RunDLL Fehler beim Laden |
||
---|---|---|
#0
| ||
10.07.2008, 21:15
...neu hier
Beiträge: 5 |
||
|
||
11.07.2008, 08:51
Ehrenmitglied
Beiträge: 29434 |
#2
Hallo gunship511
1. wende cleaner an + lösche die temp-Dateien http://www.ccleaner.de/?protecus.de 2. mit dem HijackThis löschen ("fixen") Klicke: "Do a system scan only" Setze ein Häckchen in das Kästchen vor den genannten Eintrag und wähle fix checked. + starte den Rechner neu. Zitat O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GUNSHI~1\AppData\Local\Temp\rqRJYqNe.dll,#1nun wird die Fehlermeldung erst mal weg sein...denooch arbeite alles weitere ab : 3. scannen mit Malwarebytes + poste den report http://virus-protect.org/artikel/tools/malwarebytes.html 4. wende combofix an , warnmeldung wegklicken + poste hier den report http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.07.2008, 15:12
...neu hier
Themenstarter Beiträge: 5 |
#3
danke erstmal für die antwort .
so habe den test durchlaufen lassen dwnl mir jetzt noch das andere programm und poste dann nochmal den 2. test ... Malwarebytes' Anti-Malware 1.20 Datenbank Version: 938 Windows 6.0.6001 Service Pack 1 15:09:30 11.07.2008 mbam-log-7-11-2008 (15-09-30).txt Scan Art: Komplett Scan (C:\|D:\|) Objekte gescannt: 134386 Scan Dauer: 20 minute(s), 48 second(s) Infizierte Speicher Prozesse: 0 Infizierte Speicher Module: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Datei Objekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicher Prozesse: (Keine Malware Objekte gefunden) Infizierte Speicher Module: (Keine Malware Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine Malware Objekte gefunden) Infizierte Registrierungswerte: (Keine Malware Objekte gefunden) Infizierte Datei Objekte der Registrierung: (Keine Malware Objekte gefunden) Infizierte Verzeichnisse: (Keine Malware Objekte gefunden) Infizierte Dateien: (Keine Malware Objekte gefunden) |
|
|
||
11.07.2008, 15:26
Ehrenmitglied
Beiträge: 29434 |
#4
««
wende combofix an , warnmeldung wegklicken + poste hier den report http://virus-protect.org/artikel/tools/combofix.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.07.2008, 15:47
...neu hier
Themenstarter Beiträge: 5 |
#5
ok hab ich jetzt auch ... was muss ich jetzt machen ?
PS: danke nochmal ... ComboFix 08-07-10.1 - gunship511 2008-07-11 15:14:21.1 - NTFSx86 ausgeführt von:: C:\Users\gunship511\Downloads\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\p4p C:\Program Files\p4p\P4P.exe C:\Program Files\p4p\RING.WAV . ((((((((((((((((((((((( Dateien erstellt von 2008-06-11 bis 2008-07-11 )))))))))))))))))))))))))))))) . 2008-07-11 14:46 . 2008-07-11 14:46 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\Malwarebytes 2008-07-11 14:46 . 2008-07-11 14:46 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-07-11 14:46 . 2008-07-11 14:46 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-11 14:46 . 2008-07-07 17:35 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys 2008-07-11 14:46 . 2008-07-07 17:35 17,144 --a------ C:\Windows\System32\drivers\mbam.sys 2008-07-10 21:01 . 2008-07-10 21:01 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-10 07:30 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe 2008-07-10 07:30 . 2008-04-26 10:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe 2008-07-10 07:30 . 2008-04-26 10:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-07-10 07:30 . 2008-04-12 05:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll 2008-07-10 07:30 . 2008-05-10 05:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll 2008-07-10 07:30 . 2008-04-05 03:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys 2008-07-10 07:30 . 2008-04-05 05:34 15,360 --a------ C:\Windows\System32\pacerprf.dll 2008-07-10 07:29 . 2008-05-08 23:59 430,080 --a------ C:\Windows\System32\vbscript.dll 2008-07-10 07:29 . 2008-05-08 23:59 180,224 --a------ C:\Windows\System32\scrobj.dll 2008-07-10 07:29 . 2008-05-08 23:59 172,032 --a------ C:\Windows\System32\scrrun.dll 2008-07-10 07:29 . 2008-05-08 23:59 155,648 --a------ C:\Windows\System32\wscript.exe 2008-07-10 07:29 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\wshom.ocx 2008-07-10 07:29 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\cscript.exe 2008-07-10 07:29 . 2008-05-08 23:59 90,112 --a------ C:\Windows\System32\wshext.dll 2008-07-08 09:09 . 2008-07-08 09:09 <DIR> dr-h----- C:\Users\gunship511\AppData\Roaming\SecuROM 2008-06-30 20:41 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll 2008-06-30 20:39 . 2008-06-30 20:39 <DIR> d-------- C:\Program Files\Microsoft Works 2008-06-30 20:38 . 2008-06-30 20:38 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-06-30 20:35 . 2008-06-30 20:35 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2008-06-30 20:32 . 2008-06-30 20:32 <DIR> dr-h----- C:\MSOCache 2008-06-30 14:00 . 2008-06-30 14:00 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-06-30 13:47 . 2008-06-30 13:47 <DIR> d-------- C:\PerfLogs 2008-06-30 13:37 . 2008-06-30 13:24 152,576 --a------ C:\Windows\System32\SPWizUI.dll 2008-06-30 13:37 . 2008-06-30 13:24 47,560 --a------ C:\Windows\System32\SPReview.exe 2008-06-30 13:26 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll 2008-06-30 13:25 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe 2008-06-30 13:24 . 2008-06-30 13:38 196,608 --a------ C:\Windows\SPInstall.etl 2008-06-30 13:21 . 2008-06-30 13:21 400 --a------ C:\Windows\ODBC.INI 2008-06-28 13:46 . 2008-06-28 13:46 203,776 --a------ C:\Windows\System32\clrviddc.dll 2008-06-28 13:46 . 1999-09-10 13:06 45,056 --a------ C:\Windows\System32\wnaspi32.dll 2008-06-28 13:46 . 1999-09-10 13:06 25,244 --a------ C:\Windows\System32\drivers\aspi32.sys 2008-06-28 13:46 . 1999-09-10 13:06 5,600 --a------ C:\Windows\system\winaspi.dll 2008-06-28 13:46 . 1999-09-10 13:06 4,672 --a------ C:\Windows\system\wowpost.exe 2008-06-27 17:27 . 2008-06-27 17:27 301 --a------ C:\Windows\game.ini 2008-06-27 15:03 . 2008-06-27 15:03 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\Intel 2008-06-25 21:45 . 2008-06-25 21:45 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-06-25 18:51 . 2008-06-25 18:51 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\DivX 2008-06-25 18:50 . 2008-06-25 18:50 <DIR> d-------- C:\Program Files\DivX 2008-06-24 16:35 . 2008-06-24 16:35 <DIR> d-------- C:\Program Files\Xvid 2008-06-24 16:35 . 2007-06-28 18:52 765,952 --a------ C:\Windows\System32\xvidcore.dll 2008-06-24 16:35 . 2007-06-28 18:54 180,224 --a------ C:\Windows\System32\xvidvfw.dll 2008-06-24 16:35 . 2007-06-28 18:55 77,824 --a------ C:\Windows\System32\xvid.ax 2008-06-23 22:39 . 2008-06-23 22:39 <DIR> d-------- C:\Program Files\GameSpy 2008-06-23 22:38 . 2008-06-23 22:38 <DIR> d-------- C:\Windows\System32\URTTEMP 2008-06-23 22:38 . 2008-06-27 20:12 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys 2008-06-23 22:38 . 2008-06-27 17:28 22,328 --a------ C:\Users\gunship511\AppData\Roaming\PnkBstrK.sys 2008-06-23 22:37 . 2008-06-23 22:37 <DIR> d-------- C:\ProgramData\Media Center Programs 2008-06-23 22:37 . 2008-06-23 22:37 669,184 --a------ C:\Windows\System32\pbsvc.exe 2008-06-23 22:37 . 2008-06-27 20:12 103,736 --a------ C:\Windows\System32\PnkBstrB.exe 2008-06-23 22:37 . 2008-06-27 17:50 66,872 --a------ C:\Windows\System32\PnkBstrA.exe 2008-06-23 16:52 . 2008-06-23 16:52 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\Macrovision 2008-06-23 12:24 . 2008-06-23 12:24 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\Ubisoft 2008-06-23 12:03 . 2008-06-23 12:03 <DIR> d-------- C:\ProgramData\Ubisoft 2008-06-23 11:33 . 2008-06-23 11:33 <DIR> d-------- C:\ProgramData\Macrovision 2008-06-23 11:33 . 2008-06-23 11:33 <DIR> d-------- C:\Program Files\Vodafone 2008-06-23 11:33 . 2007-10-15 16:27 99,200 --a------ C:\Windows\System32\drivers\nwusbser.sys 2008-06-23 11:33 . 2007-10-15 16:27 99,200 --a------ C:\Windows\System32\drivers\nwusbmdm.sys 2008-06-22 18:18 . 2008-06-22 18:18 307,968 --a------ C:\Windows\System32\TuneUpDefragService.exe 2008-06-22 18:18 . 2008-02-27 13:15 28,416 --a------ C:\Windows\System32\uxtuneup.dll 2008-06-22 18:18 . 2008-02-27 13:15 16,640 --a------ C:\Windows\System32\authuitu.dll 2008-06-22 18:17 . 2008-06-22 18:17 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\TuneUp Software 2008-06-22 18:16 . 2008-06-22 18:16 <DIR> d-------- C:\ProgramData\TuneUp Software 2008-06-22 18:16 . 2008-06-22 18:19 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008 2008-06-22 18:15 . 2008-06-22 18:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-22 12:14 . 2008-06-22 12:14 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-06-22 12:09 . 2008-06-22 12:09 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\DAEMON Tools 2008-06-22 12:09 . 2008-06-22 12:09 717,296 --a------ C:\Windows\System32\drivers\sptd.sys 2008-06-21 17:44 . 2008-07-11 10:49 28,314 --a------ C:\Users\gunship511\AppData\Roaming\nvModes.dat 2008-06-21 13:45 . 2008-06-21 14:10 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment 2008-06-21 13:09 . 2008-06-21 13:09 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-06-21 13:08 . 2008-06-21 13:08 <DIR> d-------- C:\Program Files\Real 2008-06-21 13:08 . 2008-06-21 13:09 <DIR> d-------- C:\Program Files\Common Files\Real 2008-06-21 12:59 . 2008-06-21 12:59 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\ICQ Toolbar 2008-06-21 12:30 . 2008-06-23 22:57 <DIR> d-------- C:\Program Files\ICQToolbar 2008-06-21 12:29 . 2008-06-21 12:32 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\ICQ 2008-06-21 12:29 . 2008-06-21 18:19 <DIR> d-------- C:\Program Files\ICQ6 2008-06-21 12:28 . 2008-06-21 12:28 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\InstallShield 2008-06-21 11:53 . 2008-06-21 12:21 <DIR> d-------- C:\ProgramData\WLInstaller 2008-06-21 11:53 . 2008-06-21 12:53 <DIR> d-------- C:\Program Files\Windows Live 2008-06-21 11:53 . 2008-06-21 11:53 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-06-21 11:52 . 2008-06-21 11:52 <DIR> d-------- C:\Program Files\Alwil Software 2008-06-21 11:07 . 2008-06-21 11:07 220,160 --a------ C:\Windows\System32\drivers\bthport.sys 2008-06-21 11:07 . 2008-06-21 11:07 181,760 --a------ C:\Windows\System32\fsquirt.exe 2008-06-21 11:07 . 2008-06-21 11:07 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS 2008-06-21 11:07 . 2008-06-21 11:07 19,456 --a------ C:\Windows\System32\drivers\bthenum.sys 2008-06-21 11:05 . 2008-06-21 11:05 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-06-21 11:05 . 2008-06-21 11:05 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-06-21 11:05 . 2008-06-21 11:05 1,314,816 --a------ C:\Windows\System32\quartz.dll 2008-06-21 11:05 . 2008-06-21 11:05 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys 2008-06-21 11:05 . 2008-06-21 11:05 14,848 --a------ C:\Windows\System32\wshrm.dll 2008-06-21 11:04 . 2008-06-21 11:04 428,544 --a------ C:\Windows\System32\EncDec.dll 2008-06-21 11:04 . 2008-06-21 11:04 293,376 --a------ C:\Windows\System32\psisdecd.dll 2008-06-21 11:04 . 2008-06-21 11:04 218,624 --a------ C:\Windows\System32\psisrndr.ax 2008-06-21 11:04 . 2008-06-21 11:04 80,896 --a------ C:\Windows\System32\MSNP.ax 2008-06-21 11:04 . 2008-06-21 11:04 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax 2008-06-21 11:04 . 2008-06-21 11:04 57,856 --a------ C:\Windows\System32\MSDvbNP.ax 2008-06-21 11:03 . 2008-06-21 11:03 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-06-21 11:03 . 2008-06-21 11:03 826,880 --a------ C:\Windows\System32\wininet.dll 2008-06-21 11:02 . 2008-06-21 12:41 24 --a------ C:\Windows\ATKPF.ini 2008-06-21 10:38 . 2008-06-21 10:38 <DIR> dr------- C:\Users\gunship511\Searches 2008-06-21 10:38 . 2008-06-21 10:38 <DIR> d-------- C:\Users\gunship511\P4P 2008-06-21 10:38 . 2008-06-21 12:57 <DIR> dr------- C:\Users\gunship511\Contacts 2008-06-21 10:38 . 2008-06-21 10:38 <DIR> d--hs---- C:\$RECYCLE.BIN 2008-06-21 10:36 . 2008-06-21 10:36 <DIR> d-------- C:\Program Files\ASUS Security Center 2008-06-21 10:35 . 2008-06-21 10:35 <DIR> d-------- C:\Program Files\Fingerprint Sensor 2008-06-21 10:33 . 2008-06-22 12:32 <DIR> dr------- C:\Users\gunship511\Videos 2008-06-21 10:33 . 2008-07-02 11:28 <DIR> dr------- C:\Users\gunship511\Saved Games 2008-06-21 10:33 . 2008-05-21 17:58 <DIR> d-------- C:\Users\gunship511\Roaming 2008-06-21 10:33 . 2008-06-21 11:04 <DIR> dr------- C:\Users\gunship511\Pictures 2008-06-21 10:33 . 2008-06-21 10:38 <DIR> dr------- C:\Users\gunship511\Music 2008-06-21 10:33 . 2008-06-21 10:38 <DIR> dr------- C:\Users\gunship511\Links 2008-06-21 10:33 . 2008-07-11 15:12 <DIR> dr------- C:\Users\gunship511\Downloads 2008-06-21 10:33 . 2008-07-08 09:10 <DIR> dr------- C:\Users\gunship511\Documents 2008-06-21 10:33 . 2006-11-02 14:37 <DIR> d-------- C:\Users\gunship511\AppData\Roaming\Media Center Programs 2008-06-21 10:33 . 2008-06-21 10:34 <DIR> d--h----- C:\Users\gunship511\AppData 2008-06-21 10:33 . 2008-07-07 20:28 <DIR> d-------- C:\Users\gunship511 2008-06-21 10:27 . 2008-06-21 10:27 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-11 05:46 --------- d-----w C:\Program Files\ASUS 2008-07-10 09:29 --------- d-----w C:\ProgramData\Microsoft Help 2008-07-10 09:29 --------- d-----w C:\Program Files\Windows Mail 2008-06-30 18:39 --------- d-----w C:\Program Files\MSBuild 2008-06-30 11:53 174 --sha-w C:\Program Files\desktop.ini 2008-06-30 11:48 --------- d-----w C:\Program Files\Windows Sidebar 2008-06-30 11:48 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-06-30 11:48 --------- d-----w C:\Program Files\Windows Journal 2008-06-30 11:48 --------- d-----w C:\Program Files\Windows Defender 2008-06-30 11:48 --------- d-----w C:\Program Files\Windows Collaboration 2008-06-30 11:48 --------- d-----w C:\Program Files\Windows Calendar 2008-06-30 11:46 --------- d-----w C:\ProgramData\NVIDIA 2008-06-27 16:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-21 09:05 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-06-21 09:05 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-06-21 09:05 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-06-21 09:05 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-06-21 09:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-06-21 09:04 --------- d-----w C:\ProgramData\ASUS 2008-05-21 16:12 606,848 ----a-w C:\Windows\flashax.exe 2008-05-21 16:12 503,808 ----a-w C:\Windows\Asus_Camera_ScreenSaver.scr 2008-05-21 16:12 4,814,371 ----a-w C:\Windows\ASUS Camera ScreenSaver.exe 2008-05-21 16:12 37,232 ----a-w C:\Windows\ASScrProlog.exe 2008-05-21 16:12 33,136 ----a-w C:\Windows\ASScrPro.exe 2008-05-21 16:12 274,800 ----a-w C:\Windows\ASUS Camera ScreenSaver Uninstaller.exe 2008-05-21 16:12 12,288 ----a-w C:\Windows\impborl.dll 2008-05-21 16:10 --------- d-----w C:\ProgramData\P4G 2008-05-21 16:10 --------- d-----w C:\Program Files\Power4Gear eXtreme 2008-05-21 16:10 --------- d-----w C:\Program Files\P4G 2008-05-21 16:06 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-21 16:06 --------- d-----w C:\Program Files\ATKGFNEX 2008-05-21 16:05 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf 2008-05-21 16:05 --------- d-----w C:\Program Files\Synaptics 2008-05-21 15:57 --------- d-----w C:\ProgramData\Intel 2008-05-21 15:56 --------- d-----w C:\Program Files\Intel 2008-05-21 15:55 --------- d-----w C:\Program Files\Motorola 2008-05-21 15:50 --------- d-----w C:\Program Files\CSR 2008-05-21 15:48 --------- d-----w C:\Program Files\Wireless Console 2 2008-05-21 15:44 319,456 ----a-w C:\Windows\DIFxAPI.dll 2008-05-21 15:44 315,392 ----a-w C:\Windows\HideWin.exe 2008-05-21 15:44 --------- d-----w C:\Program Files\Realtek 2008-05-21 15:38 --------- d-----w C:\Program Files\ATKOSD2 2008-05-21 15:38 --------- d-----w C:\Program Files\ATK Hotkey 2008-05-21 15:13 529,464 ----a-w C:\Windows\system32\drivers\ndis.sys 2008-05-21 01:26 0 ----a-w C:\Windows\system32\drivers\1043_ASUSTeK_M51Sn.alu 2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952] "ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 15:41 222128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 04:02 178712] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-24 19:31 630784] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 12:12 1029416] "ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440] "ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2008-05-21 18:12 37232] "ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2008-05-21 18:12 33136] "CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 23:11 17920] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-21 13:08 185896] "VodafoneVMCLiteLauncher"="C:\Program Files\Vodafone\VMCLite\\VodafoneVMCLiteLauncher.exe" [2007-10-17 13:07 102400] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-05 12:17 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-05 12:17 8534560] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-05 12:17 81920] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-27 07:10 4702208 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-08-03 07:22 1826816 C:\Windows\SkyTel.exe] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ NewShortcut1.lnk - C:\Program Files\Vodafone\VMCLite\VodafoneVMCLiteLauncher.exe [2007-10-17 13:07:22 102400] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{6843DBDD-1E5D-464F-9E1F-251E07691C62}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library "UDP Query User{95BF9276-00A3-42CA-A200-CAF93D8C24DC}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library "{3909E0A0-D442-4F9C-B145-43677EC6D630}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{55804747-9B22-4CBF-A716-4BDC7E866A98}"= UDP:\spiele\assasine-creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{0533F436-FFEE-402A-9321-D3D9F228D10C}"= TCP:\spiele\assasine-creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{A181D757-17E7-422A-9145-8B1D0D866368}"= UDP:\spiele\assasine-creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{9CA29DC1-7292-4465-9187-DD2FE5C9360B}"= TCP:\spiele\assasine-creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{A9806147-D239-4397-BF6A-BF981B1277B8}"= UDP:\spiele\assasine-creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{6FA4EE2A-5B21-43B8-87D4-76D23E19B95D}"= TCP:\spiele\assasine-creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{9F463637-3842-45D1-B7F4-B738941DFEAD}"= UDP:\spiele\Crysis1\Bin32\Crysis.exe:Crysis_32 "{0AE81DEF-F121-4696-934A-9D9B8416BB25}"= TCP:\spiele\Crysis1\Bin32\Crysis.exe:Crysis_32 "{BD26E01D-8111-45BD-B329-61138E2876C9}"= UDP:\spiele\Crysis1\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{57CA8045-7BE6-442F-9443-328B29473968}"= TCP:\spiele\Crysis1\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{E73B08CE-0A7E-4C09-B002-81D59F282F6C}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA "{E8C9A378-7333-49D4-98A1-380FFF2722E5}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA "{F429795A-4F81-4D22-8BCA-627C8A5B1746}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB "{87E8DB48-9DE6-4912-8C09-8782DC09949D}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB "{827D5543-857B-4217-B63B-4CAB1B041803}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA "{01BF3C7F-9845-4BDB-A1DA-2E805340DE1D}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA "{B54CD46F-ADA3-4240-9835-7FB273184252}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB "{1B72B094-1FED-45C2-8CE1-EBA0A8A472A7}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB "{C3F99414-C05B-4B87-9FF3-91FE9F1D52E7}"= UDP:\spiele\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{62A43494-8165-4EF7-81CF-21738E4E59EF}"= TCP:\spiele\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{4ADFCEEB-E728-4CCC-B8E9-0FC65C6F7B04}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{3808BDC6-B484-45DF-AB46-7B0D32C8A1D7}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{0018C8B1-FE3A-4FAB-8421-229CC56B2ADD}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{26D81821-EE4C-4FE7-A978-9B50BC706035}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{CD996459-4E98-4A32-A9D8-531EB18F5B67}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ GPSvcGroup REG_MULTI_SZ GPSvc Cognizance REG_MULTI_SZ ASBroker ASChannel HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a1ce933-4341-11dd-9b90-001f3b5996db}] \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe DE_HENNE.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7170a99c-4043-11dd-96a9-001fc654f083}] \shell\AutoRun\command - F:\setup\rsrc\Autorun.exe \shell\dinstall\command - F:\Directx\dxsetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de00a6b3-4106-11dd-be9f-001f3b5996db}] \shell\AutoRun\command - H:\starter.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0f185a8-2736-11dd-83c0-806e6f6e6963}] \shell\AutoRun\command - E:\NokiaInstaller.exe . Inhalt des "geplante Tasks" Ordners "2008-07-11 13:40:34 C:\Windows\Tasks\1-Klick-Wartung.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe . - - - - ORPHANS REMOVED - - - - HKLM-Run-PowerForPhone - C:\Program Files\P4P\P4P.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-11 15:41:26 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\ATK Hotkey\ASLDRSrv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Windows\System32\wlanext.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ATK Hotkey\HControl.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Windows\System32\ACEngSvr.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe C:\Program Files\ATK Hotkey\KBFiltr.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE C:\Windows\System32\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Windows\System32\conime.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-07-11 15:44:16 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-11 13:44:11 10 Verzeichnis(se), 117,171,412,992 Bytes frei 16 Verzeichnis(se), 116,922,331,136 Bytes frei 318 --- E O F --- 2008-07-10 09:30:23 |
|
|
||
11.07.2008, 17:09
Ehrenmitglied
Beiträge: 29434 |
#6
was ist das für ein Programm ??
C:\Users\gunship511\P4P C:\ProgramData\P4G C:\Program Files\Power4Gear eXtreme C:\Program Files\P4G Combofix mag es garnicht, hat aber nicht alles rausgelöscht bekommen... __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
11.07.2008, 23:47
...neu hier
Themenstarter Beiträge: 5 |
#7
das ist ein programm meines asus rechners für energie steuerung des laptop´s war schon von asus vorinstalliert ...
ist denn mein rechner jetzt wieder ok ? mfg gunni |
|
|
||
12.07.2008, 00:06
Ehrenmitglied
Beiträge: 29434 |
#8
ja, alles o.k.
ComboFix entfernen Start - Ausführen - Kopiere rein: Combofix /U - klicke "OK" __________ MfG Sabina rund um die PC-Sicherheit |
|
|
||
12.07.2008, 00:12
...neu hier
Themenstarter Beiträge: 5 |
||
|
||
12.07.2008, 12:07
Moderator
Beiträge: 5694 |
#10
Hallo
Malwarebytes kannst du auf dem Rechner lassen wenn du willst, es ist ein gutes AntiMaleware - Programm und updated sich immer. HJT kannst du normal löschen. Gruss Swiss |
|
|
||
RunDLL
Fehler beim Laden von
C:\Users\GUNSHI~1\AppData\Local\Temp\rqRJYqNe.dll
Das angegebene Modul wurde nicht gefunden .
ich hatte gelesen das andere auch dieses problem hatten bwz haben und ich hab mir auch schon das Trend Micro HijackThis v2.02 heruntergeladen ...
und das ist bei dem test herausgekommen . was muss ich jetzt machen ?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:57, on 10.07.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\ASScrPro.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\rundll32.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Vodafone\VMCLite\VodafoneVMCLiteLauncher.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\vodafone\vmclite\PhoneConnectorVMC.exe
C:\Program Files\vodafone\vmclite\VMC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?hl=de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe"
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VodafoneVMCLiteLauncher] C:\Program Files\Vodafone\VMCLite\\VodafoneVMCLiteLauncher.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winnuj32.rom,slNRun
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\GUNSHI~1\AppData\Local\Temp\rqRJYqNe.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-4179577837-4171987178-1579514377-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-4179577837-4171987178-1579514377-1000\..\Run: [MSSMSGS] rundll32.exe winnuj32.rom,slNRun (User '?')
O4 - HKUS\S-1-5-21-4179577837-4171987178-1579514377-1000\..\Run: [MSServer] rundll32.exe C:\Users\GUNSHI~1\AppData\Local\Temp\rqRJYqNe.dll,#1 (User '?')
O4 - Global Startup: NewShortcut1.lnk = C:\Program Files\Vodafone\VMCLite\VodafoneVMCLiteLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D02E598-D15F-48C3-9326-995A6EC3E73E}: NameServer = 139.7.30.125 139.7.30.126
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll