|
Log-Analyse und Auswertung: GameRanger Gefahr?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.07.2015, 13:51 | #1 |
| GameRanger Gefahr? Hallo Trojaner-Board, ich bin vor einigen tagen auf ein tolles Programm gestoßen : Game Ranger. Es belebt den mutliplayer von Spielen wieder die nicht mehr vom hersteller aus Multiplayer unterstützt werden. Um das zu erreichen werden wohl jedes mal wenn man ein spiel "hostet" kleine vpns erstellt. Meine frage ist : Birgt das benutzen von Game Ranger Sicherheits risiken? Ich habe auf einer VM nur Game ranger installiert und mit FRST Gescannt , wer weiß vielleicht hilft das ja weiter? Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01 Ran by BOXI (administrator) on BOXI-PC on 03-07-2015 14:42:22 Running from C:\Users\BOXI\Downloads Loaded Profiles: BOXI (Available Profiles: BOXI) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (GameRanger Technologies) C:\Users\BOXI\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) Startup: C:\Users\BOXI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk [2015-07-03] ShortcutTarget: GameRanger.lnk -> C:\Users\BOXI\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-4217404165-918743094-1610603988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com HKU\S-1-5-21-4217404165-918743094-1610603988-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{614836BF-9160-4995-A5F3-2C75B5B20E2C}: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-07-03] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-03] () ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-03 18:50 - 2015-07-03 08:55 - 00000000 ____D C:\Windows\Panther 2015-07-03 18:49 - 2015-07-03 18:49 - 00000000 ____D C:\Hotfix 2015-07-03 18:49 - 2011-02-16 04:16 - 00000029 ___RH C:\Windows\version 2015-07-03 18:49 - 2011-02-16 04:16 - 00000013 ____R C:\Windows\csup.txt 2015-07-03 18:48 - 2015-07-03 18:48 - 00295922 _____ C:\Windows\system32\perfi007.dat 2015-07-03 18:48 - 2015-07-03 18:48 - 00038104 _____ C:\Windows\system32\perfd007.dat 2015-07-03 18:48 - 2015-07-03 18:48 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer 2015-07-03 18:48 - 2015-07-03 18:48 - 00000000 ____D C:\Windows\SysWOW64\de 2015-07-03 18:48 - 2015-07-03 18:48 - 00000000 ____D C:\Windows\SysWOW64\0407 2015-07-03 18:48 - 2015-07-03 18:48 - 00000000 ____D C:\Windows\system32\de 2015-07-03 18:48 - 2015-07-03 18:48 - 00000000 ____D C:\Windows\system32\0407 2015-07-03 18:48 - 2015-07-03 14:29 - 00643628 _____ C:\Windows\system32\perfh007.dat 2015-07-03 18:48 - 2015-07-03 14:29 - 00126188 _____ C:\Windows\system32\perfc007.dat 2015-07-03 14:42 - 2015-07-03 14:42 - 00003462 _____ C:\Users\BOXI\Downloads\FRST.txt 2015-07-03 14:42 - 2015-07-03 14:42 - 00000000 ____D C:\FRST 2015-07-03 14:41 - 2015-07-03 14:41 - 02112512 _____ (Farbar) C:\Users\BOXI\Downloads\FRST64.exe 2015-07-03 14:40 - 2015-07-03 14:40 - 00000000 ____D C:\Users\BOXI\AppData\Roaming\Macromedia 2015-07-03 14:40 - 2015-07-03 14:40 - 00000000 ____D C:\Users\BOXI\AppData\Roaming\Adobe 2015-07-03 14:36 - 2015-07-03 14:37 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-03 14:36 - 2015-07-03 14:36 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-03 14:36 - 2015-07-03 14:36 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-03 14:36 - 2015-07-03 14:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-03 14:36 - 2015-07-03 14:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2015-07-03 14:36 - 2015-07-03 14:36 - 00000000 ____D C:\Windows\system32\Macromed 2015-07-03 14:35 - 2015-07-03 14:35 - 00114352 _____ (GameRanger Technologies) C:\Users\BOXI\Downloads\GameRangerSetup.exe 2015-07-03 14:35 - 2015-07-03 14:35 - 00001031 _____ C:\Users\BOXI\Desktop\GameRanger.lnk 2015-07-03 14:35 - 2015-07-03 14:35 - 00001017 _____ C:\Users\BOXI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk 2015-07-03 14:35 - 2015-07-03 14:35 - 00000000 ____D C:\Users\BOXI\AppData\Roaming\GameRanger 2015-07-03 14:34 - 2015-07-03 14:35 - 01636352 _____ (Farbar) C:\Users\BOXI\Downloads\FRST.exe 2015-07-03 10:31 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2015-07-03 10:31 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2015-07-03 10:31 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2015-07-03 10:31 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2015-07-03 10:31 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2015-07-03 10:31 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2015-07-03 10:31 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2015-07-03 10:31 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2015-07-03 10:30 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-07-03 10:30 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-07-03 10:30 - 2012-03-01 08:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys 2015-07-03 10:30 - 2012-03-01 08:38 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-07-03 10:30 - 2012-03-01 08:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2015-07-03 10:30 - 2012-03-01 08:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll 2015-07-03 10:30 - 2012-03-01 07:37 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-07-03 10:30 - 2012-03-01 07:33 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2015-07-03 10:30 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll 2015-07-03 10:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2015-07-03 10:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2015-07-03 10:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2015-07-03 10:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2015-07-03 10:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2015-07-03 10:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2015-07-03 10:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2015-07-03 10:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2015-07-03 09:40 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll 2015-07-03 09:40 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll 2015-07-03 09:40 - 2012-02-17 06:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2015-07-03 09:40 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys 2015-07-03 08:55 - 2015-07-03 14:34 - 02061129 _____ C:\Windows\WindowsUpdate.log 2015-07-03 08:55 - 2015-07-03 08:55 - 00001439 _____ C:\Users\BOXI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-07-03 08:55 - 2015-07-03 08:55 - 00001405 _____ C:\Users\BOXI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2015-07-03 08:55 - 2015-07-03 08:55 - 00000020 ___SH C:\Users\BOXI\ntuser.ini 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\Vorlagen 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\Startmenü 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\Eigene Dateien 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\Druckumgebung 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\Vorlagen 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\Startmenü 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\Netzwerkumgebung 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\Lokale Einstellungen 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\Eigene Dateien 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\Druckumgebung 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\Documents\Eigene Musik 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\Documents\Eigene Bilder 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\AppData\Roaming\Microsoft\Windows\Start Menu\Programme 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\AppData\Local\Verlauf 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\AppData\Local\Anwendungsdaten 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\Anwendungsdaten 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Programme 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\ProgramData\Vorlagen 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\ProgramData\Startmenü 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\ProgramData\Favoriten 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\ProgramData\Dokumente 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Dokumente und Einstellungen 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 __SHD C:\Recovery 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 ____D C:\Users\BOXI\AppData\Local\VirtualStore 2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 ____D C:\Users\BOXI 2015-07-03 08:55 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-07-03 08:55 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-07-03 08:55 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-07-03 08:55 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-07-03 08:55 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-07-03 08:55 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-07-03 08:55 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-07-03 08:55 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-07-03 08:55 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-07-03 08:55 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-07-03 08:55 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-07-03 08:55 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-07-03 08:55 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-07-03 08:55 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-07-03 08:55 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\BOXI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-07-03 08:55 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\BOXI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-07-03 08:51 - 2015-07-03 08:51 - 00001355 _____ C:\Windows\TSSysprep.log 2015-07-03 08:51 - 2015-07-03 08:51 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk 2015-07-03 08:51 - 2015-07-03 08:51 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-03 18:49 - 2009-07-14 07:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG 2015-07-03 18:49 - 2009-07-14 07:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template 2015-07-03 18:49 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\Setup 2015-07-03 18:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe 2015-07-03 18:48 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal 2015-07-03 18:48 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\winrm 2015-07-03 18:48 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\WCN 2015-07-03 18:48 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\sysprep 2015-07-03 18:48 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr 2015-07-03 18:48 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts 2015-07-03 18:48 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\winrm 2015-07-03 18:48 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\WCN 2015-07-03 18:48 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\slmgr 2015-07-03 18:48 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts 2015-07-03 18:48 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\DigitalLocker 2015-07-03 18:48 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns 2015-07-03 18:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar 2015-07-03 18:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2015-07-03 18:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender 2015-07-03 18:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker 2015-07-03 18:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar 2015-07-03 18:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2015-07-03 18:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup 2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe 2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\MUI 2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz 2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com 2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Setup 2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\MUI 2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz 2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism 2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\com 2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing 2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\IME 2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System 2015-07-03 14:29 - 2009-07-14 07:13 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-03 14:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-03 14:24 - 2009-07-14 06:51 - 00022032 _____ C:\Windows\setupact.log 2015-07-03 10:46 - 2009-07-14 06:45 - 00020848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-03 10:46 - 2009-07-14 06:45 - 00020848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-03 08:55 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\restore 2015-07-03 08:55 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2015-07-03 08:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Recovery 2015-07-03 08:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-07-03 08:55 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Windows NT 2015-07-03 08:52 - 2009-07-14 06:45 - 00274464 _____ C:\Windows\system32\FNTCACHE.DAT 2015-07-03 08:51 - 2009-07-14 06:46 - 00002790 _____ C:\Windows\DtcInstall.log 2015-07-03 08:51 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-07-03 08:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep 2015-07-03 08:50 - 2010-11-21 09:17 - 00000000 ____D C:\Windows\CSC ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-03 08:50 ==================== End of log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01 Ran by BOXI at 2015-07-03 14:42:54 Running from C:\Users\BOXI\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4217404165-918743094-1610603988-500 - Administrator - Disabled) BOXI (S-1-5-21-4217404165-918743094-1610603988-1000 - Administrator - Enabled) => C:\Users\BOXI Gast (S-1-5-21-4217404165-918743094-1610603988-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated) GameRanger (HKU\S-1-5-21-4217404165-918743094-1610603988-1000\...\GameRanger) (Version: - GameRanger Technologies) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 03-07-2015 08:55:19 Windows Update 03-07-2015 09:47:23 Windows Update 03-07-2015 10:10:21 Windows Modules Installer 03-07-2015 10:30:01 Windows Modules Installer ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0E8845C7-A54B-4F29-A568-3B559F0C5C59} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-03] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (Whitelisted) ============== 2012-12-07 16:16 - 2012-12-07 16:16 - 22224096 _____ () C:\Users\BOXI\AppData\Roaming\GameRanger\GameRanger Prefs\Components\libcef.dll 2015-07-03 14:36 - 2015-07-03 14:36 - 17321648 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4217404165-918743094-1610603988-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\BOXI\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe ==================== Faulty Device Manager Devices ============= Name: Basissystemgerät Description: Basissystemgerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/03/2015 02:25:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/03/2015 11:15:49 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/03/2015 11:12:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/03/2015 10:44:50 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/03/2015 10:10:13 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101). Error: (07/03/2015 09:39:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (07/03/2015 08:56:58 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . System errors: ============= Error: (07/03/2015 02:24:04 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 03.07.2015 um 11:19:01 unerwartet heruntergefahren. Error: (07/03/2015 11:11:17 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 03.07.2015 um 11:09:25 unerwartet heruntergefahren. Error: (07/03/2015 10:42:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst wuauserv erreicht. Microsoft Office: ========================= Error: (07/03/2015 02:25:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/03/2015 11:15:49 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/03/2015 11:12:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/03/2015 10:44:50 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/03/2015 10:10:13 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101 Error: (07/03/2015 09:39:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (07/03/2015 08:56:58 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. ==================== Memory info =========================== Processor: AMD FX(tm)-8350 Eight-Core Processor Percentage of memory in use: 56% Total physical RAM: 3071.55 MB Available physical RAM: 1348.7 MB Total Pagefile: 6141.31 MB Available Pagefile: 4388.58 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:100.68 GB) (Free:83.86 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 100.8 GB) (Disk ID: 02FD857A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=100.7 GB) - (Type=07 NTFS) ==================== End of log ============================ |
03.07.2015, 13:52 | #2 |
/// the machine /// TB-Ausbilder | GameRanger Gefahr? Hi,
__________________sieht gut aus
__________________ |
Themen zu GameRanger Gefahr? |
.dll, administrator, adobe flash player, adware, browser, defender, desktop, explorer, explorer.exe, fehler, flash player, frage, microsoft, programm, prozess, registry, security, services.exe, software, svchost.exe, system, system32, wallpaper, windows, winlogon.exe |