| FitschFatsch | 08.02.2015 19:54 |
.scr Datei (Avira verdacht auf Trojaner)
Hallo.
Ich komme gleich mal zur Sache!
Mir wurde vor kaum 2 Stunden eine Anfrage zum Handel, auf Steam geschickt. Natürlich mit passendem "Link" zu einem vermeintlichen Item.
Dieser Link führte mich jedoch lediglich zu einer Seite, welche automatisch eine unter dem Decknamen screenshot_815844.scr Datei runter geladen hat.
Avira erkannte hierbei jedoch sofort einen Trojaner " TR/Dropper.MSIL.GEN"
Mein erster Schritt war ein Vollständiger System Scan.. jedoch ohne weiteren Fund. Weshalb ich auf Nummer sicher ging. Und meinen Rechner, mittels Systemwiederherstellung auf einen früheren Zeitpunkt wiederhergestellt habe.
Nun meine Frage:
Welche Schritte sollten noch unternommen werden?
FRST Logs sind ebenso vorhanden
Addition.txt Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Marcel at 2015-02-08 19:00:09
Running from C:\Users\Marcel\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
AMD OverDrive (HKLM-x32\...\{34D5220A-58D0-473C-90E4-15136C3FB0E3}) (Version: 4.3.1.0690 - Advanced Micro Devices, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Battlefield 2 (HKLM-x32\...\{A8DBF55D-73C0-4E37-A10E-365BFBB14119}) (Version: 1.5.0.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Command & Conquer™ 4 Tiberian Twilight (HKLM-x32\...\{BA4C8F9F-D81B-4AFE-AE5A-3837830F5B89}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Renegade (HKLM-x32\...\{97B5E8B9-D5E6-49C4-8CDA-7E096BE2601A}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™: Generals and Zero Hour (HKLM-x32\...\{609F6FD5-4B22-4D7A-AD30-8C9DD480D5BE}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Deckadance (HKLM-x32\...\Deckadance) (Version: 2.0 - Image-Line)
DirectWave (HKLM-x32\...\DirectWave) (Version: - Image-Line)
DriverIdentifier 4.2.8 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version: - DriverIdentifier)
FileZilla Client 3.10.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.10.0.2 - Tim Kosse)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version: - Fistful of Frags Team)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.53.128 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.53.128 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.54.128 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.54.128 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\{0AF824B2-4F7D-325F-82E9-4758EBD12AB0}) (Version: 66.41.32862 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grand Theft Auto (HKLM-x32\...\Grand Theft Auto) (Version: - )
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar North)
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version: - Rockstar North / Toronto)
GTA2 (HKLM-x32\...\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}) (Version: 1.00.001 - )
HeavyLoad V3.3 (64 bit) (HKLM\...\HeavyLoad_is1) (Version: 3.3 - JAM Software)
IL Gross Beat (HKLM-x32\...\IL Gross Beat) (Version: - Image-Line)
IL Juice Pack (HKLM-x32\...\IL Juice Pack) (Version: - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version: - Image-Line)
IL Vocodex (HKLM-x32\...\IL Vocodex) (Version: - Image-Line)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software 8.12 (HKLM\...\{690285C2-2481-44FB-8402-162EA970A6DD}) (Version: 8.12.030 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Maximus (HKLM-x32\...\Maximus) (Version: - Image-Line)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Morphine (HKLM-x32\...\Morphine) (Version: - Image-Line bvba)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Opera Stable 27.0.1689.66 (HKLM-x32\...\Opera 27.0.1689.66) (Version: 27.0.1689.66 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PoiZone (HKLM-x32\...\PoiZone) (Version: - Image-Line)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-8521178-4176727230-657539459-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Spotify (HKU\S-1-5-21-8521178-4176727230-657539459-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version: - Pandemic Studios)
Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version: - Raven Software)
Star Wars Republic Commando (HKLM-x32\...\Steam App 6000) (Version: - LucasArts)
Star Wars: Dark Forces (HKLM-x32\...\Steam App 32400) (Version: - LucasArts)
Star Wars: Empire at War Gold (HKLM-x32\...\Steam App 32470) (Version: - Petroglyph)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)
Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version: - Obsidian Entertainment)
Star Wars: The Force Unleashed II (HKLM-x32\...\Steam App 32500) (Version: - Aspyr Studios)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Supreme Commander 2 (HKLM-x32\...\Steam App 40100) (Version: - Gas Powered Games)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38475 - TeamViewer)
Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version: - Image-Line bvba)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
04-02-2015 01:34:36 Windows Update
04-02-2015 09:32:35 Installed GTA2
04-02-2015 11:52:49 DirectX wurde installiert
05-02-2015 02:38:00 Windows Update
05-02-2015 14:09:47 DirectX wurde installiert
05-02-2015 14:11:24 DirectX wurde installiert
06-02-2015 03:00:17 Windows Update
06-02-2015 19:59:27 DirectX wurde installiert
06-02-2015 20:43:40 DirectX wurde installiert
07-02-2015 21:08:55 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
07-02-2015 21:09:34 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
08-02-2015 16:32:18 DirectX wurde installiert
08-02-2015 16:34:26 Installed Ubisoft Game Launcher
08-02-2015 18:30:35 Wiederherstellungsvorgang
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {039E74A2-3436-4FF5-A81F-B3680068A2FA} - System32\Tasks\{DC0E4CF5-1E1F-4079-A8CF-7135D90C658C} => pcalua.exe -a "I:\Neuer Ordner\Neuer Ordner\LeagueofLegends_EUW_Installer_9_15_2014.exe" -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102; /out:"C:\Users\Marcel\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:5660
Task: {1585E660-AAC7-4D6A-A78B-3964288462B3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31] (Google Inc.)
Task: {282FEB43-D080-4CCA-B16A-E2E76F53A0CB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {342395E0-B503-4F03-9A77-6785A93CCA85} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_296_pepper.exe
Task: {45A9DF53-366F-45E4-986C-F4E7693D8CF0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {62D2D577-97F8-415D-ABA3-DD02721C50C7} - System32\Tasks\{971383D1-F360-4C51-BE96-14727CD3A2C8} => pcalua.exe -a C:\Users\Marcel\Downloads\wlsetup-web.exe -d C:\Users\Marcel\Downloads
Task: {650AD561-915C-4707-87A2-AD4ED8F5BFA9} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-02-03] ()
Task: {8E00F75A-78D0-4368-8E4B-221E161C38B5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {C4F59811-CFCD-4913-8181-37B7E0F99AD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-31] (Google Inc.)
Task: {DA8BF2FD-57B2-42D2-AD32-256AB962F5A8} - System32\Tasks\Opera scheduled Autoupdate 1422715970 => C:\Program Files (x86)\Opera\launcher.exe [2015-02-02] (Opera Software)
Task: {EF4F10B2-0F17-47C6-B88B-6FB687E0F4F6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_296_pepper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-01-31 15:46 - 2015-01-10 00:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-08 11:10 - 2014-12-08 11:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-02-01 18:23 - 2015-02-01 18:23 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-02-02 14:27 - 2015-02-02 14:27 - 00118784 _____ () C:\Program Files\Logitech Gaming Software\plugins\DevMgr-8.12.077\DevMgr.dll
2015-02-02 14:27 - 2015-02-02 14:27 - 00705536 _____ () C:\Program Files\Logitech Gaming Software\plugins\MainUI-8.12.179\MainUI.dll
2015-02-02 14:27 - 2015-02-02 14:27 - 00123904 _____ () C:\Program Files\Logitech Gaming Software\plugins\DevBusBulk-8.12.076\DevBusBulk.dll
2015-02-02 14:27 - 2015-02-02 14:27 - 00125952 _____ () C:\Program Files\Logitech Gaming Software\plugins\DevBusHid-8.12.078\DevBusHid.dll
2015-02-02 14:27 - 2015-02-02 14:27 - 00098304 _____ () C:\Program Files\Logitech Gaming Software\plugins\SimInput-8.12.068\SimInput.dll
2015-02-02 14:27 - 2015-02-02 14:27 - 00272384 _____ () C:\Program Files\Logitech Gaming Software\plugins\G13Device-8.12.155\G13Device.dll
2015-02-02 14:27 - 2015-02-02 14:27 - 00297984 _____ () C:\Program Files\Logitech Gaming Software\plugins\G19Device-8.12.147\G19Device.dll
2015-02-02 14:27 - 2015-02-02 14:27 - 00034304 _____ () C:\Program Files\Logitech Gaming Software\plugins\PnpGamePanelDevices-8.12.049\PnpGamePanelDevices.dll
2015-02-03 13:49 - 2015-02-03 13:49 - 00552056 _____ () C:\Program Files (x86)\Opera\27.0.1689.66\opera_crashreporter.exe
2015-01-16 16:34 - 2015-01-16 16:34 - 00039200 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-02-03 13:49 - 2015-02-03 13:49 - 01408632 _____ () C:\Program Files (x86)\Opera\27.0.1689.66\libglesv2.dll
2015-02-03 13:49 - 2015-02-03 13:49 - 00219256 _____ () C:\Program Files (x86)\Opera\27.0.1689.66\libegl.dll
2015-02-03 13:49 - 2015-02-03 13:49 - 09510520 _____ () C:\Program Files (x86)\Opera\27.0.1689.66\pdf.dll
2015-01-31 15:54 - 2015-01-23 11:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-8521178-4176727230-657539459-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-8521178-4176727230-657539459-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-8521178-4176727230-657539459-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Fl studio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-8521178-4176727230-657539459-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Fl studio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-8521178-4176727230-657539459-500 - Administrator - Disabled)
Fl studio (S-1-5-21-8521178-4176727230-657539459-1005 - Limited - Enabled) => C:\Users\Fl studio
Gast (S-1-5-21-8521178-4176727230-657539459-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-8521178-4176727230-657539459-1004 - Limited - Enabled)
Marcel (S-1-5-21-8521178-4176727230-657539459-1001 - Administrator - Enabled) => C:\Users\Marcel
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/08/2015 06:34:14 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (02/08/2015 06:34:14 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (02/08/2015 06:34:13 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (02/07/2015 08:02:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1698
Startzeit: 01d0430897411281
Endzeit: 2
Anwendungspfad: G:\Games\League of Legends\League of Legends\RADS\system\rads_user_kernel.exe
Berichts-ID: e05e9d8e-aefb-11e4-b2e4-00241dc052f3
Error: (02/07/2015 01:09:42 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (02/07/2015 01:09:42 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (02/07/2015 01:09:39 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (02/06/2015 08:04:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SWTFU2.exe, Version: 1.1.0.0, Zeitstempel: 0x4cf3fa59
Name des fehlerhaften Moduls: SWTFU2.exe, Version: 1.1.0.0, Zeitstempel: 0x4cf3fa59
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012b3a
ID des fehlerhaften Prozesses: 0x31e8
Startzeit der fehlerhaften Anwendung: 0xSWTFU2.exe0
Pfad der fehlerhaften Anwendung: SWTFU2.exe1
Pfad des fehlerhaften Moduls: SWTFU2.exe2
Berichtskennung: SWTFU2.exe3
Error: (02/06/2015 06:47:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LCDMovieViewer.exe, Version: 3.6.109.0, Zeitstempel: 0x4c5843f9
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000337a2
ID des fehlerhaften Prozesses: 0xc44
Startzeit der fehlerhaften Anwendung: 0xLCDMovieViewer.exe0
Pfad der fehlerhaften Anwendung: LCDMovieViewer.exe1
Pfad des fehlerhaften Moduls: LCDMovieViewer.exe2
Berichtskennung: LCDMovieViewer.exe3
Error: (02/05/2015 06:43:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LCDMovieViewer.exe, Version: 3.6.109.0, Zeitstempel: 0x4c5843f9
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000343e0
ID des fehlerhaften Prozesses: 0x1948
Startzeit der fehlerhaften Anwendung: 0xLCDMovieViewer.exe0
Pfad der fehlerhaften Anwendung: LCDMovieViewer.exe1
Pfad des fehlerhaften Moduls: LCDMovieViewer.exe2
Berichtskennung: LCDMovieViewer.exe3
System errors:
=============
Error: (02/08/2015 07:44:47 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/07/2015 09:27:38 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (02/07/2015 09:27:38 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (02/07/2015 09:27:38 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (02/06/2015 11:43:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/05/2015 02:37:34 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (02/05/2015 01:46:39 AM) (Source: WMPNetworkSvc) (EventID: 14365) (User: )
Description: 0x80004004-1
Error: (02/04/2015 07:57:58 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (02/04/2015 07:57:57 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Error: (02/04/2015 07:57:57 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.
Microsoft Office Sessions:
=========================
Error: (02/08/2015 06:34:14 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (02/08/2015 06:34:14 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (02/08/2015 06:34:13 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (02/07/2015 08:02:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rads_user_kernel.exe0.0.0.0169801d04308974112812G:\Games\League of Legends\League of Legends\RADS\system\rads_user_kernel.exee05e9d8e-aefb-11e4-b2e4-00241dc052f3
Error: (02/07/2015 01:09:42 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (02/07/2015 01:09:42 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (02/07/2015 01:09:39 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
Error: (02/06/2015 08:04:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SWTFU2.exe1.1.0.04cf3fa59SWTFU2.exe1.1.0.04cf3fa59c000000500012b3a31e801d0423f5f2aee28F:\steam games\steamapps\common\Star Wars The Force Unleashed 2\SWTFU2.exeF:\steam games\steamapps\common\Star Wars The Force Unleashed 2\SWTFU2.exeecba6154-ae32-11e4-a9ad-00241dc052f3
Error: (02/06/2015 06:47:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LCDMovieViewer.exe3.6.109.04c5843f9ntdll.dll6.1.7601.18247521ea8e7c0000005000337a2c4401d041b216e0ca31C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-8.12.071\Applets\x86\LCDMovieViewer.exeC:\Windows\SysWOW64\ntdll.dll3f0624f0-ae28-11e4-a9ad-00241dc052f3
Error: (02/05/2015 06:43:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LCDMovieViewer.exe3.6.109.04c5843f9ntdll.dll6.1.7601.18247521ea8e7c0000005000343e0194801d0412a03d8af62C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsColor-8.12.071\Applets\x86\LCDMovieViewer.exeC:\Windows\SysWOW64\ntdll.dll7ca6c650-ad5e-11e4-a9ad-00241dc052f3
CodeIntegrity Errors:
===================================
Date: 2015-02-03 21:18:46.006
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-03 21:18:45.999
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-03 21:18:45.993
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-03 21:18:45.923
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-02 18:44:16.775
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-02 18:44:16.774
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-02 18:44:16.772
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-02 18:44:16.771
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-02 18:03:36.233
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-02 18:03:36.231
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Users\Marcel\Desktop\Neuer Ordner\RpcRtRemote.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X4 965 Processor
Percentage of memory in use: 50%
Total physical RAM: 8189.49 MB
Available physical RAM: 4091.85 MB
Total Pagefile: 16377.17 MB
Available Pagefile: 10862.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.7 GB) (Free:97.22 GB) NTFS
Drive d: () (Fixed) (Total:465.71 GB) (Free:85.98 GB) NTFS
Drive f: (Downloads) (Fixed) (Total:931.51 GB) (Free:326.79 GB) NTFS
Drive g: (Spiele&Programme) (Fixed) (Total:931.51 GB) (Free:34.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 64F7A0F4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 94718D84)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 94718D9B)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ich hoffe das mir jemand hierbei helfen kann :(
Mfg. FitschFatsch |
Emsisoft Emergency Kit herunter.