Prunnet.exe auch bei mir

Corey316 · 27.12.2008, 15:51

Hi, ich hab diese beiden Dateien (prunnet.exe, gopapodu.dll) per PE CD gelöscht, nun ist mein eigentliches Problem noch nicht verschwunden, und zwar wird bekannterweise bei AntiVir Personal Edition der Dienst des Guards gestoppt. Ich starte ihn halt wieder und dann läuft er. Aber dennoch ist mein System befallen, vielleicht findet ihr was und kennt ne Lösung. Der Trojan.Vundo wird in einer Form mit Sicherheit dabei sein, zumal ich beim start ne Meldung bekomme das eben die gopapodu.dll nicht gefunden wurde, sprich irgendwo muss noch was eingetragen sein, sodass etwas mitstartet. Vielleicht in der win.ini? Ich werd mal nachsehen, hab Spybot S&D durchlaufen lassen und er hat auch n paar wenige Probs gefunden und behoben, jedoch immer noch nicht alles. Ich bedanke mich schon mal für die Hilfe.
Hier meine HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:50, on 27.12.2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
E:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
E:\Program Files (x86)\Java\jre6\bin\jqs.exe
E:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
E:\WINDOWS\SysWOW64\PnkBstrA.exe
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
E:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
E:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
E:\WINDOWS\SysWOW64\ctfmon.exe
E:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
E:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
E:\Program Files (x86)\Java\jre6\bin\jusched.exe
E:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
E:\Program Files (x86)\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Stone Cold\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ht*p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ht*p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ht*p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ht*p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ht*p://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\PROGRA~2\ICQTOO~1\toolbaru.dll
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - E:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {f6ed0010-3c29-4b6f-a4fa-e8da3d0f3926} - E:\WINDOWS\SysWow64\kabujupe.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - E:\PROGRA~2\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [avgnt] "E:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [tanojupape] Rundll32.exe "E:\WINDOWS\system32\gopapodu.dll",s
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [RGSC] D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://E:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files (x86)\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files (x86)\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'e:\windows\system32\nwprovau.dll' missing
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O20 - AppInit_DLLs: E:\WINDOWS\system32\wotitiha.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - E:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - E:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - E:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - E:\WINDOWS\system32\services.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - E:\Program Files (x86)\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - E:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - E:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files (x86)\Java\jre6\bin\jqs.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - E:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - E:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - E:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - E:\WINDOWS\system32\services.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - E:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - E:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - E:\WINDOWS\System32\TuneUpDefragService.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - E:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - E:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - E:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 8615 bytes

Prunnet.exe auch bei mir

Log-Analyse und Auswertung: Prunnet.exe auch bei mir

Prunnet.exe auch bei mir

Ähnliche Themen: Prunnet.exe auch bei mir