![]() |
|
Log-Analyse und Auswertung: .scr Datei (Avira verdacht auf Trojaner)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() .scr Datei (Avira verdacht auf Trojaner) Hallo. Ich komme gleich mal zur Sache! Mir wurde vor kaum 2 Stunden eine Anfrage zum Handel, auf Steam geschickt. Natürlich mit passendem "Link" zu einem vermeintlichen Item. Dieser Link führte mich jedoch lediglich zu einer Seite, welche automatisch eine unter dem Decknamen screenshot_815844.scr Datei runter geladen hat. Avira erkannte hierbei jedoch sofort einen Trojaner "TR/Dropper.MSIL.GEN" Mein erster Schritt war ein Vollständiger System Scan.. jedoch ohne weiteren Fund. Weshalb ich auf Nummer sicher ging. Und meinen Rechner, mittels Systemwiederherstellung auf einen früheren Zeitpunkt wiederhergestellt habe. Nun meine Frage: Welche Schritte sollten noch unternommen werden? FRST Logs sind ebenso vorhanden Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015 Ran by Marcel at 2015-02-08 19:00:09 Running from C:\Users\Marcel\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.) AMD OverDrive (HKLM-x32\...\{34D5220A-58D0-473C-90E4-15136C3FB0E3}) (Version: 4.3.1.0690 - Advanced Micro Devices, Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach) Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG) Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira) Battlefield 2 (HKLM-x32\...\{A8DBF55D-73C0-4E37-A10E-365BFBB14119}) (Version: 1.5.0.0 - Electronic Arts) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP) Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{BA4C8F9F-D81B-4AFE-AE5A-3837830F5B89}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™ Renegade (HKLM-x32\...\{97B5E8B9-D5E6-49C4-8CDA-7E096BE2601A}) (Version: 1.0.0.0 - Electronic Arts, Inc.) Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Deckadance (HKLM-x32\...\Deckadance) (Version: 2.0 - Image-Line) DirectWave (HKLM-x32\...\DirectWave) (Version: - Image-Line) DriverIdentifier 4.2.8 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version: - DriverIdentifier) FileZilla Client 3.10.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.0.2 - Tim Kosse) Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version: - Fistful of Frags Team) FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line) FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - ) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Free YouTube Download version 3.2.53.128 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.53.128 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Chrome (HKLM-x32\...\{0AF824B2-4F7D-325F-82E9-4758EBD12AB0}) (Version: 66.41.32862 - Google, Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Grand Theft Auto (HKLM-x32\...\Grand Theft Auto) (Version: - ) Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North) Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto) GTA2 (HKLM-x32\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - ) HeavyLoad V3.3 (64 bit) (HKLM\...\HeavyLoad_is1) (Version: 3.3 - JAM Software) IL Gross Beat (HKLM-x32\...\IL Gross Beat) (Version: - Image-Line) IL Juice Pack (HKLM-x32\...\IL Juice Pack) (Version: - Image-Line) IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line) IL Vocodex (HKLM-x32\...\IL Vocodex) (Version: - Image-Line) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games ) League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden Logitech Gaming Software 8.12 (HKLM\...\{690285C2-2481-44FB-8402-162EA970A6DD}) (Version: 8.12.030 - Logitech Inc.) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Maximus (HKLM-x32\...\Maximus) (Version: - Image-Line) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation) Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation) Microsoft Office Standard 2013 (HKLM\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Morphine (HKLM-x32\...\Morphine) (Version: - Image-Line bvba) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla) NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Grafiktreiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation) Opera Stable 27.0.1689.66 (HKLM-x32\...\Opera 27.0.1689.66) (Version: 27.0.1689.66 - Opera Software ASA) Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.) Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games) Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) PoiZone (HKLM-x32\...\PoiZone) (Version: - Image-Line) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts) Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Spotify (HKU\S-1-5-21-8521178-4176727230-657539459-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) Spotify (HKU\S-1-5-21-8521178-4176727230-657539459-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB) Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version: - Pandemic Studios) Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version: - Raven Software) Star Wars Republic Commando (HKLM-x32\...\Steam App 6000) (Version: - LucasArts) Star Wars: Dark Forces (HKLM-x32\...\Steam App 32400) (Version: - LucasArts) Star Wars: Empire at War Gold (HKLM-x32\...\Steam App 32470) (Version: - Petroglyph) Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare) Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version: - Obsidian Entertainment) Star Wars: The Force Unleashed II (HKLM-x32\...\Steam App 32500) (Version: - Aspyr Studios) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version: - Gas Powered Games) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38475 - TeamViewer) Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version: - Image-Line bvba) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat) WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 04-02-2015 01:34:36 Windows Update 04-02-2015 09:32:35 Installed GTA2 04-02-2015 11:52:49 DirectX wurde installiert 05-02-2015 02:38:00 Windows Update 05-02-2015 14:09:47 DirectX wurde installiert 05-02-2015 14:11:24 DirectX wurde installiert 06-02-2015 03:00:17 Windows Update 06-02-2015 19:59:27 DirectX wurde installiert 06-02-2015 20:43:40 DirectX wurde installiert 07-02-2015 21:08:55 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 07-02-2015 21:09:34 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 08-02-2015 16:32:18 DirectX wurde installiert 08-02-2015 16:34:26 Installed Ubisoft Game Launcher 08-02-2015 18:30:35 Wiederherstellungsvorgang ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {039E74A2-3436-4FF5-A81F-B3680068A2FA} - System32\Tasks\{DC0E4CF5-1E1F-4079-A8CF-7135D90C658C} => pcalua.exe -a "I:\Neuer Ordner\Neuer Ordner\LeagueofLegends_EUW_Installer_9_15_2014.exe" -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102; /out:"C:\Users\Marcel\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:5660 Task: {1585E660-AAC7-4D6A-A78B-3964288462B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31] (Google Inc.) Task: {282FEB43-D080-4CCA-B16A-E2E76F53A0CB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {342395E0-B503-4F03-9A77-6785A93CCA85} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_296_pepper.exe Task: {45A9DF53-366F-45E4-986C-F4E7693D8CF0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {62D2D577-97F8-415D-ABA3-DD02721C50C7} - System32\Tasks\{971383D1-F360-4C51-BE96-14727CD3A2C8} => pcalua.exe -a C:\Users\Marcel\Downloads\wlsetup-web.exe -d C:\Users\Marcel\Downloads Task: {650AD561-915C-4707-87A2-AD4ED8F5BFA9} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-02-03] () Task: {8E00F75A-78D0-4368-8E4B-221E161C38B5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {C4F59811-CFCD-4913-8181-37B7E0F99AD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31] (Google Inc.) Task: {DA8BF2FD-57B2-42D2-AD32-256AB962F5A8} - System32\Tasks\Opera scheduled Autoupdate 1422715970 => C:\Program Files (x86)\Opera\launcher.exe [2015-02-02] (Opera Software) Task: {EF4F10B2-0F17-47C6-B88B-6FB687E0F4F6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_296_pepper.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-01-31 15:46 - 2015-01-10 00:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-12-08 11:10 - 2014-12-08 11:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2015-02-01 18:23 - 2015-02-01 18:23 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe 2015-02-02 14:27 - 2015-02-02 14:27 - 00118784 _____ () C:\Program Files\Logitech Gaming Software\plugins\DevMgr-8.12.077\DevMgr.dll 2015-02-02 14:27 - 2015-02-02 14:27 - 00705536 _____ () C:\Program Files\Logitech Gaming Software\plugins\MainUI-8.12.179\MainUI.dll 2015-02-02 14:27 - 2015-02-02 14:27 - 00123904 _____ () C:\Program Files\Logitech Gaming Software\plugins\DevBusBulk-8.12.076\DevBusBulk.dll 2015-02-02 14:27 - 2015-02-02 14:27 - 00125952 _____ () C:\Program Files\Logitech Gaming Software\plugins\DevBusHid-8.12.078\DevBusHid.dll 2015-02-02 14:27 - 2015-02-02 14:27 - 00098304 _____ () C:\Program Files\Logitech Gaming Software\plugins\SimInput-8.12.068\SimInput.dll 2015-02-02 14:27 - 2015-02-02 14:27 - 00272384 _____ () C:\Program Files\Logitech Gaming Software\plugins\G13Device-8.12.155\G13Device.dll 2015-02-02 14:27 - 2015-02-02 14:27 - 00297984 _____ () C:\Program Files\Logitech Gaming Software\plugins\G19Device-8.12.147\G19Device.dll 2015-02-02 14:27 - 2015-02-02 14:27 - 00034304 _____ () C:\Program Files\Logitech Gaming Software\plugins\PnpGamePanelDevices-8.12.049\PnpGamePanelDevices.dll 2015-02-03 13:49 - 2015-02-03 13:49 - 00552056 _____ () C:\Program Files (x86)\Opera\27.0.1689.66\opera_crashreporter.exe 2015-01-16 16:34 - 2015-01-16 16:34 - 00039200 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll 2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll 2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll 2015-02-03 13:49 - 2015-02-03 13:49 - 01408632 _____ () C:\Program Files (x86)\Opera\27.0.1689.66\libglesv2.dll 2015-02-03 13:49 - 2015-02-03 13:49 - 00219256 _____ () C:\Program Files (x86)\Opera\27.0.1689.66\libegl.dll 2015-02-03 13:49 - 2015-02-03 13:49 - 09510520 _____ () C:\Program Files (x86)\Opera\27.0.1689.66\pdf.dll 2015-01-31 15:54 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-8521178-4176727230-657539459-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-8521178-4176727230-657539459-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-8521178-4176727230-657539459-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Fl studio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-8521178-4176727230-657539459-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Fl studio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-8521178-4176727230-657539459-500 - Administrator - Disabled) Fl studio (S-1-5-21-8521178-4176727230-657539459-1005 - Limited - Enabled) => C:\Users\Fl studio Gast (S-1-5-21-8521178-4176727230-657539459-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-8521178-4176727230-657539459-1004 - Limited - Enabled) Marcel (S-1-5-21-8521178-4176727230-657539459-1001 - Administrator - Enabled) => C:\Users\Marcel ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/08/2015 06:34:14 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (02/08/2015 06:34:14 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (02/08/2015 06:34:13 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] Error: (02/07/2015 08:02:39 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1698 Startzeit: 01d0430897411281 Endzeit: 2 Anwendungspfad: G:\Games\League of Legends\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: e05e9d8e-aefb-11e4-b2e4-00241dc052f3 Error: (02/07/2015 01:09:42 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (02/07/2015 01:09:42 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (02/07/2015 01:09:39 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] Error: (02/06/2015 08:04:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: SWTFU2.exe, Version: 1.1.0.0, Zeitstempel: 0x4cf3fa59 Name des fehlerhaften Moduls: SWTFU2.exe, Version: 1.1.0.0, Zeitstempel: 0x4cf3fa59 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00012b3a ID des fehlerhaften Prozesses: 0x31e8 Startzeit der fehlerhaften Anwendung: 0xSWTFU2.exe0 Pfad der fehlerhaften Anwendung: SWTFU2.exe1 Pfad des fehlerhaften Moduls: SWTFU2.exe2 Berichtskennung: SWTFU2.exe3 Error: (02/06/2015 06:47:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: LCDMovieViewer.exe, Version: 3.6.109.0, Zeitstempel: 0x4c5843f9 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000337a2 ID des fehlerhaften Prozesses: 0xc44 Startzeit der fehlerhaften Anwendung: 0xLCDMovieViewer.exe0 Pfad der fehlerhaften Anwendung: LCDMovieViewer.exe1 Pfad des fehlerhaften Moduls: LCDMovieViewer.exe2 Berichtskennung: LCDMovieViewer.exe3 Error: (02/05/2015 06:43:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: LCDMovieViewer.exe, Version: 3.6.109.0, Zeitstempel: 0x4c5843f9 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000343e0 ID des fehlerhaften Prozesses: 0x1948 Startzeit der fehlerhaften Anwendung: 0xLCDMovieViewer.exe0 Pfad der fehlerhaften Anwendung: LCDMovieViewer.exe1 Pfad des fehlerhaften Moduls: LCDMovieViewer.exe2 Berichtskennung: LCDMovieViewer.exe3 System errors: ============= Error: (02/08/2015 07:44:47 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (02/07/2015 09:27:38 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (02/07/2015 09:27:38 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (02/07/2015 09:27:38 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (02/06/2015 11:43:04 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (02/05/2015 02:37:34 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (02/05/2015 01:46:39 AM) (Source: WMPNetworkSvc) (EventID: 14365) (User: ) Description: 0x80004004-1 Error: (02/04/2015 07:57:58 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (02/04/2015 07:57:57 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (02/04/2015 07:57:57 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Microsoft Office Sessions: ========================= Error: (02/08/2015 06:34:14 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (02/08/2015 06:34:14 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (02/08/2015 06:34:13 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] Error: (02/07/2015 08:02:39 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: rads_user_kernel.exe0.0.0.0169801d04308974112812G:\Games\League of Legends\League of Legends\RADS\system\rads_user_kernel.exee05e9d8e-aefb-11e4-b2e4-00241dc052f3 Error: (02/07/2015 01:09:42 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD initialization failed [6] Error: (02/07/2015 01:09:42 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0] Error: (02/07/2015 01:09:39 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: NvStreamSvcNvVAD endpoint registration failed [0] Error: (02/06/2015 08:04:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: SWTFU2.exe1.1.0.04cf3fa59SWTFU2.exe1.1.0.04cf3fa59c000000500012b3a31e801d0423f5f2aee28F:\steam games\steamapps\common\Star Wars The Force Unleashed 2\SWTFU2.exeF:\steam games\steamapps\common\Star Wars The Force Unleashed 2\SWTFU2.exeecba6154-ae32-11e4-a9ad-00241dc052f3 Error: (02/06/2015 06:47:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: LCDMovieViewer.exe3.6.109.04c5843f9ntdll.dll6.1.7601.18247521ea8e7c0000005000337a2c4401d041b216e0ca31C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-8.12.071\Applets\x86\LCDMovieViewer.exeC:\Windows\SysWOW64\ntdll.dll3f0624f0-ae28-11e4-a9ad-00241dc052f3 Error: (02/05/2015 06:43:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: LCDMovieViewer.exe3.6.109.04c5843f9ntdll.dll6.1.7601.18247521ea8e7c0000005000343e0194801d0412a03d8af62C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-8.12.071\Applets\x86\LCDMovieViewer.exeC:\Windows\SysWOW64\ntdll.dll7ca6c650-ad5e-11e4-a9ad-00241dc052f3 CodeIntegrity Errors: =================================== Date: 2015-02-03 21:18:46.006 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-03 21:18:45.999 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-03 21:18:45.993 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-03 21:18:45.923 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-02 18:44:16.775 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-02 18:44:16.774 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-02 18:44:16.772 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-02 18:44:16.771 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-02 18:03:36.233 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2015-02-02 18:03:36.231 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: AMD Phenom(tm) II X4 965 Processor Percentage of memory in use: 50% Total physical RAM: 8189.49 MB Available physical RAM: 4091.85 MB Total Pagefile: 16377.17 MB Available Pagefile: 10862.71 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.7 GB) (Free:97.22 GB) NTFS Drive d: () (Fixed) (Total:465.71 GB) (Free:85.98 GB) NTFS Drive f: (Downloads) (Fixed) (Total:931.51 GB) (Free:326.79 GB) NTFS Drive g: (Spiele&Programme) (Fixed) (Total:931.51 GB) (Free:34.76 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive h: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 64F7A0F4) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 94718D84) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 94718D9B) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ ![]() Mfg. FitschFatsch |
Themen zu .scr Datei (Avira verdacht auf Trojaner) |
adware, antivirus, autokms, avira, converter, defender, desktop, dvdvideosoft ltd., failed, firefox, flash player, frage, ftp, geforce, handel, helper, lightning, mp3, opera, programm, programme, security, server, software, src datei, steam, suche, system, trojaner, warnung, windows |