.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
J:\neko95\NEKO95.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Programme\Spyware Doctor\svcntaux.exe
C:\Programme\Spyware Doctor\swdsvc.exe
J:\Downloads\Alcohol 120%\Alcohol120%\Alcohol 1.9.6 Programm\Alcohol 120\StarWind\StarWindService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Programme\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Programme\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\taskeng.exe
C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Programme\internet explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Ludwig\Desktop\Virus entfernen\HiJackThis_v2.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wikipedia.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\Windows\system32\wvipabii.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [] C:\Windows\explorer.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\Windows\system32\iyoomvep.dll",setvm
O4 - HKLM\..\Run: [SDTray] "C:\Programme\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Startup: NEKO95.lnk = J:\neko95\NEKO95.EXE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - L:\Programme\Ahead\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Programme\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - Unknown owner - C:\Programme\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Windows\

--
End of file - 8568 bytes
Ich hoffe ihr könnt mir helfen!!!
Danke schonmal!!!

geheim

Mellosun 05.04.2007 13:38
Hallo,

neues BS und schon wieder verseucht....wie macht man das nur?

OK, lasse erstmal folgende Datei/en bei jotti oder Virustotal auswerten!

C:\Windows\system32\wvipabii.dll
C:\Windows\system32\iyoomvep.dll
J:\neko95\NEKO95.EXE

Poste das gesamte Ergebnis, auch wenn nichts gefunden wird!
Link in meiner SIG!


Gruß Mello

geheim 05.04.2007 15:17
Ja ich frag mich des auch warum mein neues BS schon wieder verseucht ist :)

Okay also hier die Scan Ergebnisse der Dateien bei VirusTotal

wvipabii.dll

Code:
Complete scanning result of "wvipabii.dll", received in VirusTotal at 04.05.2007, 16:01:16 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.5.0 04.05.2007  no virus found
AntiVir 7.3.1.48 04.05.2007 TR/Vundo.Gen
Authentium 4.93.8 04.04.2007 W32/Trojan.YJH
Avast 4.7.936.0 04.05.2007  no virus found
AVG 7.5.0.447 04.04.2007 Generic3.QLS
BitDefender 7.2 04.05.2007 Trojan.BHO.G
CAT-QuickHeal 9.00 04.04.2007 Trojan.BHO.g
ClamAV devel-20070312 04.05.2007 Trojan.Packed-7
DrWeb 4.33 04.05.2007 Trojan.Virtumod
eSafe 7.0.15.0 04.05.2007 Win32.BHO.g
eTrust-Vet 30.7.3544 04.05.2007  no virus found
Ewido 4.0 04.05.2007  no virus found
FileAdvisor 1 04.05.2007  no virus found
Fortinet 2.85.0.0 04.05.2007 W32/BHO.G!tr
F-Prot 4.3.1.45 04.04.2007 W32/Trojan.YJH
F-Secure 6.70.13030.0 04.05.2007 Trojan.Win32.BHO.g
Ikarus T3.1.1.3 04.05.2007 Trojan.Virtumod
Kaspersky 4.0.2.24 04.05.2007 Trojan.Win32.BHO.g
McAfee 5001 04.04.2007  no virus found
Microsoft 1.2405 04.05.2007  no virus found
NOD32v2 2169 04.05.2007 Win32/BHO.G
Norman 5.80.02 04.05.2007 W32/BHO.OA
Panda 9.0.0.4 04.05.2007 Spyware/Vundo
Prevx1 V2 04.05.2007  no virus found
Sophos 4.16.0 03.30.2007  no virus found
Sunbelt 2.2.907.0 04.03.2007  no virus found
Symantec 10 04.05.2007 Trojan.Metajuan
TheHacker 6.1.6.085 04.04.2007 Trojan/BHO.g
VBA32 3.11.3 04.04.2007 Trojan.Virtumod
VirusBuster 4.3.7:9 04.05.2007 Adware.Vundo.Gen!Pac.8
Webwasher-Gateway 6.0.1 04.05.2007 Trojan.Vundo.Gen


Aditional Information
File size: 48708 bytes
MD5: b81c1867e6536296adffb2fa5039d9eb
SHA1: 3477e5c096528c249a52d0d9af2ec9f793493f92

iyoomvep.dll

Code:
Complete scanning result of "iyoomvep.dll", received in VirusTotal at 04.05.2007, 16:08:11 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.5.0 04.05.2007 Win-Trojan/Virtumod.123972
AntiVir 7.3.1.48 04.05.2007 ADSPY/Virtumonde.AR.2
Authentium 4.93.8 04.04.2007  no virus found
Avast 4.7.936.0 04.05.2007  no virus found
AVG 7.5.0.447 04.04.2007 Adware Generic.XWU
BitDefender 7.2 04.05.2007 Trojan.Virtumod.JB
CAT-QuickHeal 9.00 04.04.2007 AdWare.Virtumonde.ar (Not a Virus)
ClamAV devel-20070312 04.05.2007 Trojan.Packed-5
DrWeb 4.33 04.05.2007 Trojan.Virtumod
eSafe 7.0.15.0 04.05.2007  no virus found
eTrust-Vet 30.7.3544 04.05.2007  no virus found
Ewido 4.0 04.05.2007  no virus found
FileAdvisor 1 04.05.2007  no virus found
Fortinet 2.85.0.0 04.05.2007 Adware/VirtuMonde
F-Prot 4.3.1.45 04.04.2007  no virus found
F-Secure 6.70.13030.0 04.05.2007  no virus found
Ikarus T3.1.1.3 04.05.2007  no virus found
Kaspersky 4.0.2.24 04.05.2007 not-a-virus:AdWare.Win32.Virtumonde.ar
McAfee 5001 04.04.2007 Vundo
Microsoft 1.2405 04.05.2007  no virus found
NOD32v2 2169 04.05.2007 Win32/Adware.Virtumonde.FT
Norman 5.80.02 04.05.2007 W32/Virtumonde.FVM
Panda 9.0.0.4 04.05.2007 Spyware/Virtumonde
Prevx1 V2 04.05.2007  no virus found
Sophos 4.16.0 03.30.2007  no virus found
Sunbelt 2.2.907.0 04.03.2007  no virus found
Symantec 10 04.05.2007 Trojan Horse
TheHacker 6.1.6.085 04.04.2007 Adware/Virtumonde.ar
VBA32 3.11.3 04.04.2007 OScope.Adware.GVEA.Virtumonde
VirusBuster 4.3.7:9 04.05.2007 Adware.Vundo.Gen!Pac.8
Webwasher-Gateway 6.0.1 04.05.2007 Ad-Spyware.Virtumonde.AR.2


Aditional Information
File size: 123972 bytes
MD5: facf49ce861d8c546f4fc4d86aeb6f6a
SHA1: bc05d45d2d802b83a411641cc63fd1957f393451
neko95.exe

Code:
Complete scanning result of "NEKO95.EXE", received in VirusTotal at 04.05.2007, 16:14:17 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.5.0 04.04.2007 no virus found
AntiVir 7.3.1.48 04.04.2007 no virus found
Authentium 4.93.8 04.04.2007 no virus found
Avast 4.7.936.0 04.04.2007 no virus found
AVG 7.5.0.447 04.04.2007 no virus found
BitDefender 7.2 04.05.2007 no virus found
CAT-QuickHeal 9.00 04.04.2007 no virus found
ClamAV devel-20070312 04.05.2007 no virus found
DrWeb 4.33 04.04.2007 no virus found
eSafe 7.0.15.0 04.04.2007 no virus found
eTrust-Vet 30.7.3543 04.05.2007 no virus found
Ewido 4.0 04.04.2007 no virus found
FileAdvisor 1 04.05.2007 no virus found
Fortinet 2.85.0.0 04.05.2007 no virus found
F-Prot 4.3.1.45 04.04.2007 no virus found
F-Secure 6.70.13030.0 04.05.2007 no virus found
Ikarus T3.1.1.3 04.05.2007 no virus found
Kaspersky 4.0.2.24 04.05.2007 no virus found
McAfee 5001 04.04.2007 no virus found
Microsoft 1.2405 04.05.2007 no virus found
NOD32v2 2168 04.04.2007 no virus found
Norman 5.80.02 04.04.2007 no virus found
Panda 9.0.0.4 04.05.2007 no virus found
Prevx1 V2 04.05.2007 no virus found
Sophos 4.16.0 03.30.2007 no virus found
Sunbelt 2.2.907.0 04.03.2007 no virus found
Symantec 10 04.05.2007 no virus found
TheHacker 6.1.6.085 04.04.2007 no virus found
VBA32 3.11.3 04.04.2007 no virus found
VirusBuster 4.3.7:9 04.04.2007 no virus found
Webwasher-Gateway 6.0.1 04.05.2007 no virus found


Aditional Information
File size: 56320 bytes
MD5: 3c68f4798e24328d3a4a9bdf5e348204
SHA1: 7e2d793439fd6979c452b0a41566148e93158cad
Danke schonmal für deine Hilfe, Mello!!!

lg
geheim


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:43 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129