RunDLL Fehler beim Laden

#1 hallöchen ich bekomme immer beim starten meines laptops diese meldung ....

RunDLL

Fehler beim Laden von
C:\Users\GUNSHI~1\AppData\Local\Temp\rqRJYqNe.dll

Das angegebene Modul wurde nicht gefunden .

ich hatte gelesen das andere auch dieses problem hatten bwz haben und ich hab mir auch schon das Trend Micro HijackThis v2.02 heruntergeladen ...

und das ist bei dem test herausgekommen . was muss ich jetzt machen ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:57, on 10.07.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\ASScrPro.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\rundll32.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Vodafone\VMCLite\VodafoneVMCLiteLauncher.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\vodafone\vmclite\PhoneConnectorVMC.exe
C:\Program Files\vodafone\vmclite\VMC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?hl=de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VodafoneVMCLiteLauncher] C:\Program Files\Vodafone\VMCLite\\VodafoneVMCLiteLauncher.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winnuj32.rom,slNRun
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GUNSHI~1\AppData\Local\Temp\rqRJYqNe.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-4179577837-4171987178-1579514377-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-4179577837-4171987178-1579514377-1000\..\Run: [MSSMSGS] rundll32.exe winnuj32.rom,slNRun (User '?')
O4 - HKUS\S-1-5-21-4179577837-4171987178-1579514377-1000\..\Run: [MSServer] rundll32.exe C:\Users\GUNSHI~1\AppData\Local\Temp\rqRJYqNe.dll,#1 (User '?')
O4 - Global Startup: NewShortcut1.lnk = C:\Program Files\Vodafone\VMCLite\VodafoneVMCLiteLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D02E598-D15F-48C3-9326-995A6EC3E73E}: NameServer = 139.7.30.125 139.7.30.126
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll

#2 Hallo gunship511

1.
wende cleaner an + lösche die temp-Dateien
http://www.ccleaner.de/?protecus.de

2.
mit dem HijackThis löschen ("fixen")
Klicke: "Do a system scan only"
Setze ein Häckchen in das Kästchen vor den genannten Eintrag
und wähle fix checked. + starte den Rechner neu.

Zitat

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GUNSHI~1\AppData\Local\Temp\rqRJYqNe.dll,#1

O4 - HKUS\S-1-5-21-4179577837-4171987178-1579514377-1000\..\Run: [MSSMSGS] rundll32.exe winnuj32.rom,slNRun (User '?')

O4 - HKUS\S-1-5-21-4179577837-4171987178-1579514377-1000\..\Run: [MSServer] rundll32.exe C:\Users\GUNSHI~1\AppData\Local\Temp\rqRJYqNe.dll,#1 (User '?')

nun wird die Fehlermeldung erst mal weg sein...denooch arbeite alles weitere ab :

3.
scannen mit Malwarebytes + poste den report
http://virus-protect.org/artikel/tools/malwarebytes.html

4.
wende combofix an , warnmeldung wegklicken + poste hier den report
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#3 danke erstmal für die antwort .
so habe den test durchlaufen lassen dwnl mir jetzt noch das andere programm und poste dann nochmal den 2. test ...

Malwarebytes' Anti-Malware 1.20
Datenbank Version: 938
Windows 6.0.6001 Service Pack 1

15:09:30 11.07.2008
mbam-log-7-11-2008 (15-09-30).txt

Scan Art: Komplett Scan (C:\|D:\|)
Objekte gescannt: 134386
Scan Dauer: 20 minute(s), 48 second(s)

Infizierte Speicher Prozesse: 0
Infizierte Speicher Module: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Datei Objekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicher Prozesse:
(Keine Malware Objekte gefunden)

Infizierte Speicher Module:
(Keine Malware Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine Malware Objekte gefunden)

Infizierte Registrierungswerte:
(Keine Malware Objekte gefunden)

Infizierte Datei Objekte der Registrierung:
(Keine Malware Objekte gefunden)

Infizierte Verzeichnisse:
(Keine Malware Objekte gefunden)

Infizierte Dateien:
(Keine Malware Objekte gefunden)

#4 ««
wende combofix an , warnmeldung wegklicken + poste hier den report
http://virus-protect.org/artikel/tools/combofix.html
__________
MfG Sabina

rund um die PC-Sicherheit

#5 ok hab ich jetzt auch ... was muss ich jetzt machen ?

PS: danke nochmal ...

ComboFix 08-07-10.1 - gunship511 2008-07-11 15:14:21.1 - NTFSx86

ausgeführt von:: C:\Users\gunship511\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\p4p
C:\Program Files\p4p\P4P.exe
C:\Program Files\p4p\RING.WAV

.
((((((((((((((((((((((( Dateien erstellt von 2008-06-11 bis 2008-07-11 ))))))))))))))))))))))))))))))
.

2008-07-11 14:46 . 2008-07-11 14:46 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\Malwarebytes
2008-07-11 14:46 . 2008-07-11 14:46 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-07-11 14:46 . 2008-07-11 14:46 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 14:46 . 2008-07-07 17:35 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-07-11 14:46 . 2008-07-07 17:35 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-10 21:01 . 2008-07-10 21:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-10 07:30 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-10 07:30 . 2008-04-26 10:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-10 07:30 . 2008-04-26 10:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-10 07:30 . 2008-04-12 05:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-10 07:30 . 2008-05-10 05:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-10 07:30 . 2008-04-05 03:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-10 07:30 . 2008-04-05 05:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-10 07:29 . 2008-05-08 23:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-10 07:29 . 2008-05-08 23:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-10 07:29 . 2008-05-08 23:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-10 07:29 . 2008-05-08 23:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-10 07:29 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-10 07:29 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-10 07:29 . 2008-05-08 23:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-07-08 09:09 . 2008-07-08 09:09 <DIR> dr-h----- C:\Users\gunship511\AppData\Roaming\SecuROM
2008-06-30 20:41 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll
2008-06-30 20:39 . 2008-06-30 20:39 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-30 20:38 . 2008-06-30 20:38 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-30 20:35 . 2008-06-30 20:35 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-30 20:32 . 2008-06-30 20:32 <DIR> dr-h----- C:\MSOCache
2008-06-30 14:00 . 2008-06-30 14:00 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-30 13:47 . 2008-06-30 13:47 <DIR> d-------- C:\PerfLogs
2008-06-30 13:37 . 2008-06-30 13:24 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-06-30 13:37 . 2008-06-30 13:24 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-06-30 13:26 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
2008-06-30 13:25 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-06-30 13:24 . 2008-06-30 13:38 196,608 --a------ C:\Windows\SPInstall.etl
2008-06-30 13:21 . 2008-06-30 13:21 400 --a------ C:\Windows\ODBC.INI
2008-06-28 13:46 . 2008-06-28 13:46 203,776 --a------ C:\Windows\System32\clrviddc.dll
2008-06-28 13:46 . 1999-09-10 13:06 45,056 --a------ C:\Windows\System32\wnaspi32.dll
2008-06-28 13:46 . 1999-09-10 13:06 25,244 --a------ C:\Windows\System32\drivers\aspi32.sys
2008-06-28 13:46 . 1999-09-10 13:06 5,600 --a------ C:\Windows\system\winaspi.dll
2008-06-28 13:46 . 1999-09-10 13:06 4,672 --a------ C:\Windows\system\wowpost.exe
2008-06-27 17:27 . 2008-06-27 17:27 301 --a------ C:\Windows\game.ini
2008-06-27 15:03 . 2008-06-27 15:03 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\Intel
2008-06-25 21:45 . 2008-06-25 21:45 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-06-25 18:51 . 2008-06-25 18:51 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\DivX
2008-06-25 18:50 . 2008-06-25 18:50 <DIR> d-------- C:\Program Files\DivX
2008-06-24 16:35 . 2008-06-24 16:35 <DIR> d-------- C:\Program Files\Xvid
2008-06-24 16:35 . 2007-06-28 18:52 765,952 --a------ C:\Windows\System32\xvidcore.dll
2008-06-24 16:35 . 2007-06-28 18:54 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-06-24 16:35 . 2007-06-28 18:55 77,824 --a------ C:\Windows\System32\xvid.ax
2008-06-23 22:39 . 2008-06-23 22:39 <DIR> d-------- C:\Program Files\GameSpy
2008-06-23 22:38 . 2008-06-23 22:38 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-06-23 22:38 . 2008-06-27 20:12 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-06-23 22:38 . 2008-06-27 17:28 22,328 --a------ C:\Users\gunship511\AppData\Roaming\PnkBstrK.sys
2008-06-23 22:37 . 2008-06-23 22:37 <DIR> d-------- C:\ProgramData\Media Center Programs
2008-06-23 22:37 . 2008-06-23 22:37 669,184 --a------ C:\Windows\System32\pbsvc.exe
2008-06-23 22:37 . 2008-06-27 20:12 103,736 --a------ C:\Windows\System32\PnkBstrB.exe
2008-06-23 22:37 . 2008-06-27 17:50 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-06-23 16:52 . 2008-06-23 16:52 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\Macrovision
2008-06-23 12:24 . 2008-06-23 12:24 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\Ubisoft
2008-06-23 12:03 . 2008-06-23 12:03 <DIR> d-------- C:\ProgramData\Ubisoft
2008-06-23 11:33 . 2008-06-23 11:33 <DIR> d-------- C:\ProgramData\Macrovision
2008-06-23 11:33 . 2008-06-23 11:33 <DIR> d-------- C:\Program Files\Vodafone
2008-06-23 11:33 . 2007-10-15 16:27 99,200 --a------ C:\Windows\System32\drivers\nwusbser.sys
2008-06-23 11:33 . 2007-10-15 16:27 99,200 --a------ C:\Windows\System32\drivers\nwusbmdm.sys
2008-06-22 18:18 . 2008-06-22 18:18 307,968 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-06-22 18:18 . 2008-02-27 13:15 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-06-22 18:18 . 2008-02-27 13:15 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-06-22 18:17 . 2008-06-22 18:17 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\TuneUp Software
2008-06-22 18:16 . 2008-06-22 18:16 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-06-22 18:16 . 2008-06-22 18:19 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-06-22 18:15 . 2008-06-22 18:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-22 12:14 . 2008-06-22 12:14 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-22 12:09 . 2008-06-22 12:09 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\DAEMON Tools
2008-06-22 12:09 . 2008-06-22 12:09 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-06-21 17:44 . 2008-07-11 10:49 28,314 --a------ C:\Users\gunship511\AppData\Roaming\nvModes.dat
2008-06-21 13:45 . 2008-06-21 14:10 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-21 13:09 . 2008-06-21 13:09 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-06-21 13:08 . 2008-06-21 13:08 <DIR> d-------- C:\Program Files\Real
2008-06-21 13:08 . 2008-06-21 13:09 <DIR> d-------- C:\Program Files\Common Files\Real
2008-06-21 12:59 . 2008-06-21 12:59 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\ICQ Toolbar
2008-06-21 12:30 . 2008-06-23 22:57 <DIR> d-------- C:\Program Files\ICQToolbar
2008-06-21 12:29 . 2008-06-21 12:32 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\ICQ
2008-06-21 12:29 . 2008-06-21 18:19 <DIR> d-------- C:\Program Files\ICQ6
2008-06-21 12:28 . 2008-06-21 12:28 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\InstallShield
2008-06-21 11:53 . 2008-06-21 12:21 <DIR> d-------- C:\ProgramData\WLInstaller
2008-06-21 11:53 . 2008-06-21 12:53 <DIR> d-------- C:\Program Files\Windows Live
2008-06-21 11:53 . 2008-06-21 11:53 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-21 11:52 . 2008-06-21 11:52 <DIR> d-------- C:\Program Files\Alwil Software
2008-06-21 11:07 . 2008-06-21 11:07 220,160 --a------ C:\Windows\System32\drivers\bthport.sys
2008-06-21 11:07 . 2008-06-21 11:07 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-06-21 11:07 . 2008-06-21 11:07 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS
2008-06-21 11:07 . 2008-06-21 11:07 19,456 --a------ C:\Windows\System32\drivers\bthenum.sys
2008-06-21 11:05 . 2008-06-21 11:05 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-21 11:05 . 2008-06-21 11:05 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-06-21 11:05 . 2008-06-21 11:05 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-21 11:05 . 2008-06-21 11:05 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-21 11:05 . 2008-06-21 11:05 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-06-21 11:04 . 2008-06-21 11:04 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-21 11:04 . 2008-06-21 11:04 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-21 11:04 . 2008-06-21 11:04 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-21 11:04 . 2008-06-21 11:04 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-21 11:04 . 2008-06-21 11:04 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-21 11:04 . 2008-06-21 11:04 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-21 11:03 . 2008-06-21 11:03 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-21 11:03 . 2008-06-21 11:03 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-21 11:02 . 2008-06-21 12:41 24 --a------ C:\Windows\ATKPF.ini
2008-06-21 10:38 . 2008-06-21 10:38 <DIR> dr------- C:\Users\gunship511\Searches
2008-06-21 10:38 . 2008-06-21 10:38 <DIR> d-------- C:\Users\gunship511\P4P
2008-06-21 10:38 . 2008-06-21 12:57 <DIR> dr------- C:\Users\gunship511\Contacts
2008-06-21 10:38 . 2008-06-21 10:38 <DIR> d--hs---- C:\$RECYCLE.BIN
2008-06-21 10:36 . 2008-06-21 10:36 <DIR> d-------- C:\Program Files\ASUS Security Center
2008-06-21 10:35 . 2008-06-21 10:35 <DIR> d-------- C:\Program Files\Fingerprint Sensor
2008-06-21 10:33 . 2008-06-22 12:32 <DIR> dr------- C:\Users\gunship511\Videos
2008-06-21 10:33 . 2008-07-02 11:28 <DIR> dr------- C:\Users\gunship511\Saved Games
2008-06-21 10:33 . 2008-05-21 17:58 <DIR> d-------- C:\Users\gunship511\Roaming
2008-06-21 10:33 . 2008-06-21 11:04 <DIR> dr------- C:\Users\gunship511\Pictures
2008-06-21 10:33 . 2008-06-21 10:38 <DIR> dr------- C:\Users\gunship511\Music
2008-06-21 10:33 . 2008-06-21 10:38 <DIR> dr------- C:\Users\gunship511\Links
2008-06-21 10:33 . 2008-07-11 15:12 <DIR> dr------- C:\Users\gunship511\Downloads
2008-06-21 10:33 . 2008-07-08 09:10 <DIR> dr------- C:\Users\gunship511\Documents
2008-06-21 10:33 . 2006-11-02 14:37 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\Media Center Programs
2008-06-21 10:33 . 2008-06-21 10:34 <DIR> d--h----- C:\Users\gunship511\AppData
2008-06-21 10:33 . 2008-07-07 20:28 <DIR> d-------- C:\Users\gunship511
2008-06-21 10:27 . 2008-06-21 10:27 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 05:46 --------- d-----w C:\Program Files\ASUS
2008-07-10 09:29 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-10 09:29 --------- d-----w C:\Program Files\Windows Mail
2008-06-30 18:39 --------- d-----w C:\Program Files\MSBuild
2008-06-30 11:53 174 --sha-w C:\Program Files\desktop.ini
2008-06-30 11:48 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-30 11:48 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-30 11:48 --------- d-----w C:\Program Files\Windows Journal
2008-06-30 11:48 --------- d-----w C:\Program Files\Windows Defender
2008-06-30 11:48 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-30 11:48 --------- d-----w C:\Program Files\Windows Calendar
2008-06-30 11:46 --------- d-----w C:\ProgramData\NVIDIA
2008-06-27 16:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-21 09:05 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-21 09:05 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-21 09:05 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-21 09:05 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-21 09:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-21 09:04 --------- d-----w C:\ProgramData\ASUS
2008-05-21 16:12 606,848 ----a-w C:\Windows\flashax.exe
2008-05-21 16:12 503,808 ----a-w C:\Windows\Asus_Camera_ScreenSaver.scr
2008-05-21 16:12 4,814,371 ----a-w C:\Windows\ASUS Camera ScreenSaver.exe
2008-05-21 16:12 37,232 ----a-w C:\Windows\ASScrProlog.exe
2008-05-21 16:12 33,136 ----a-w C:\Windows\ASScrPro.exe
2008-05-21 16:12 274,800 ----a-w C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe
2008-05-21 16:12 12,288 ----a-w C:\Windows\impborl.dll
2008-05-21 16:10 --------- d-----w C:\ProgramData\P4G
2008-05-21 16:10 --------- d-----w C:\Program Files\Power4Gear eXtreme
2008-05-21 16:10 --------- d-----w C:\Program Files\P4G
2008-05-21 16:06 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-21 16:06 --------- d-----w C:\Program Files\ATKGFNEX
2008-05-21 16:05 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2008-05-21 16:05 --------- d-----w C:\Program Files\Synaptics
2008-05-21 15:57 --------- d-----w C:\ProgramData\Intel
2008-05-21 15:56 --------- d-----w C:\Program Files\Intel
2008-05-21 15:55 --------- d-----w C:\Program Files\Motorola
2008-05-21 15:50 --------- d-----w C:\Program Files\CSR
2008-05-21 15:48 --------- d-----w C:\Program Files\Wireless Console 2
2008-05-21 15:44 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-05-21 15:44 315,392 ----a-w C:\Windows\HideWin.exe
2008-05-21 15:44 --------- d-----w C:\Program Files\Realtek
2008-05-21 15:38 --------- d-----w C:\Program Files\ATKOSD2
2008-05-21 15:38 --------- d-----w C:\Program Files\ATK Hotkey
2008-05-21 15:13 529,464 ----a-w C:\Windows\system32\drivers\ndis.sys
2008-05-21 01:26 0 ----a-w C:\Windows\system32\drivers\1043_ASUSTeK_M51Sn.alu
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 15:41 222128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 04:02 178712]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-24 19:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 12:12 1029416]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2008-05-21 18:12 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2008-05-21 18:12 33136]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 23:11 17920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-21 13:08 185896]
"VodafoneVMCLiteLauncher"="C:\Program Files\Vodafone\VMCLite\\VodafoneVMCLiteLauncher.exe" [2007-10-17 13:07 102400]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-05 12:17 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-05 12:17 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-05 12:17 81920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-27 07:10 4702208 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-08-03 07:22 1826816 C:\Windows\SkyTel.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
NewShortcut1.lnk - C:\Program Files\Vodafone\VMCLite\VodafoneVMCLiteLauncher.exe [2007-10-17 13:07:22 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{6843DBDD-1E5D-464F-9E1F-251E07691C62}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{95BF9276-00A3-42CA-A200-CAF93D8C24DC}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"{3909E0A0-D442-4F9C-B145-43677EC6D630}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{55804747-9B22-4CBF-A716-4BDC7E866A98}"= UDP:\spiele\assasine-creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{0533F436-FFEE-402A-9321-D3D9F228D10C}"= TCP:\spiele\assasine-creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{A181D757-17E7-422A-9145-8B1D0D866368}"= UDP:\spiele\assasine-creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{9CA29DC1-7292-4465-9187-DD2FE5C9360B}"= TCP:\spiele\assasine-creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{A9806147-D239-4397-BF6A-BF981B1277B8}"= UDP:\spiele\assasine-creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{6FA4EE2A-5B21-43B8-87D4-76D23E19B95D}"= TCP:\spiele\assasine-creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{9F463637-3842-45D1-B7F4-B738941DFEAD}"= UDP:\spiele\Crysis1\Bin32\Crysis.exe:Crysis_32
"{0AE81DEF-F121-4696-934A-9D9B8416BB25}"= TCP:\spiele\Crysis1\Bin32\Crysis.exe:Crysis_32
"{BD26E01D-8111-45BD-B329-61138E2876C9}"= UDP:\spiele\Crysis1\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{57CA8045-7BE6-442F-9443-328B29473968}"= TCP:\spiele\Crysis1\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{E73B08CE-0A7E-4C09-B002-81D59F282F6C}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{E8C9A378-7333-49D4-98A1-380FFF2722E5}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{F429795A-4F81-4D22-8BCA-627C8A5B1746}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{87E8DB48-9DE6-4912-8C09-8782DC09949D}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{827D5543-857B-4217-B63B-4CAB1B041803}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{01BF3C7F-9845-4BDB-A1DA-2E805340DE1D}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{B54CD46F-ADA3-4240-9835-7FB273184252}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{1B72B094-1FED-45C2-8CE1-EBA0A8A472A7}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{C3F99414-C05B-4B87-9FF3-91FE9F1D52E7}"= UDP:\spiele\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{62A43494-8165-4EF7-81CF-21738E4E59EF}"= TCP:\spiele\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{4ADFCEEB-E728-4CCC-B8E9-0FC65C6F7B04}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{3808BDC6-B484-45DF-AB46-7B0D32C8A1D7}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0018C8B1-FE3A-4FAB-8421-229CC56B2ADD}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{26D81821-EE4C-4FE7-A978-9B50BC706035}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CD996459-4E98-4A32-A9D8-531EB18F5B67}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
GPSvcGroup REG_MULTI_SZ GPSvc
Cognizance REG_MULTI_SZ ASBroker ASChannel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a1ce933-4341-11dd-9b90-001f3b5996db}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe DE_HENNE.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7170a99c-4043-11dd-96a9-001fc654f083}]
\shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
\shell\dinstall\command - F:\Directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de00a6b3-4106-11dd-be9f-001f3b5996db}]
\shell\AutoRun\command - H:\starter.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0f185a8-2736-11dd-83c0-806e6f6e6963}]
\shell\AutoRun\command - E:\NokiaInstaller.exe

.
Inhalt des "geplante Tasks" Ordners
"2008-07-11 13:40:34 C:\Windows\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PowerForPhone - C:\Program Files\P4P\P4P.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 15:41:26
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\wlanext.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ATK Hotkey\HControl.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-07-11 15:44:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-11 13:44:11

10 Verzeichnis(se), 117,171,412,992 Bytes frei
16 Verzeichnis(se), 116,922,331,136 Bytes frei

318 --- E O F --- 2008-07-10 09:30:23

#6 was ist das für ein Programm ??

C:\Users\gunship511\P4P
C:\ProgramData\P4G
C:\Program Files\Power4Gear eXtreme
C:\Program Files\P4G

Combofix mag es garnicht, hat aber nicht alles rausgelöscht bekommen...
__________
MfG Sabina

rund um die PC-Sicherheit

#7 das ist ein programm meines asus rechners für energie steuerung des laptop´s war schon von asus vorinstalliert ...

ist denn mein rechner jetzt wieder ok ?

mfg gunni

#8 ja, alles o.k.

ComboFix entfernen
Start - Ausführen - Kopiere rein: Combofix /U
- klicke "OK"
__________
MfG Sabina

rund um die PC-Sicherheit

#9 was ist mit den anderen 2 programmen ?

HijackThis und Malewarebyte anti maleware ?

#10 Hallo

Malwarebytes kannst du auf dem Rechner lassen wenn du willst, es ist ein gutes AntiMaleware - Programm und updated sich immer.

HJT kannst du normal löschen.

Gruss Swiss