mljji.dll und tuvvvss.dll probleme

n1tr0x · 07.02.2008, 22:35

hi,
habe heute zwei "trojaner" auf meinem PC entdeckt und werde sie einfach nicht los, meine antiviren software erkennt sie erst garnicht und spybot SD erkennt zwar einen der beiden und gibt auch an, dass das problem behoben wurde, aber es besteht immer noch. die beiden übel täter sind

mljji.dll
tuvvvss.dll

ich hab schon das netz durchforstet hab aber keine lösung gefunden die mich weiter bringt.

probleme die hab seit dem habe:

-Fehlermeldung (bis jetzt nur wenn ich im internet bin): Buffer overrun detected! Program: C:\WINDOWS\explorer.exe
A buffer overrun has been detected which has corrupted the program's internal state. The program cannot safely continue execution and must now be terminated.

wobei der explorer dann abstürzt und mach mal wieder kommt aber manch mal auch nicht

-Fehlermeldung (beim startup): Exception Procesing Message c00000a3 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:39, on 07.02.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\DrWeb\spidernt.exe
D:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
D:\VMware\VMware Player\vmware-authd.exe
C:\Program Files\DrWeb\DRWEBSCD.EXE
D:\DAEMON Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\DrWeb\spiderml.exe
C:\PROGRA~1\DrWeb\spiderui.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Free Download Manager\fdm.exe
D:\Free Download Manager\fum\fum.exe
D:\Free Download Manager\FUM\fumoei.exe
C:\Program Files\802.11 Wireless LAN Driver and Utility\RtWlan.exe
D:\Last.fm\LastFMHelper.exe
D:\AnalogX\MaxMem\maxmem.exe
D:\Trillian\trillian.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://windowsupdate.microsoft.com/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"
O4 - HKLM\..\Run: [DAEMON Tools] "d:\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SpIDerMail] "C:\Program Files\DrWeb\spiderml.exe"
O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] "d:\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Free Upload Manager] "d:\Free Download Manager\fum\fum.exe" -autorun
O4 - HKCU\..\Run: [Free Uploader Oe Integration] d:\Free Download Manager\FUM\fumoei.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = D:\Last.fm\LastFMHelper.exe
O4 - Startup: MaxMem.lnk = D:\AnalogX\MaxMem\maxmem.exe
O4 - Startup: Trillian.lnk = D:\Trillian\trillian.exe
O4 - Global Startup: 802.11 Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: Alles mit FDM herunterladen - file://d:\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://d:\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://d:\Free Download Manager\dllink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://d:\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - d:\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - h**p://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\spidernt.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 6379 bytes

undoreal · 08.02.2008, 14:48

Halli hallo.

1) Deaktiviere die Systemwiederherstellung auf allen Laufwerken.

2) Deinstalliere Java über die Systemsteuerung.

3) Lasse Silentrunners laufen und poste die logFiles..

4) Folge dieser Anleitung.

5) Run Combofix. Poste den erscheinenden Text.

6) Durchsuche mit Lavasoft und Spybot-S&D sowie deinem AV-Prog (alle drei mit aktuellen Signaturen!) dein System jeweils 2x. Erst im normalen und dann im abgesicherten Modus (F8 beim Hochfahren).

7) Räume mit cCleaner auf ( die Registry musst du mehrmals durchsuchen und bereinigen lassen).

8) Poste ein frisches HijackThis log sowie einen iClean Bericht (Prog in eigenem Ordner öffnen->"Yes"->File->Report).

9) Danach machst du einen eScan nach Anleitung in meiner Signatur und postest das log.

n1tr0x · 11.02.2008, 16:49

hier erst mal das silentrunners log

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Free Download Manager" = ""d:\Free Download Manager\fdm.exe" -autorun" ["FreeDownloadManager.ORG"]
"Free Upload Manager" = ""d:\Free Download Manager\fum\fum.exe" -autorun" [null data]
"Free Uploader Oe Integration" = "d:\Free Download Manager\FUM\fumoei.exe" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"DrWebScheduler" = ""C:\Program Files\DrWeb\DRWEBSCD.EXE"" ["Doctor Web, Ltd."]
"DAEMON Tools" = ""d:\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SpIDerMail" = ""C:\Program Files\DrWeb\spiderml.exe"" ["Doctor Web, Ltd."]
"SpIDerNT" = "C:\PROGRA~1\DrWeb\spiderui.exe /agent" ["Doctor Web, Ltd."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"MSDrive" = "rundll32.exe C:\WINDOWS\system32\drvxom.dll,startup" [MS]
"avgnt" = ""D:\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "D:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{7572FF4E-A579-4A1B-8BEA-8224D893AC79}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\mljji.dll" [null data]
{A00CA75C-DEDD-4474-9088-5D6363D69338}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\tuvvvss.dll" [null data]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided)
-> {HKLM...CLSID} = "FDMIECookiesBHO Class"
\InProcServer32\(Default) = "d:\Free Download Manager\iefdm2.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{e7593602-124b-47c9-9f73-a69308edc973}" = "Shell Extension for DrWeb"
-> {HKLM...CLSID} = "Shell Extension for DrWeb"
\InProcServer32\(Default) = "C:\Program Files\DrWeb\drwsxtn.dll" ["Doctor Web, Ltd."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\WinRAR\rarext.dll" [null data]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "D:\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{F49C55B9-D417-45A1-A6E7-D6E057946280}" = "FdmUplShlExt"
-> {HKLM...CLSID} = "FdmUplShlExt Class"
\InProcServer32\(Default) = "d:\Free Download Manager\FUM\fumshext.dll" [null data]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "D:\Antivir\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{A00CA75C-DEDD-4474-9088-5D6363D69338}" = "*j" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\tuvvvss.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshserviceobj.dll" [MS]

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "run" = ""C:\WINDOWS\system32\winupdate.exe"" [file not found]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> tuvvvss\DLLName = "tuvvvss.dll" [null data]
<<!>> winhld32\DLLName = "winhld32.dll" [file not found]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
DrWMenuHandlers\(Default) = "{e7593602-124b-47c9-9f73-a69308edc973}"
-> {HKLM...CLSID} = "Shell Extension for DrWeb"
\InProcServer32\(Default) = "C:\Program Files\DrWeb\drwsxtn.dll" ["Doctor Web, Ltd."]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "D:\Antivir\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\WinRAR\rarext.dll" [null data]
WinUHA\(Default) = "{095177B8-8097-4D32-9081-A8949C47020E}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WinUHA\shellwinuha.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
DrWMenuHandlers\(Default) = "{e7593602-124b-47c9-9f73-a69308edc973}"
-> {HKLM...CLSID} = "Shell Extension for DrWeb"
\InProcServer32\(Default) = "C:\Program Files\DrWeb\drwsxtn.dll" ["Doctor Web, Ltd."]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "D:\Antivir\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\WinRAR\rarext.dll" [null data]
WinUHA\(Default) = "{095177B8-8097-4D32-9081-A8949C47020E}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WinUHA\shellwinuha.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
FdmUplShlExt\(Default) = "{F49C55B9-D417-45A1-A6E7-D6E057946280}"
-> {HKLM...CLSID} = "FdmUplShlExt Class"
\InProcServer32\(Default) = "d:\Free Download Manager\FUM\fumshext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoLowDiskSpaceChecks" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\N!tr0_X\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\ssstars.scr" [MS]

Startup items in "N!tr0_X" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\N!tr0_X\Start Menu\Programs\Startup
"Last.fm Helper" -> shortcut to: "D:\Last.fm\LastFMHelper.exe" ["Last.fm"]
"MaxMem" -> shortcut to: "D:\AnalogX\MaxMem\maxmem.exe" [null data]
"Trillian" -> shortcut to: "D:\Trillian\trillian.exe" ["Cerulean Studios"]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"802.11 Wireless LAN Utility" -> shortcut to: "C:\Program Files\802.11 Wireless LAN Driver and Utility\RtWlan.exe /H" ["Realtek Semiconductor Corp."]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\DRWEBSP.DLL ["Doctor Web, Ltd."], 01 - 05, 23
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 22
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "d:\ICQ6\ICQ.exe" ["ICQ, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1}\
"ButtonText" = "Upload"
"CLSIDExtension" = "{FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1}"
-> {HKLM...CLSID} = "FDMUploadBtnForIe Class"
\InProcServer32\(Default) = "d:\Free Download Manager\FUM\fumiebtn.dll" [null data]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ad-Aware 2007 Service, aawservice, ""D:\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"]
AntiVir PersonalEdition Classic Guard, AntiVirService, ""D:\Antivir\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"]
AntiVir PersonalEdition Classic Planer, AntiVirScheduler, ""D:\Antivir\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
SpIDer Guard for Windows, SPIDERNT, "C:\PROGRA~1\DrWeb\spidernt.exe" ["Doctor Web, Ltd."]
StarWind iSCSI Service, StarWindService, "D:\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]
VMware Authorization Service, VMAuthdService, ""D:\VMware\VMware Player\vmware-authd.exe"" ["VMware, Inc."]
VMware DHCP Service, VMnetDHCP, "C:\WINDOWS\system32\vmnetdhcp.exe" ["VMware, Inc."]
VMware NAT Service, VMware NAT Service, "C:\WINDOWS\system32\vmnat.exe" ["VMware, Inc."]
VMware Virtual Mount Manager Extended, vmount2, ""C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe"" ["VMware, Inc."]

Keyboard Driver Filters:
------------------------

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = <<!>> "vmkbd" ["VMware, Inc."]

---------- (launch time: 2008-02-11 16:34:45)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 64 seconds, including 19 seconds for message boxes)

undoreal · 11.02.2008, 18:01

Arbeit für zwischendurch:

Dateien Online überprüfen lassen:

* Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
(lass auch die versteckten Dateien anzeigen!)

Zitat:

C:\WINDOWS\system32\winupdate.exe

C:\WINDOWS\system32\tuvvvss.dll

Nach folgender Datei suche bitte wie in meiner Signatur beschrieben und lade sie ebenfalls hoch:

winhld32.dll

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
* Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
(Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!)

n1tr0x · 11.02.2008, 21:24

hi, ich bin mittler weile schon bei schritt 6 (sorry hab den post nicht mit bekommen). die 3 dateien die du aufgelistet hast sind nicht mehr zu find (ich hoffe, dass das gut ist), aber ich werde alles noch mal von vorne durch gehn weil ich mir den text nach dem combofix durchlauf nicht gemerkt hab.

danke für die hilfe so weit

n1tr0x · 12.02.2008, 15:28

hi, hier der combofix report

ComboFix 08-02-11.2 - N!tr0_X 2008-02-12 15:23:32.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2084 [GMT 1:00]
Running from: C:\Downloads\ComboFix(1).exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\dplhbcpi.dll
C:\WINDOWS\system32\drvxomr.dll
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\tuvvvss.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\ntload

((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.

2008-02-12 15:23 . 2000-08-31 08:00 212,480 --a------ C:\WINDOWS\system32\swxcacls.exe
2008-02-12 15:23 . 2000-08-31 08:00 161,792 --a------ C:\WINDOWS\system32\swreg.exe
2008-02-12 15:23 . 2000-08-31 08:00 136,704 --a------ C:\WINDOWS\system32\swsc.exe
2008-02-11 17:40 . 2008-02-11 17:40 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-11 17:40 . 2008-02-11 17:40 3,446 --a------ C:\WINDOWS\unins000.dat
2008-02-11 17:31 . 2008-02-11 22:51 60,416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys
2008-02-11 17:25 . 2008-02-11 22:57 <DIR> d-------- C:\QooBox
2008-02-11 17:25 . 2004-08-04 00:56 388,608 --a------ C:\WINDOWS\system32\kmd.exe
2008-02-11 17:25 . 2000-08-31 08:00 98,816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-11 17:25 . 2000-08-31 08:00 80,412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-11 17:25 . 2000-08-31 08:00 73,728 --a------ C:\WINDOWS\system32\fdsv.exe
2008-02-11 17:25 . 2000-08-31 08:00 68,096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-11 17:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-02-11 17:25 . 2000-08-31 08:00 49,152 --a------ C:\WINDOWS\system32\VFind.exe
2008-02-11 17:18 . 2008-02-11 17:18 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-11 16:59 . 2008-02-12 15:19 1,988 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-11 16:33 . 2008-02-12 15:12 <DIR> d-------- C:\Downloads
2008-02-08 01:56 . 2008-02-08 01:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-08 01:56 . 2008-02-08 01:58 61,632 --a------ C:\WINDOWS\system32\drivers\avipbb.sys
2008-02-08 01:56 . 2007-08-09 13:04 40,768 --a------ C:\WINDOWS\system32\drivers\avgntdd.sys
2008-02-08 01:56 . 2007-03-01 10:34 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys
2008-02-08 01:56 . 2007-07-18 14:22 21,312 --a------ C:\WINDOWS\system32\drivers\avgntmgr.sys
2008-02-08 01:47 . 2008-02-11 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-31 18:56 . 2008-01-31 18:56 <DIR> d-------- C:\Program Files\Sony
2008-01-31 18:55 . 2008-01-31 18:55 <DIR> d-------- C:\Program Files\Common Files\Sony Shared
2008-01-31 18:22 . 2001-12-11 18:17 37,087 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2008-01-31 18:03 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-01-31 18:03 . 2001-05-01 13:32 126,976 --a------ C:\WINDOWS\system32\atrac3.acm
2008-01-31 18:02 . 2008-01-31 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-01-31 18:02 . 2002-03-25 19:09 323,856 --a------ C:\WINDOWS\system32\Wmvcorer.dll
2008-01-31 18:02 . 2002-03-25 19:09 262,416 --a------ C:\WINDOWS\system32\Asfv2.dll
2008-01-30 15:17 . 2008-01-30 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-01-29 18:13 . 2008-01-29 18:13 <DIR> d-------- C:\Program Files\PixiePack Codec Pack
2008-01-29 18:11 . 2008-01-29 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-01-28 15:44 . 2008-02-12 00:47 <DIR> d-------- C:\xDownloads
2008-01-22 02:49 . 2008-01-22 02:49 <DIR> d-------- C:\Program Files\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 14:22 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-02-12 14:21 2,145,386,496 --sha-w C:\pagefile.sys
2008-02-12 14:21 --------- d-----w C:\Program Files\DrWeb
2008-02-12 14:21 --------- d-----w C:\Documents and Settings\N!tr0_X\Application Data\Free Download Manager
2008-02-12 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-02-11 16:54 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-02-11 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-11 15:31 --------- d-----w C:\Program Files\Common Files
2008-02-09 19:03 --------- d-----w C:\Documents and Settings\N!tr0_X\Application Data\mIRC
2008-02-08 00:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 18:31 77,824 ----atw C:\WINDOWS\system32\DRWEBSP.DLL
2008-02-07 18:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-07 17:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 14:17 --------- d-----w C:\Program Files\Windows Media Player
2008-01-25 10:45 --------- d-----w C:\Documents and Settings\N!tr0_X\Application Data\VMware
2008-01-08 18:29 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-08 18:28 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-06 22:29 --------- d-----w C:\Documents and Settings\N!tr0_X\Application Data\dvdcss
2008-01-02 18:21 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
2007-12-19 20:31 --------- d-----w C:\Documents and Settings\N!tr0_X\Application Data\InstallShield Installation Information
2007-12-15 15:20 --------- d-----w C:\Documents and Settings\N!tr0_X\Application Data\ICQ
2007-12-15 15:17 --------- d-----w C:\Documents and Settings\N!tr0_X\Application Data\InstallShield
2007-12-14 23:16 --------- d-----w C:\Documents and Settings\N!tr0_X\Application Data\Ahead
2007-12-13 00:35 --------- d-----w C:\Program Files\Internet Explorer
2007-12-11 01:12 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-22 14:19 16,368 ----a-w C:\Documents and Settings\N!tr0_X\Application Data\GDIPFONTCACHEV1.DAT
2007-11-13 11:31 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
2007-09-23 19:06 16,384 -csha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-09-23 19:06 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2007-09-23 19:06 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007092320070924\index.dat
2007-09-23 19:06 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Free Download Manager"="d:\Free Download Manager\fdm.exe" [2007-08-31 23:13 2437167]
"Free Upload Manager"="d:\Free Download Manager\fum\fum.exe" [2007-07-29 20:13 253952]
"Free Uploader Oe Integration"="d:\Free Download Manager\FUM\fumoei.exe" [2007-06-10 19:02 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"DrWebScheduler"="C:\Program Files\DrWeb\DRWEBSCD.EXE" [2007-09-19 16:04 130552]
"DAEMON Tools"="d:\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-01 12:10 16049664 C:\WINDOWS\RTHDCPL.EXE]
"SpIDerMail"="C:\Program Files\DrWeb\spiderml.exe" [2007-12-25 14:34 500976]
"SpIDerNT"="C:\PROGRA~1\DrWeb\spiderui.exe" [2008-01-28 14:07 214552]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"avgnt"="D:\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-08 01:58 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\N!tr0_X\Start Menu\Programs\Startup\
Last.fm Helper.lnk - D:\Last.fm\LastFMHelper.exe [2008-01-30 15:15:55 106496]
MaxMem.lnk - D:\AnalogX\MaxMem\maxmem.exe [2007-12-09 23:08:05 75780]
Trillian.lnk - D:\Trillian\trillian.exe [2007-12-11 1873280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvvss]
tuvvvss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhld32]
winhld32.dll

R2 SPIDER;SpIDer Guard File System Monitor;C:\PROGRA~1\DrWeb\spider.sys [2008-01-28 14:07]
R2 SPIDERNT;SpIDer Guard for Windows;C:\PROGRA~1\DrWeb\spidernt.exe [2008-01-28 14:07]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 09:57]
R3 vmkbd;VMware kbd;C:\WINDOWS\system32\drivers\VMkbd.sys [2007-10-08 09:22]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-12 15:24:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

nach den ersten scans im nicht abgesicherten modus war alles clean :aplaus:

Windows_Fan · 12.02.2008, 15:54

Bitte lese unten System Schützen.

undoreal · 12.02.2008, 16:30

Zitat:

nach den ersten scans im nicht abgesicherten modus war alles clean

meinst du den eScan?

Dateien Online überprüfen lassen:

* Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
(lass auch die versteckten Dateien anzeigen!)

Zitat:

C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\sed.exe
C:\WINDOWS\system32\grep.exe
C:\WINDOWS\system32\fdsv.exe
C:\WINDOWS\system32\zip.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
* Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
(Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!)

n1tr0x · 12.02.2008, 20:50

Datei kmd.exe empfangen 2008.02.12 20:29:19 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt

Ergebnis: 0/32 (0%)
AhnLab-V3 2008.2.13.10 2008.02.12 -
AntiVir 7.6.0.65 2008.02.12 -
Authentium 4.93.8 2008.02.11 -
Avast 4.7.1098.0 2008.02.12 -
AVG 7.5.0.516 2008.02.12 -
BitDefender 7.2 2008.02.12 -
CAT-QuickHeal None 2008.02.12 -
ClamAV 0.92 2008.02.12 -
DrWeb 4.44.0.09170 2008.02.12 -
eSafe 7.0.15.0 2008.02.11 -
eTrust-Vet 31.3.5530 2008.02.12 -
Ewido 4.0 2008.02.12 -
FileAdvisor 1 2008.02.12 -
Fortinet 3.14.0.0 2008.02.12 -
F-Prot 4.4.2.54 2008.02.11 -
F-Secure 6.70.13260.0 2008.02.12 -
Ikarus T3.1.1.20 2008.02.12 -
Kaspersky 7.0.0.125 2008.02.12 -
McAfee 5228 2008.02.12 -
Microsoft 1.3204 2008.02.12 -
NOD32v2 2869 2008.02.12 -
Norman 5.80.02 2008.02.12 -
Panda 9.0.0.4 2008.02.12 -
Prevx1 V2 2008.02.12 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.12 -
Sunbelt 2.2.907.0 2008.02.12 -
Symantec 10 2008.02.12 -
TheHacker 6.2.9.218 2008.02.12 -
VBA32 3.12.6.0 2008.02.11 -
VirusBuster 4.3.26:9 2008.02.12 -
Webwasher-Gateway 6.6.2 2008.02.12 -

weitere Informationen
File size: 388608 bytes
MD5: eeb024f2c81f0d55936fb825d21a91d6
SHA1: dd47ff16176412ec2e170cda441b4a220ff52f46
PEiD: -

Datei sed.exe empfangen 2008.02.12 20:31:09 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt

Ergebnis: 0/32 (0%)
AhnLab-V3 2008.2.13.10 2008.02.12 -
AntiVir 7.6.0.65 2008.02.12 -
Authentium 4.93.8 2008.02.11 -
Avast 4.7.1098.0 2008.02.12 -
AVG 7.5.0.516 2008.02.12 -
BitDefender 7.2 2008.02.12 -
CAT-QuickHeal None 2008.02.12 -
ClamAV 0.92 2008.02.12 -
DrWeb 4.44.0.09170 2008.02.12 -
eSafe 7.0.15.0 2008.02.11 -
eTrust-Vet 31.3.5530 2008.02.12 -
Ewido 4.0 2008.02.12 -
FileAdvisor 1 2008.02.12 -
Fortinet 3.14.0.0 2008.02.12 -
F-Prot 4.4.2.54 2008.02.11 -
F-Secure 6.70.13260.0 2008.02.12 -
Ikarus T3.1.1.20 2008.02.12 -
Kaspersky 7.0.0.125 2008.02.12 -
McAfee 5228 2008.02.12 -
Microsoft 1.3204 2008.02.12 -
NOD32v2 2869 2008.02.12 -
Norman 5.80.02 2008.02.12 -
Panda 9.0.0.4 2008.02.12 -
Prevx1 V2 2008.02.12 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.12 -
Sunbelt 2.2.907.0 2008.02.12 -
Symantec 10 2008.02.12 -
TheHacker 6.2.9.218 2008.02.12 -
VBA32 3.12.6.0 2008.02.11 -
VirusBuster 4.3.26:9 2008.02.12 -
Webwasher-Gateway 6.6.2 2008.02.12 -

weitere Informationen
File size: 98816 bytes
MD5: 2b657a67aebb84aea5632c53e61e23bf
SHA1: 7d723cf82658da76bda85ae00bf20cb01b43edc8
PEiD: Dev-C++ 4.9.9.2 -> Bloodshed Software

Datei grep.exe empfangen 2008.02.12 20:31:45 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt

Ergebnis: 0/32 (0%)
AhnLab-V3 2008.2.13.10 2008.02.12 -
AntiVir 7.6.0.65 2008.02.12 -
Authentium 4.93.8 2008.02.11 -
Avast 4.7.1098.0 2008.02.12 -
AVG 7.5.0.516 2008.02.12 -
BitDefender 7.2 2008.02.12 -
CAT-QuickHeal None 2008.02.12 -
ClamAV 0.92 2008.02.12 -
DrWeb 4.44.0.09170 2008.02.12 -
eSafe 7.0.15.0 2008.02.11 -
eTrust-Vet 31.3.5530 2008.02.12 -
Ewido 4.0 2008.02.12 -
FileAdvisor 1 2008.02.12 -
Fortinet 3.14.0.0 2008.02.12 -
F-Prot 4.4.2.54 2008.02.11 -
F-Secure 6.70.13260.0 2008.02.12 -
Ikarus T3.1.1.20 2008.02.12 -
Kaspersky 7.0.0.125 2008.02.12 -
McAfee 5228 2008.02.12 -
Microsoft 1.3204 2008.02.12 -
NOD32v2 2869 2008.02.12 -
Norman 5.80.02 2008.02.12 -
Panda 9.0.0.4 2008.02.12 -
Prevx1 V2 2008.02.12 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.12 -
Sunbelt 2.2.907.0 2008.02.12 -
Symantec 10 2008.02.12 -
TheHacker 6.2.9.218 2008.02.12 -
VBA32 3.12.6.0 2008.02.11 -
VirusBuster 4.3.26:9 2008.02.12 -
Webwasher-Gateway 6.6.2 2008.02.12 -

weitere Informationen
File size: 80412 bytes
MD5: 9e05a9c264c8a908a8e79450fcbff047
SHA1: 363b2ee171de15aeea793bd7fdffd68d0feb8ba4
PEiD: Video-Lan-Client

Datei fdsv.exe empfangen 2008.02.12 20:33:07 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt

Ergebnis: 0/32 (0%)
AhnLab-V3 2008.2.13.10 2008.02.12 -
AntiVir 7.6.0.65 2008.02.12 -
Authentium 4.93.8 2008.02.11 -
Avast 4.7.1098.0 2008.02.12 -
AVG 7.5.0.516 2008.02.12 -
BitDefender 7.2 2008.02.12 -
CAT-QuickHeal None 2008.02.12 -
ClamAV 0.92 2008.02.12 -
DrWeb 4.44.0.09170 2008.02.12 -
eSafe 7.0.15.0 2008.02.11 -
eTrust-Vet 31.3.5530 2008.02.12 -
Ewido 4.0 2008.02.12 -
FileAdvisor 1 2008.02.12 -
Fortinet 3.14.0.0 2008.02.12 -
F-Prot 4.4.2.54 2008.02.11 -
F-Secure 6.70.13260.0 2008.02.12 -
Ikarus T3.1.1.20 2008.02.12 -
Kaspersky 7.0.0.125 2008.02.12 -
McAfee 5228 2008.02.12 -
Microsoft 1.3204 2008.02.12 -
NOD32v2 2869 2008.02.12 -
Norman 5.80.02 2008.02.12 -
Panda 9.0.0.4 2008.02.12 -
Prevx1 V2 2008.02.12 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.12 -
Sunbelt 2.2.907.0 2008.02.12 -
Symantec 10 2008.02.12 -
TheHacker 6.2.9.218 2008.02.12 -
VBA32 3.12.6.0 2008.02.11 -
VirusBuster 4.3.26:9 2008.02.12 -
Webwasher-Gateway 6.6.2 2008.02.12 -

weitere Informationen
File size: 73728 bytes
MD5: f464045f5ad11dd2708e620a8404da7b
SHA1: 735ce4211de9cac7b1ac66df8869b9f2c3a9e50a
PEiD: -

Datei zip.exe empfangen 2008.02.12 20:33:34 (CET)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt

Ergebnis: 0/32 (0%)
AhnLab-V3 2008.2.13.10 2008.02.12 -
AntiVir 7.6.0.65 2008.02.12 -
Authentium 4.93.8 2008.02.11 -
Avast 4.7.1098.0 2008.02.12 -
AVG 7.5.0.516 2008.02.12 -
BitDefender 7.2 2008.02.12 -
CAT-QuickHeal None 2008.02.12 -
ClamAV 0.92 2008.02.12 -
DrWeb 4.44.0.09170 2008.02.12 -
eSafe 7.0.15.0 2008.02.11 -
eTrust-Vet 31.3.5530 2008.02.12 -
Ewido 4.0 2008.02.12 -
FileAdvisor 1 2008.02.12 -
Fortinet 3.14.0.0 2008.02.12 -
F-Prot 4.4.2.54 2008.02.11 -
F-Secure 6.70.13260.0 2008.02.12 -
Ikarus T3.1.1.20 2008.02.12 -
Kaspersky 7.0.0.125 2008.02.12 -
McAfee 5228 2008.02.12 -
Microsoft 1.3204 2008.02.12 -
NOD32v2 2869 2008.02.12 -
Norman 5.80.02 2008.02.12 -
Panda 9.0.0.4 2008.02.12 -
Prevx1 V2 2008.02.12 -
Rising 20.29.22.00 2008.01.30 -
Sophos 4.26.0 2008.02.12 -
Sunbelt 2.2.907.0 2008.02.12 -
Symantec 10 2008.02.12 -
TheHacker 6.2.9.218 2008.02.12 -
VBA32 3.12.6.0 2008.02.11 -
VirusBuster 4.3.26:9 2008.02.12 -
Webwasher-Gateway 6.6.2 2008.02.12 -

weitere Informationen
File size: 68096 bytes
MD5: 5e832f4faf5f481f2eaf3b3a48f603b8
SHA1: 1d83497f04247bc095ddc1ccd0fef0c029f0ae8d
PEiD: Video-Lan-Client

mit scans waren die scans mit dr. web, antivir, sypbot s&d und lavasoft gemeint, und die scans im abgesichertem modus liefen bis jetzt auch ohne probleme.

undoreal · 12.02.2008, 23:46

Das sieht doch alles ganz prima aus.

Ich würde dir zum Abschluss empfeheln noch ein MWAV log und ein frisches HJT log zu posten...

12.02.2008, 15:54	#7
Windows_Fan Gesperrt	mljji.dll und tuvvvss.dll probleme Bitte lese unten System Schützen.

12.02.2008, 23:46	#10
undoreal /// AVZ-Toolkit Guru	mljji.dll und tuvvvss.dll probleme Das sieht doch alles ganz prima aus. Ich würde dir zum Abschluss empfeheln noch ein MWAV log und ein frisches HJT log zu posten... __________________ - Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben - Mit Sicherheit durch's Netz Trojaner Board Spenden Konto

mljji.dll und tuvvvss.dll probleme

Log-Analyse und Auswertung: mljji.dll und tuvvvss.dll probleme