Home » Viren, Trojaner & Malware Forum » Trojaner: TR/Vundo.Gen in der Datei pmnlihe.dll » Themenansicht
Trojaner: TR/Vundo.Gen in der Datei pmnlihe.dll |
||
|---|---|---|
| #0
| ||
|
28.09.2006, 17:20
...neu hier
Beiträge: 4 |
||
 
|
|
|
|
29.09.2006, 01:30
Ehrenmitglied
 Beiträge: 29434 |
#2
««
stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html wenn es nicht klappt lade: CCleaner «« Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html «« poste das log http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
30.09.2006, 12:40
...neu hier
Themenstarter Beiträge: 4 |
#3
Datentr„ger in Laufwerk C: ist SYSTEM
Volumeseriennummer: 7826-CA8F Verzeichnis von C:\WINDOWS\system32 30.09.2006 12:22 2.206 wpa.dbl 24.09.2006 03:42 65.536 QuickTimeVR.qtx 24.09.2006 03:42 49.152 QuickTime.qts 19.09.2006 21:29 40.973 pmnlihe.dll 11.09.2006 19:37 8.960.936 MRT.exe 21.08.2006 14:26 16.896 fltlib.dll 21.08.2006 11:14 23.040 fltmc.exe 27.07.2006 15:25 679.424 inetcomm.dll 21.07.2006 10:29 72.704 hlink.dll 14.07.2006 17:38 332.288 netapi32.dll 14.07.2006 17:25 546.304 hhctrl.ocx 14.07.2006 14:51 108.144 GEARAspi.dll 13.07.2006 15:34 8.494.592 shell32.dll 13.07.2006 05:46 63.580 perfc007.dat 13.07.2006 05:46 897.954 PerfStringBackup.INI 13.07.2006 05:46 52.764 perfc009.dat 13.07.2006 05:46 391.000 perfh007.dat 13.07.2006 05:46 380.350 perfh009.dat 05.07.2006 12:55 1.057.792 kernel32.dll Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 7826-CA8F Verzeichnis von C:\DOKUME~1\Mathias\LOKALE~1\Temp 30.09.2006 12:34 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}12785.html 30.09.2006 12:33 512 ~DF2970.tmp 30.09.2006 12:33 16.384 ~DF2967.tmp 30.09.2006 12:33 16.384 ~DF297A.tmp 30.09.2006 12:33 512 ~DF2983.tmp 30.09.2006 12:33 512 ~DF295D.tmp 30.09.2006 12:33 16.384 ~DF2954.tmp 30.09.2006 12:33 512 ~DF294A.tmp 30.09.2006 12:33 16.384 ~DF2941.tmp 30.09.2006 12:33 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}30233.html 30.09.2006 12:32 16.384 ~DFE009.tmp 30.09.2006 12:32 512 ~DFE038.tmp 30.09.2006 12:32 16.384 ~DFE042.tmp 30.09.2006 12:32 16.384 ~DFE02F.tmp 30.09.2006 12:32 512 ~DFE04B.tmp 30.09.2006 12:32 512 ~DFE012.tmp 30.09.2006 12:32 512 ~DFE025.tmp 30.09.2006 12:32 16.384 ~DFE01C.tmp 30.09.2006 12:31 512 ~DF489C.tmp 30.09.2006 12:31 16.384 ~DF485A.tmp 30.09.2006 12:31 512 ~DF4889.tmp 30.09.2006 12:31 16.384 ~DF4880.tmp 30.09.2006 12:31 512 ~DF4863.tmp 30.09.2006 12:31 512 ~DF4876.tmp 30.09.2006 12:31 16.384 ~DF486D.tmp 30.09.2006 12:31 16.384 ~DF4893.tmp 30.09.2006 12:27 498.814 aaahhh.wmv 30.09.2006 12:27 110.226 image.jpg 30.09.2006 12:25 512 ~DF6215.tmp 30.09.2006 12:25 16.384 ~DF620C.tmp 30.09.2006 12:25 16.384 ~DF61F9.tmp 30.09.2006 12:25 512 ~DF61EF.tmp 30.09.2006 12:25 16.384 ~DF61E6.tmp 30.09.2006 12:25 512 ~DF61DC.tmp 30.09.2006 12:25 16.384 ~DF61D3.tmp 30.09.2006 12:25 512 ~DF6202.tmp 30.09.2006 12:23 16.384 ~DF5AA3.tmp 30.09.2006 12:22 16.384 ~DF51A1.tmp 30.09.2006 12:22 512 ~DF51AA.tmp 39 Datei(en) 914.617 Bytes 0 Verzeichnis(se), 2.016.428.032 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 7826-CA8F Verzeichnis von C:\WINDOWS 30.09.2006 12:22 0 0.log 30.09.2006 12:21 2.048 bootstat.dat 29.09.2006 10:05 32.614 SchedLgU.Txt 28.09.2006 14:29 1.409 QTFont.for 28.09.2006 14:29 54.156 QTFont.qfn 25.09.2006 22:05 751 win.ini 25.09.2006 22:05 227 system.ini 25.09.2006 21:55 278 videodeLuxe.INI 20.09.2006 19:14 116 NeroDigital.ini 20.09.2006 07:08 1.643.573 WindowsUpdate.log 07.09.2006 17:28 149 ktel.ini 16.08.2006 21:27 120 SecurityandPrivacy2.ini 09.08.2006 16:51 4.212 ModemLog_Creatix V.9X DSP Data Fax Modem.txt 11.07.2006 22:58 6.335 mozver.dat 11.07.2006 22:57 505 wininit.ini Datentr„ger in Laufwerk C: ist SYSTEM Volumeseriennummer: 7826-CA8F Verzeichnis von C:\ 30.09.2006 12:35 0 sys.txt 30.09.2006 12:35 6.310 system.txt 30.09.2006 12:34 2.244 systemtemp.txt 30.09.2006 12:34 101.174 system32.txt 25.09.2006 22:05 211 boot.ini 19.09.2006 18:58 402.653.184 pagefile.sys |
|
|
|
|
|
|
30.09.2006, 12:45
...neu hier
Themenstarter Beiträge: 4 |
#4
Oh Oh :-)
Was brauchst du denn noch? Cleanup Datei? Hilfe! Ich versteh hier eigentlich nur Bahnhof ich hoffe ich mache alles richtig! C:\WINDOWS\SET3.tmp - deleted C:\WINDOWS\SET7.tmp - deleted C:\WINDOWS\DUMP56f9.tmp - deleted C:\WINDOWS\002416_.tmp - deleted C:\WINDOWS\000001_.tmp - deleted C:\WINDOWS\temp\WGAErrLog.txt - deleted C:\WINDOWS\temp\WGANotify.settings - deleted C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf - deleted C:\WINDOWS\Prefetch\PREUPD.EXE-358AA1C1.pf - deleted C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf - deleted C:\WINDOWS\Prefetch\UPDATE.EXE-13D57D76.pf - deleted C:\WINDOWS\Prefetch\WGATRAY.EXE-0ED38BED.pf - deleted C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf - deleted C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted C:\WINDOWS\Prefetch\THUNDERBIRD.EXE-031A6371.pf - deleted C:\WINDOWS\Prefetch\IPODSERVICE.EXE-233792DA.pf - deleted C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf - deleted C:\WINDOWS\Prefetch\MSNAPPAU.EXE-07C6C34E.pf - deleted C:\WINDOWS\Prefetch\AD-AWARE.EXE-308139F4.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-22CC3761.pf - deleted C:\WINDOWS\Prefetch\LUCOMS~1.EXE-3B58BA4B.pf - deleted C:\WINDOWS\Prefetch\WMPLAYER.EXE-09969339.pf - deleted C:\WINDOWS\Prefetch\CLEANUP452.EXE-07828204.pf - deleted C:\WINDOWS\Prefetch\CLEANUP.EXE-21B56F2B.pf - deleted C:\WINDOWS\Prefetch\RASAUTOU.EXE-18B88A68.pf - deleted C:\WINDOWS\Prefetch\POWERPNT.EXE-019F2E3D.pf - deleted C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted C:\WINDOWS\Prefetch\CCleaner.EXE-065E2F3F.pf - deleted C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf - deleted C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf - deleted C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf - deleted C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf - deleted C:\WINDOWS\Prefetch\AVNOTIFY.EXE-22AE9451.pf - deleted C:\WINDOWS\Prefetch\AVGUARD.EXE-3490B18B.pf - deleted C:\WINDOWS\Prefetch\AVGNT.EXE-36CA4640.pf - deleted C:\WINDOWS\Prefetch\SCHED.EXE-236A886F.pf - deleted C:\WINDOWS\Prefetch\ICQLITE.EXE-2AEFACA7.pf - deleted C:\WINDOWS\Prefetch\IEXPLORE.EXE-2CA9778D.pf - deleted C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf - deleted C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf - deleted C:\WINDOWS\Prefetch\DFRGFAT.EXE-03D95883.pf - deleted C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted C:\WINDOWS\Prefetch\Layout.ini - deleted C:\WINDOWS\Prefetch\WINAMP.EXE-08C38ED9.pf - deleted C:\WINDOWS\Prefetch\AVCENTER.EXE-37584419.pf - deleted C:\WINDOWS\Prefetch\GUARDGUI.EXE-1BD45C30.pf - deleted C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf - deleted C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-0FCC60DC.pf - deleted C:\WINDOWS\Prefetch\AGENTSVR.EXE-002E45AB.pf - deleted Emptied Recycle Bin on drive C: 'Run MRU' list - removed from the registry. 'Doc Find Spec MRU' list - removed from the registry. 'FindComputerMRU' list - removed from the registry. 'ComputerNameMRU' list - removed from the registry. 'ContainingTextMRU' list - removed from the registry. 'FilesNamedMRU' list - removed from the registry. Search Assistant MRU list - removed from the registry. Explorer Open/Save MRU list - removed from the registry. Explorer Last Visited MRU list - removed from the registry. Paint Recent File List - removed from the registry. WordPad Recent File List - removed from the registry. Telnet's MRU list - removed from the registry. Windows Media Player Recent File List - removed from the registry. WinZip Extract MRU list - removed from the registry. WinZip File MRU list - removed from the registry. CleanUp! 4.5.2 recovered 6.3 MB of disk space from 294 files. CleanUp! finished on 09/30/06 12:45:00. |
|
|
|
|
|
|
30.09.2006, 12:49
Ehrenmitglied
Beiträge: 29434 |
#5
Avenger
http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat registry keys to delete:Klicke die gruene Ampel das Script wirdnun ausgeführt, dann wird der PC automatisch neustarten ** poste das log http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
30.09.2006, 13:06
...neu hier
Themenstarter Beiträge: 4 |
#6
//////////////////////////////////////////
Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 0 Line: HKEY_CLASSES_ROOT\CLSID\{D3B3C51E-8D11-4667-85B9-0930F519BED7} ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\kptabids ******************* Script file located at: \??\C:\Program Files\mdssitrc.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\system32\pmnlihe.dll deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D3B3C51E-8D11-4667-85B9-0930F519BED7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlihe deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxry32 deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3B3C51E-8D11-4667-85B9-0930F519BED7} deleted successfully. Completed script processing. ******************* Finished! Terminate. |
|
|
|
|
|
|
30.09.2006, 13:19
Ehrenmitglied
Beiträge: 29434 |
#7
nun loesche das backup vom avenger ( c:\Avenger\backup.zip) , scanne noch mal mit deinem AntiVirenproggie und beriche
 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Ich bin in Sachen Viren ein absoluter Anfänger... Habe seit Tagen diesen blöden Trojaner TR/Vundo.Gen und bekomme ihn nicht weg!
Habe HiJack drüber laufen lassen!
Hier die Log Datei:
Logfile of HijackThis v1.99.1
Scan saved at 17:19:57, on 28.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\GFI\LANguard Network Security Scanner 3\sscansvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Mozilla Thunderbird\thunderbird.exe
C:\Programme\ICQLite\ICQLite.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Download\HiJack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Hilfsobjekt für Encarta Web-Begleiter - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - C:\WINDOWS\system32\pmnlihe.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Apps\MSN Toolbar\01.02.5000.1021\de\msntb.dll
O3 - Toolbar: Encarta Web-Begleiter - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c283.cab
O16 - DPF: {D67AC55A-B750-41A4-BEE6-020E017A7996} - http://install.cokemusic.de/client/pc/MY-PLAYLIST-WEBINSTALLER_loader.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6015E87-8A7D-46E2-A346-8BCBBEF9B0CB}: NameServer = 217.237.150.33 217.237.151.161
O20 - Winlogon Notify: pmnlihe - C:\WINDOWS\SYSTEM32\pmnlihe.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winxry32 - winxry32.dll (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: GFI LANguard N.S.S. Scheduled Scans Service (lnss_sscans) - GFI Software Ltd. - C:\Programme\GFI\LANguard Network Security Scanner 3\sscansvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
Clean up habe ich auch drüber laufen lassen, aber da kommt immer irgendwas dass es nur ne DEMO wäre... Weiß ja auch nicht!
Kann mir jemand helfen?
Danke