| |
| |||||||
Log-Analyse und Auswertung: trojaner: psw.generic10.bnpnWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
03.02.2013, 05:43
| #1 | |
| |  trojaner: psw.generic10.bnpn Hallo, ich bin Windows8 Nutzer, verwende eine Lizenzversion AVG Internetsecurity 2013, beim Scan des Computers erhielt ich den Fund des Trojaner: psw.generic10.bnpn angeblich sei der aber in Quarantäne verschoben und geheilt, etwas stutzig darüber, dass ich mitbekommen haben müsse, wenn sich hier was einschleicht, lies ich den Scan erneut durchlaufen und noch mal und nochmal und immer wieder ist der Trojaner vorhanden. Gegoogelt habe ich fast den ganzen Tag danach, nichts gefunden, AVG hat am WE keinen Telefonsupport, die Mail ist noch nicht beantwortet, ich erwarte da aber auch wenig Hilfe, denn in ihren Listen ist er nicht aufgeführt, es gibt auch kein Tool, um ihn zu entfernen. Insgesamt bleibt die Suche nach dem Trojaner erfolglos, es gab ein Forum, das vor ca 6 Std die ersten Meldungen zu dem Trojaner zu verbuchen hat, nur hilfreiches finde ich da nicht dabei, es sind eben Meldungen, zu dem Fund, auffallend, alle nutzen Windows8 und AVG als Antivirenschutzprogramm. Ich habe Trojan Remove von Chip runtergeladen und der Trojaner wird nicht erkannt, es heißt, mein PC sei in Ordnung und nichts wurde repariert. Nun habe ich euch gefunden und hoffe ihr habt einen Lösungsansatz, für mich, ich bin kein PC Freak und eigentlich absolut Laie, ich kann einen PC bedienen aber nicht lesen. Laut AVG Bericht steckt der Trojaner in C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe Ich habe versucht ActiveX zu entfernen, aber das bleibt unmöglich, den Flashplayer selbst konnte ich entfernen, ActiveX jedoch nicht. Zitat:
Code:
ATTFilter OTL Extras logfile created on: 03.02.2013 04:44:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Melanie\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,82 Gb Total Physical Memory | 6,51 Gb Available Physical Memory | 83,21% Memory free
9,01 Gb Paging File | 7,57 Gb Available in Paging File | 84,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,19 Gb Total Space | 391,47 Gb Free Space | 87,74% Space Free | Partition Type: NTFS
Computer Name: HOSCHIDERVIERTE | User Name: Melanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A524BE50-06A0-44C3-BF8E-ECA5FD940EF0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E38AF423-BDE1-4246-A649-98CDE261D24A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CD4CDE-3824-4330-A4DD-291F4C7FAB3D}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{01985C6B-C981-40F4-944A-8235E65BBC55}" = dir=out | name=evernote |
"{09695C18-7F00-40BE-9949-A5B3C448ECF8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1117BBD1-C847-4B2E-A541-29E905CE0B3F}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{1AF69860-A075-4381-A36B-424B40479F7D}" = dir=in | name=evernote |
"{1CFED213-0BA0-4619-90E4-D4B2ADD8ABBB}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe |
"{1D8EC7E9-BCCC-4278-AF42-18BA2C74385B}" = dir=out | name=windows_ie_ac_001 |
"{2216D102-93A8-41F0-88CA-16448A0C197D}" = dir=out | name=fresh paint |
"{32AB1EB4-5968-4B79-A9CF-DE7385D1B7B2}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{39515C15-3B57-4656-BF84-B29971BE669F}" = dir=out | name=skitch |
"{3B4CF372-149A-4C5D-9F3D-1998A04871C7}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{3C923E2D-EBBD-48A7-ABF5-6DEAEBB1F823}" = dir=out | name=7digital music store |
"{3CF681E5-8F65-4BFB-9062-5481F8ACC7A2}" = dir=in | name=skype |
"{3E1C68A4-C855-4722-B25C-0211E2C2D715}" = dir=out | name=taptiles |
"{427F4DF3-1705-47AD-827E-D17D9F00A34E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{4365ED1F-725F-4A30-ACD0-9D79256BCC63}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{49403933-B030-49A7-8320-4F24FDCDC61D}" = dir=out | name=skype |
"{49D15587-339E-4D87-AD25-8679EDD0F400}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{4D211644-52DE-4B61-99A1-6263E6D00570}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe |
"{4E61828C-A50E-4911-BDE5-98CADD2E8C89}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{50D69B2F-22F3-4618-98CA-2A82E202E6EC}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{57471ADF-4AE1-492B-BA95-2B2F030E0F73}" = dir=out | name=acer crystal eye |
"{596A676C-3B78-40D3-9B50-645C99781A0E}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{5A094F17-8AAD-40F4-9A8E-9EA91D950C8E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{5A894015-9EC1-4364-8DAB-763C770676EA}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{6321FB91-6809-4A85-9D17-2CF6714B810C}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{67EDA59A-70A7-4D95-8DDC-09EC98EBA50E}" = dir=in | name=ebay |
"{686F6810-3EE6-4DE8-A966-3824652A6A7D}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe |
"{691A6547-7585-4EDF-BAD8-B1D772DE7696}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{78329531-B6B0-4C82-AE99-A24F00BE45FE}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{79733489-7F2C-4F3A-9700-6CD6E4FBFB5D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{813B9A33-0E61-4814-9E30-163BA8AE9BC6}" = dir=out | name=txtr reader |
"{83393DE2-8E17-43BA-BDAD-1E8E1594FAAF}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{83AC45D0-F923-47FD-A930-9A31662F759F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{879FA83C-FF87-4C7D-89C3-171BA2E10413}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{936C1A51-66E5-42D2-B9F3-E45B233B096D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{97E997CD-D454-4B8B-9644-ACDF85C31546}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{98E47EAB-D0E9-4AF8-9B16-FE609640F1FD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{99CFE66A-69AB-436A-8500-CD479B235482}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{9A3ECB3F-702F-4F0A-87F1-4DB7013E0AF4}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe |
"{9DCD7418-4147-4831-A125-D5565034333E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A645766D-B055-4AC3-8FD5-02DB80314AD0}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{A6F820CE-E303-46F3-B8EB-8031A971558E}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{A8F533E5-1B12-46D7-AC15-45C85BC11CD3}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{ACB34A2A-F16E-4A67-BBCF-644085358E63}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B1040928-A32C-420A-8324-77F5C63BC68F}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{B486626C-02D0-482A-90AC-991CCBF476B2}" = dir=out | name=newsxpresso metro |
"{B91475C1-52A7-4273-B3EA-604DAE8937B3}" = dir=out | name=windows_ie_ac_001 |
"{BE2E32AB-4CE5-4337-8ED0-5B5A89F87549}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{C79B331E-E5C8-441A-BFAA-5193A907AA05}" = dir=out | name=ebay |
"{C7BB1B8A-B9B4-4553-A239-82D2B37CAD9D}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{C81536BB-CFE3-4331-856C-5D206F1D18CE}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{CA88ADBC-5B8B-4E8B-BB7A-650CF3720563}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{CDF3F26A-D200-4DAB-A976-BB3D72AF2722}" = dir=out | name=social jogger |
"{CE663657-8E9D-4CED-BF7B-E56127B03214}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{CF85EEC5-A55B-45AB-8297-A2F8B7CCF191}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{D0541B5C-4FEA-4253-94F4-FBEA1E83F731}" = protocol=58 | dir=in | app=system |
"{D1549866-494D-4016-A557-B18D79571B0F}" = dir=out | name=microsoft mahjong |
"{D2CD91C8-E4ED-46D5-A6C8-52618026C212}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{D6884FAB-4035-4DE0-9935-8238546EAF52}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{DCD7EF75-71F7-4D15-B3AA-E0F476A7E2CB}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{DD2438D4-7809-42ED-B215-22BA613A37EC}" = dir=out | name=microsoft minesweeper |
"{DE8979C7-78F9-4A4A-B297-8EC95B7CA6C9}" = dir=out | name=acer explorer |
"{E0AC8777-E34F-4207-8FF7-D68874FEA9E4}" = dir=out | name=cut the rope |
"{E48D8F2A-C2B3-482B-A07D-062CA2C9C730}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{E666242D-9973-4A1C-A1E8-A6137B43E97F}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E82CAC18-872F-42EB-8783-E55F1BB9DB71}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe |
"{ED02E82C-6E88-4B5E-B8CB-81A4501DD028}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe |
"{F5F3340C-BBAD-45B0-B475-5D7EDCE86086}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{FCF69D70-5360-41C7-9B2D-E057BD012D41}" = dir=out | name=microsoft solitaire collection |
"{FE230D9D-10BF-4712-A596-C0C3AEC90E77}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{FFF7CDBF-6C36-475C-B075-705C818398CE}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{058EB68D-8F07-4E07-BD3B-B97D18E092F0}" = AVG 2013
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane
"{502275B0-3DA3-44D8-8702-066525CAAE98}" = AVG 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F0A7DF2F-0BE0-470F-B137-D7A19F977189}" = Broadcom Card Reader Driver Installer
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"AVG" = AVG 2013
"Elantech" = ETDWare PS/2-X64 11.6.11.002_WHQL
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCC073B-CC01-4443-AD20-E559F66E6E83}" = Office Addin 2003
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Google Chrome" = Google Chrome
"HyperCam 2" = HyperCam 2
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"LManager" = Launch Manager
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Spotify" = Spotify
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-13869db8-9096-4f2d-aa52-b9c642def494" = Delicious: Emily's True Love Premium Edition
"WTA-14b3bf49-1ad4-45c1-9eda-abc67fb18acb" = Island Tribe
"WTA-1a7f0dee-3b45-44af-bf7d-0ce253df59f0" = Bejeweled 3
"WTA-33bc2ceb-a4b9-4ecf-aa36-37268c773748" = Zuma's Revenge
"WTA-34904bb1-ae60-4543-b174-3fde0d272fbe" = John Deere Drive Green
"WTA-524b4d70-f5f0-4202-9d8e-3a37421408ab" = Plants vs. Zombies - Game of the Year
"WTA-534db39e-12ab-44a8-ada8-da6122f5d87b" = Jewel Match 3
"WTA-662f7528-da7d-4227-bccc-dfc82cbb815b" = Magic Academy
"WTA-894e3f03-c86d-420a-90f2-5aa14967ff9d" = Tales of Lagoona
"WTA-903e96d0-f257-466d-959f-288daf603d82" = Final Drive: Nitro
"WTA-97243826-fa78-4056-82c3-b9aa5efbe2a3" = Penguins!
"WTA-ce0083a1-23c7-4caf-b1c4-841ca96f9a61" = Agatha Christie - Death on the Nile
"WTA-e4334a1f-cace-41c9-8c88-b959f0b9b551" = Polar Bowler
"WTA-f6706dcd-9cb8-44bf-91c8-2872a5095337" = Governor of Poker 2 Premium Edition
"WTA-f98a809b-bab9-44de-a753-1e6b016a6b65" = Aloha TriPeaks
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.01.2013 02:43:08 | Computer Name = HoschiderVierte | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 25.01.2013 02:53:40 | Computer Name = HoschiderVierte | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 25.01.2013 02:53:40 | Computer Name = HoschiderVierte | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 25.01.2013 02:53:40 | Computer Name = HoschiderVierte | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 25.01.2013 03:07:18 | Computer Name = HoschiderVierte | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 25.01.2013 03:07:18 | Computer Name = HoschiderVierte | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 25.01.2013 03:07:18 | Computer Name = HoschiderVierte | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 25.01.2013 03:07:31 | Computer Name = HoschiderVierte | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 25.01.2013 03:07:31 | Computer Name = HoschiderVierte | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
Error - 25.01.2013 03:07:31 | Computer Name = HoschiderVierte | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.
[ System Events ]
Error - 18.01.2013 00:54:41 | Computer Name = HoschiderVierte | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 18.01.2013 08:32:43 | Computer Name = HoschiderVierte | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 18.01.2013 08:32:43 | Computer Name = HoschiderVierte | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 19.01.2013 10:32:47 | Computer Name = HoschiderVierte | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 19.01.2013 15:09:19 | Computer Name = HoschiderVierte | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 19.01.2013 15:09:20 | Computer Name = HoschiderVierte | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 19.01.2013 23:55:20 | Computer Name = HoschiderVierte | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 20.01.2013 08:37:10 | Computer Name = HoschiderVierte | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 20.01.2013 08:37:13 | Computer Name = HoschiderVierte | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 22.01.2013 00:47:17 | Computer Name = HoschiderVierte | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
< End of report >
GMER Logfile: Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-03 05:01:46
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000034 WDC_WD5000LPVT-22G33T0 rev.01.01A01 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Melanie\AppData\Local\Temp\uxpirpod.sys
---- User code sections - GMER 2.0 ----
.text C:\Windows\system32\dwm.exe[664] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb846b1532 4 bytes [6B, 84, FB, 07]
.text C:\Windows\system32\dwm.exe[664] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb846b153a 4 bytes [6B, 84, FB, 07]
.text C:\Windows\system32\dwm.exe[664] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb846b165a 4 bytes [6B, 84, FB, 07]
.text C:\Windows\system32\taskhostex.exe[2980] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb846b1532 4 bytes [6B, 84, FB, 07]
.text C:\Windows\system32\taskhostex.exe[2980] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb846b153a 4 bytes [6B, 84, FB, 07]
.text C:\Windows\system32\taskhostex.exe[2980] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb846b165a 4 bytes [6B, 84, FB, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[3024] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb846b1532 4 bytes [6B, 84, FB, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[3024] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb846b153a 4 bytes [6B, 84, FB, 07]
.text C:\Program Files\Elantech\ETDCtrl.exe[3024] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb846b165a 4 bytes [6B, 84, FB, 07]
.text C:\Windows\Explorer.EXE[2644] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb846b1532 4 bytes [6B, 84, FB, 07]
.text C:\Windows\Explorer.EXE[2644] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb846b153a 4 bytes [6B, 84, FB, 07]
.text C:\Windows\Explorer.EXE[2644] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb846b165a 4 bytes [6B, 84, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[1184] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb846b1532 4 bytes [6B, 84, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[1184] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb846b153a 4 bytes [6B, 84, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[1184] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb846b165a 4 bytes [6B, 84, FB, 07]
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3280] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb846b1532 4 bytes [6B, 84, FB, 07]
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3280] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb846b153a 4 bytes [6B, 84, FB, 07]
.text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3280] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb846b165a 4 bytes [6B, 84, FB, 07]
.text C:\Windows\system32\igfxext.exe[3364] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb846b1532 4 bytes [6B, 84, FB, 07]
.text C:\Windows\system32\igfxext.exe[3364] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb846b153a 4 bytes [6B, 84, FB, 07]
.text C:\Windows\system32\igfxext.exe[3364] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb846b165a 4 bytes [6B, 84, FB, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[3552] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb846b1532 4 bytes [6B, 84, FB, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[3552] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb846b153a 4 bytes [6B, 84, FB, 07]
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[3552] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb846b165a 4 bytes [6B, 84, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3752] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb846b1532 4 bytes [6B, 84, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3752] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb846b153a 4 bytes [6B, 84, FB, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3752] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb846b165a 4 bytes [6B, 84, FB, 07]
.text C:\Windows\System32\igfxtray.exe[3808] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb846b1532 4 bytes [6B, 84, FB, 07]
.text C:\Windows\System32\igfxtray.exe[3808] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb846b153a 4 bytes [6B, 84, FB, 07]
.text C:\Windows\System32\igfxtray.exe[3808] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb846b165a 4 bytes [6B, 84, FB, 07]
.text C:\Windows\System32\hkcmd.exe[3864] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb846b1532 4 bytes [6B, 84, FB, 07]
.text C:\Windows\System32\hkcmd.exe[3864] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb846b153a 4 bytes [6B, 84, FB, 07]
.text C:\Windows\System32\hkcmd.exe[3864] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb846b165a 4 bytes [6B, 84, FB, 07]
.text C:\Windows\System32\igfxpers.exe[3884] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb8e54177a 4 bytes [54, 8E, FB, 07]
.text C:\Windows\System32\igfxpers.exe[3884] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb8e541782 4 bytes [54, 8E, FB, 07]
.text C:\Windows\System32\igfxpers.exe[3884] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb846b1532 4 bytes [6B, 84, FB, 07]
.text C:\Windows\System32\igfxpers.exe[3884] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb846b153a 4 bytes [6B, 84, FB, 07]
.text C:\Windows\System32\igfxpers.exe[3884] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb846b165a 4 bytes [6B, 84, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[3964] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb8e54177a 4 bytes [54, 8E, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe[3964] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb8e541782 4 bytes [54, 8E, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[780] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb846b1532 4 bytes [6B, 84, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[780] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb846b153a 4 bytes [6B, 84, FB, 07]
.text C:\Windows\system32\wbem\unsecapp.exe[780] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb846b165a 4 bytes [6B, 84, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[1360] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb846b1532 4 bytes [6B, 84, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[1360] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb846b153a 4 bytes [6B, 84, FB, 07]
.text C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe[1360] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb846b165a 4 bytes [6B, 84, FB, 07]
---- User IAT/EAT - GMER 2.0 ----
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\msiexec.exe[ADVAPI32.dll!RegOpenKeyExW] [7fb7ef11c80] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\WINSPOOL.DRV[KERNEL32.dll!CopyFileW] [7fb7ef13298] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CreateFileW] [7fb7ef11bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!MoveFileW] [7fb7ef35040] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!DeleteFileW] [7fb7ef13184] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\ADVAPI32.dll[KERNEL32.dll!CopyFileExW] [7fb7ef34f30] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\ole32.dll[KERNEL32.dll!CreateFileA] [7fb7ef11e60] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!DeleteFileW] [7fb7ef13184] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CreateFileW] [7fb7ef11bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CreateFileA] [7fb7ef11e60] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!SetFileAttributesA] [7fb7ef356b0] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!DeleteFileA] [7fb7ef11f00] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\urlmon.dll[KERNEL32.dll!CopyFileA] [7fb7ef34e50] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\ESENT.dll[KERNEL32.dll!CopyFileExW] [7fb7ef34f30] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\ESENT.dll[KERNEL32.dll!MoveFileExW] [7fb7ef35164] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\ESENT.dll[KERNEL32.dll!DeleteFileW] [7fb7ef13184] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\ESENT.dll[KERNEL32.dll!CreateFileW] [7fb7ef11bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\ESENT.dll[KERNEL32.dll!CreateFileA] [7fb7ef11e60] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\USERENV.dll[KERNELBASE.dll!PrivCopyFileExW] [7fb7ef35638] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!CreateFileW] [7fb7ef11bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!_lcreat] [7fb7ef353f8] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!_lopen] [7fb7ef35300] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!_lwrite] [7fb7ef354f0] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!DeleteFileA] [7fb7ef11f00] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!DeleteFileW] [7fb7ef13184] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\VERSION.dll[KERNEL32.dll!MoveFileW] [7fb7ef35040] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\iertutil.dll[KERNEL32.dll!CreateFileW] [7fb7ef11bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!MoveFileW] [7fb7ef35040] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!CreateFileA] [7fb7ef11e60] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!CreateFileW] [7fb7ef11bdc] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!DeleteFileA] [7fb7ef11f00] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!DeleteFileW] [7fb7ef13184] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!SetFileAttributesA] [7fb7ef356b0] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!MoveFileExW] [7fb7ef35164] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
IAT C:\Windows\system32\msiexec.exe[3576] @ C:\Windows\system32\WININET.dll[KERNEL32.dll!SetFileAttributesW] [7fb7ef13260] C:\Windows\AppPatch\AppPatch64\AcLayers.DLL
---- Threads - GMER 2.0 ----
Thread C:\Windows\system32\csrss.exe [776:800] fffff960009685e8
Thread C:\Windows\SYSTEM32\ntdll.dll [4008:4012] 0000000000a0f6b2
Thread C:\Windows\SYSTEM32\ntdll.dll [2516:1028] 000000000040add1
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.0 ----
Auffällig war beim Scannen mit euren Programmen das hier: HTML-Code: hxxp://www.imagebanana.com/view/y5sffmt6/gmer.JPG Melanie |
|
| Themen zu trojaner: psw.generic10.bnpn |
| avg, cloud, cpu, dll, ebay, error, explorer, fehler, format, google, homepage, iexplore.exe, install.exe, launch, logfile, msiexec.exe, msvcrt, ntdll.dll, realtek, registry, richtlinie, rundll, scan, security, server, software, system, teamspeak, temp, trojaner, unknown mbr, visual studio, windows, windows8, wird nicht erkannt |
Linear-Darstellung
