|
Plagegeister aller Art und deren Bekämpfung: wljjg.dllWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.07.2006, 22:42 | #1 |
| wljjg.dll Hi Ich habe ein nerviges File namens wljjg.dll Sie befindet sich im Windos/system32/mljjg.dll Immer wenn ich den PC Hochfahre bekommen ich von Ewido Anti spyware die Nachricht das dieses Exemplar gefährlich ist es heisst Adware Virtumonde. Ich Habe im Abgesicherten Modus diese Datei schon gelöscht beim reboot war sie wieder da auch KillBox kann dagegen nichts machen, langsam bin ich leider Ratlos da ich diese Datei auch schon in der Regestry aufgespürt habe und ebenfalls gelöscht, aber nichts. Logfile of HijackThis v1.99.1 Scan saved at 23:41:40, on 26.07.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe C:\Programme\ewido anti-spyware 4.0\guard.exe C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kavmm.exe C:\Programme\NetLimiter 2 Pro\nlsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Programme\NetLimiter 2 Pro\NLClient.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Programme\D-Tools\daemon.exe C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe C:\Programme\Java\jre1.5.0_06\bin\jusched.exe C:\Programme\ewido anti-spyware 4.0\ewido.exe C:\Programme\World of Warcraft\BLASC\BLASC.exe C:\PROGRA~1\ICQ\ICQ.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\Outlook Express\msimn.exe C:\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [KAV50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe" -run -n Workstation -v 5.0.0.0 -chkss O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!ewido] "C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [BLASC] "C:\Programme\World of Warcraft\BLASC\BLASC.exe" O4 - HKCU\..\Run: [HijackThis startup scan] C:\Downloads\HijackThis.exe /startupscan O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kavmm.exe" -run bl -n Workstation -v 5.0.0.0 -ttsr 10000000 (file missing) O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programme\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Hijack gibt leider auch nicht gerade viel raus. Meiner meinung nach. Ich hoffe ihr könnt mir Helfen. Mfg Ecko |
26.07.2006, 23:02 | #2 | |
| wljjg.dllZitat:
auf www.hijackthis.de gibt es eine Box zum einfügen des Logfiles, nach Copy&Paste klick dort auf "Auswerten". was jetzt das oder das : Code:
ATTFilter Hi Ich habe ein nerviges File namens wljjg.dll Sie befindet sich im Windos/system32/mljjg.dll Geändert von iso9001 (26.07.2006 um 23:09 Uhr) |
26.07.2006, 23:15 | #3 |
| wljjg.dll Hallo,
__________________nur mal so aus reiner Neugier, kannst du mal ein Log von Silentrunners und von F-Secure Blacklight (wird automatisch im selben Pfad erstellt) posten? Danach gehst du mal nach dieser Anleitung vor und berichtest ob dadurch das Problem behoben wurde. Grüße Wildone |
27.07.2006, 06:26 | #4 |
| wljjg.dll Hi natürlich weis ICH was ich Installiert habe. Mit "Hijackthis spuckt auch nichts vernünftiges aus", meinte ich nur das ICH mit meinen Kenntnissen da nichts ungewöhnliches entdecke. Die Datei wljjg.dll befindet sich im system32 Ordner, und der Virus wird als Virtumonde angezeigt. Ich hoffe nun habe ich es klarer ausgedrückt. Hijackthis Log habe ich natürlich auch schon auswerten lassen, aber auch da wurde nichts relevantes gefunden. Wildone: Die beiden Programme werde ich heute abend ausführen und den Log hier posten. Gruß Ecko |
27.07.2006, 16:07 | #5 |
| wljjg.dll Silentrunners Log "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ "{C452D8E4-07CF-1031-1104-040221050031}" = ""C:\Programme\Gemeinsame Dateien\{C452D8E4-07CF-1031-1104-040221050031}\Update.exe" mc-110-12-0000272" [file not found] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "BLASC" = ""C:\Programme\World of Warcraft\BLASC\BLASC.exe"" ["Das BLASC Team"] "HijackThis startup scan" = "C:\Downloads\HijackThis.exe /startupscan" ["Soeperman Enterprises Ltd."] "MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} "homepage.monitor.exe" = "C:\Programme\Media-Codec\isamonitor.exe" [file not found] "pmsngr.exe" = "C:\Programme\Media-Codec\pmsngr.exe" [file not found] "ishost.exe" = "ishost.exe" [file not found] "issearch.exe" = "issearch.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS] "DAEMON Tools-1033" = ""C:\Programme\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"] "KAV50" = ""C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe" -run -n Workstation -v 5.0.0.0 -chkss" ["Kaspersky Lab"] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."] "Mirabilis ICQ" = "C:\PROGRA~1\ICQ\ICQNet.exe" [null data] "NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "CloneCDTray" = ""C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "!ewido" = ""C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {4A84C076-B3A8-435F-B366-6B80340C1DC0}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\mljjg.dll" [null data] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.61 Context Menu Shell Extension" -> {HKLM...CLSID} = "WinAceContext Menu Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.61 DragDrop Shell Extension" -> {HKLM...CLSID} = "WinAceDrag-Drop Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.61 Context Menu Shell Extension" -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.61 Property Sheet Shell Extension" -> {HKLM...CLSID} = "WinAceProperty Sheet Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{F802F260-519B-11D1-BB5D-0060974C6013}" = "ICQ Shell Extension" -> {HKLM...CLSID} = "ICQ Shell Extension" \InProcServer32\(Default) = "C:\Programme\ICQ\ICQShExt.dll" ["ICQ"] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"] "{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider" -> {HKLM...CLSID} = "Haali Column Provider" \InProcServer32\(Default) = "C:\Programme\Haali\MatroskaSplitter\mmfinfo.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! mljjg\DLLName = "C:\WINDOWS\system32\mljjg.dll" [null data] INFECTION WARNING! winwim32\DLLName = "winwim32.dll" [file not found] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider" -> {HKLM...CLSID} = "Haali Column Provider" \InProcServer32\(Default) = "C:\Programme\Haali\MatroskaSplitter\mmfinfo.dll" [null data] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] ICQMenu\(Default) = "{f802f260-519b-11d1-bb5d-0060974c6013}" -> {HKLM...CLSID} = "ICQ Shell Extension" \InProcServer32\(Default) = "C:\Programme\ICQ\ICQShExt.dll" ["ICQ"] Kaspersky Anti-Virus\(Default) = "{DD230880-495A-11D1-B064-008048EC2FC5}" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\ShellEx.dll" ["Kaspersky Lab"] ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] ICQMenu\(Default) = "{f802f260-519b-11d1-bb5d-0060974c6013}" -> {HKLM...CLSID} = "ICQ Shell Extension" \InProcServer32\(Default) = "C:\Programme\ICQ\ICQShExt.dll" ["ICQ"] ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = "{DD230880-495A-11D1-B064-008048EC2FC5}" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\ShellEx.dll" ["Kaspersky Lab"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "-Frank-" & "All Users" startup folders: --------------------------------------------------------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart "Adobe Gamma Loader" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office\OSA9.EXE -b -l" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."] {6224F700-CBA3-4071-B251-47CB894244CD}\ "ButtonText" = "ICQ Pro" "MenuText" = "ICQ" "Exec" = "C:\PROGRA~1\ICQ\ICQ.exe" ["ICQ Inc."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe" [null data] ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Programme\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."] Kaspersky Anti-Virus Service, KLBLMain, ""C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kavmm.exe" -run bl -n Workstation -v 5.0.0.0 -ttsr 10000000" ["Kaspersky Lab"] NetLimiter, nlsvc, ""C:\Programme\NetLimiter 2 Pro\nlsvc.exe"" ["Locktime Software"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] StarWind iSCSI Service, StarWindService, "C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt04\Driver = "hpzlnt04.dll" ["HP"] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 32 seconds, including 18 seconds for message boxes) 07/27/06 17:02:12 [Info]: BlackLight Engine 1.0.42 initialized 07/27/06 17:02:12 [Info]: OS: 5.1 build 2600 (Service Pack 2) 07/27/06 17:02:12 [Note]: 7019 4 07/27/06 17:02:12 [Note]: 7005 0 07/27/06 17:02:16 [Note]: 7006 0 07/27/06 17:02:16 [Note]: 7011 208 07/27/06 17:02:16 [Note]: 7026 0 07/27/06 17:02:16 [Note]: 7026 0 07/27/06 17:02:21 [Note]: FSRAW library version 1.7.1019 07/27/06 17:06:45 [Note]: 7007 0 Bidde Sehr |
27.07.2006, 17:05 | #6 |
| wljjg.dll So nun habe ich auch die Virtumonde dateien Laufen lassen und bisher nichts gemerkt, und habe auch im System 32 nachgeschaut die Datei ist wirklich weg. Nun lasse ich nochmal alles durchlaufen was ich auf meinem rechner habe. Ich gebe nochmal ein neues Log von Silentrunners durch falls jemand noch etwas findet, was ich doch bitte Löschen sollte, tut euch keinen Zwang an es mir zu sagen. Falls nun alles in ordnung ist, bedanke ich mich für eure Hilfe. Gruß Ecko "Silent Runners.vbs", revision 46, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ "{C452D8E4-07CF-1031-1104-040221050031}" = ""C:\Programme\Gemeinsame Dateien\{C452D8E4-07CF-1031-1104-040221050031}\Update.exe" mc-110-12-0000272" [file not found] HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "BLASC" = ""C:\Programme\World of Warcraft\BLASC\BLASC.exe"" ["Das BLASC Team"] "MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS] "DAEMON Tools-1033" = ""C:\Programme\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"] "KAV50" = ""C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kwsprod.exe" -run -n Workstation -v 5.0.0.0 -chkss" ["Kaspersky Lab"] "SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."] "Mirabilis ICQ" = "C:\PROGRA~1\ICQ\ICQNet.exe" [null data] "NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "CloneCDTray" = ""C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."] "QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "!ewido" = ""C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.61 Context Menu Shell Extension" -> {HKLM...CLSID} = "WinAceContext Menu Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.61 DragDrop Shell Extension" -> {HKLM...CLSID} = "WinAceDrag-Drop Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.61 Context Menu Shell Extension" -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.61 Property Sheet Shell Extension" -> {HKLM...CLSID} = "WinAceProperty Sheet Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS] "{F802F260-519B-11D1-BB5D-0060974C6013}" = "ICQ Shell Extension" -> {HKLM...CLSID} = "ICQ Shell Extension" \InProcServer32\(Default) = "C:\Programme\ICQ\ICQShExt.dll" ["ICQ"] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"] "{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider" -> {HKLM...CLSID} = "Haali Column Provider" \InProcServer32\(Default) = "C:\Programme\Haali\MatroskaSplitter\mmfinfo.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ INFECTION WARNING! winwim32\DLLName = "winwim32.dll" [file not found] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider" -> {HKLM...CLSID} = "Haali Column Provider" \InProcServer32\(Default) = "C:\Programme\Haali\MatroskaSplitter\mmfinfo.dll" [null data] {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] ICQMenu\(Default) = "{f802f260-519b-11d1-bb5d-0060974c6013}" -> {HKLM...CLSID} = "ICQ Shell Extension" \InProcServer32\(Default) = "C:\Programme\ICQ\ICQShExt.dll" ["ICQ"] Kaspersky Anti-Virus\(Default) = "{DD230880-495A-11D1-B064-008048EC2FC5}" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\ShellEx.dll" ["Kaspersky Lab"] ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Programme\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] ICQMenu\(Default) = "{f802f260-519b-11d1-bb5d-0060974c6013}" -> {HKLM...CLSID} = "ICQ Shell Extension" \InProcServer32\(Default) = "C:\Programme\ICQ\ICQShExt.dll" ["ICQ"] ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" ["e-merge GmbH"] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = "{DD230880-495A-11D1-B064-008048EC2FC5}" -> {HKLM...CLSID} = "ShellExt Class" \InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\ShellEx.dll" ["Kaspersky Lab"] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "-Frank-" & "All Users" startup folders: --------------------------------------------------------- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart "Adobe Gamma Loader" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Microsoft Office" -> shortcut to: "C:\Programme\Microsoft Office\Office\OSA9.EXE -b -l" [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06" \InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."] {6224F700-CBA3-4071-B251-47CB894244CD}\ "ButtonText" = "ICQ Pro" "MenuText" = "ICQ" "Exec" = "C:\PROGRA~1\ICQ\ICQ.exe" ["ICQ Inc."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ BlueSoleil Hid Service, BlueSoleil Hid Service, "C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe" [null data] ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Programme\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."] Kaspersky Anti-Virus Service, KLBLMain, ""C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus for Workstation 5\kavmm.exe" -run bl -n Workstation -v 5.0.0.0 -ttsr 10000000" ["Kaspersky Lab"] NetLimiter, nlsvc, ""C:\Programme\NetLimiter 2 Pro\nlsvc.exe"" ["Locktime Software"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] StarWind iSCSI Service, StarWindService, "C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzlnt04\Driver = "hpzlnt04.dll" ["HP"] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 16 seconds, including 4 seconds for message boxes) |
Themen zu wljjg.dll |
abgesicherten modus, adobe, adobe reader, adware, dateien, explorer, file, gelöscht, hijack, hijackthis, icq, internet, internet explorer, kaspersky, langsam, messenger, microsoft, nvidia, outlook express, programme, ratlos, rundll, rundll32.exe, software, spyware, windows, windows xp, world of warcraft |