Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GameRanger Gefahr?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.07.2015, 14:51   #1
Mark13
 
GameRanger Gefahr? - Standard

GameRanger Gefahr?



Hallo Trojaner-Board,

ich bin vor einigen tagen auf ein tolles Programm gestoßen : Game Ranger. Es belebt den mutliplayer von Spielen wieder die nicht mehr vom hersteller aus Multiplayer unterstützt werden.

Um das zu erreichen werden wohl jedes mal wenn man ein spiel "hostet" kleine vpns erstellt.
Meine frage ist : Birgt das benutzen von Game Ranger Sicherheits risiken?

Ich habe auf einer VM nur Game ranger installiert und mit FRST Gescannt , wer weiß vielleicht hilft das ja weiter?

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by BOXI (administrator) on BOXI-PC on 03-07-2015 14:42:22
Running from C:\Users\BOXI\Downloads
Loaded Profiles: BOXI (Available Profiles: BOXI)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
(GameRanger Technologies) C:\Users\BOXI\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Startup: C:\Users\BOXI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk [2015-07-03]
ShortcutTarget: GameRanger.lnk -> C:\Users\BOXI\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4217404165-918743094-1610603988-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-4217404165-918743094-1610603988-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{614836BF-9160-4995-A5F3-2C75B5B20E2C}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-07-03] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-07-03] ()

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-03 18:50 - 2015-07-03 08:55 - 00000000 ____D C:\Windows\Panther
2015-07-03 18:49 - 2015-07-03 18:49 - 00000000 ____D C:\Hotfix
2015-07-03 18:49 - 2011-02-16 04:16 - 00000029 ___RH C:\Windows\version
2015-07-03 18:49 - 2011-02-16 04:16 - 00000013 ____R C:\Windows\csup.txt
2015-07-03 18:48 - 2015-07-03 18:48 - 00295922 _____ C:\Windows\system32\perfi007.dat
2015-07-03 18:48 - 2015-07-03 18:48 - 00038104 _____ C:\Windows\system32\perfd007.dat
2015-07-03 18:48 - 2015-07-03 18:48 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-07-03 18:48 - 2015-07-03 18:48 - 00000000 ____D C:\Windows\SysWOW64\de
2015-07-03 18:48 - 2015-07-03 18:48 - 00000000 ____D C:\Windows\SysWOW64\0407
2015-07-03 18:48 - 2015-07-03 18:48 - 00000000 ____D C:\Windows\system32\de
2015-07-03 18:48 - 2015-07-03 18:48 - 00000000 ____D C:\Windows\system32\0407
2015-07-03 18:48 - 2015-07-03 14:29 - 00643628 _____ C:\Windows\system32\perfh007.dat
2015-07-03 18:48 - 2015-07-03 14:29 - 00126188 _____ C:\Windows\system32\perfc007.dat
2015-07-03 14:42 - 2015-07-03 14:42 - 00003462 _____ C:\Users\BOXI\Downloads\FRST.txt
2015-07-03 14:42 - 2015-07-03 14:42 - 00000000 ____D C:\FRST
2015-07-03 14:41 - 2015-07-03 14:41 - 02112512 _____ (Farbar) C:\Users\BOXI\Downloads\FRST64.exe
2015-07-03 14:40 - 2015-07-03 14:40 - 00000000 ____D C:\Users\BOXI\AppData\Roaming\Macromedia
2015-07-03 14:40 - 2015-07-03 14:40 - 00000000 ____D C:\Users\BOXI\AppData\Roaming\Adobe
2015-07-03 14:36 - 2015-07-03 14:37 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-03 14:36 - 2015-07-03 14:36 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-03 14:36 - 2015-07-03 14:36 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-03 14:36 - 2015-07-03 14:36 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-03 14:36 - 2015-07-03 14:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-07-03 14:36 - 2015-07-03 14:36 - 00000000 ____D C:\Windows\system32\Macromed
2015-07-03 14:35 - 2015-07-03 14:35 - 00114352 _____ (GameRanger Technologies) C:\Users\BOXI\Downloads\GameRangerSetup.exe
2015-07-03 14:35 - 2015-07-03 14:35 - 00001031 _____ C:\Users\BOXI\Desktop\GameRanger.lnk
2015-07-03 14:35 - 2015-07-03 14:35 - 00001017 _____ C:\Users\BOXI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
2015-07-03 14:35 - 2015-07-03 14:35 - 00000000 ____D C:\Users\BOXI\AppData\Roaming\GameRanger
2015-07-03 14:34 - 2015-07-03 14:35 - 01636352 _____ (Farbar) C:\Users\BOXI\Downloads\FRST.exe
2015-07-03 10:31 - 2012-07-26 05:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-07-03 10:31 - 2012-07-26 05:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-07-03 10:31 - 2012-07-26 05:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-07-03 10:31 - 2012-07-26 05:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-07-03 10:31 - 2012-07-26 05:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-07-03 10:31 - 2012-07-26 04:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-07-03 10:31 - 2012-07-26 04:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-07-03 10:31 - 2012-06-02 16:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-07-03 10:30 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-03 10:30 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-07-03 10:30 - 2012-03-01 08:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2015-07-03 10:30 - 2012-03-01 08:38 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-03 10:30 - 2012-03-01 08:33 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-07-03 10:30 - 2012-03-01 08:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2015-07-03 10:30 - 2012-03-01 07:37 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-03 10:30 - 2012-03-01 07:33 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2015-07-03 10:30 - 2012-03-01 07:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2015-07-03 10:15 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-07-03 10:15 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-07-03 10:15 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-07-03 10:15 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-07-03 10:15 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-07-03 10:15 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-07-03 10:15 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-07-03 10:15 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-07-03 09:40 - 2012-02-17 08:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2015-07-03 09:40 - 2012-02-17 07:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2015-07-03 09:40 - 2012-02-17 06:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-07-03 09:40 - 2012-02-17 06:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2015-07-03 08:55 - 2015-07-03 14:34 - 02061129 _____ C:\Windows\WindowsUpdate.log
2015-07-03 08:55 - 2015-07-03 08:55 - 00001439 _____ C:\Users\BOXI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-03 08:55 - 2015-07-03 08:55 - 00001405 _____ C:\Users\BOXI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-07-03 08:55 - 2015-07-03 08:55 - 00000020 ___SH C:\Users\BOXI\ntuser.ini
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\Vorlagen
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\Startmenü
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\Vorlagen
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\Startmenü
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\Netzwerkumgebung
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\Lokale Einstellungen
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\Eigene Dateien
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\Druckumgebung
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\Documents\Eigene Musik
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\Documents\Eigene Bilder
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\AppData\Local\Verlauf
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\AppData\Local\Anwendungsdaten
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Users\BOXI\Anwendungsdaten
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Programme
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\ProgramData\Vorlagen
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\ProgramData\Startmenü
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\ProgramData\Favoriten
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\ProgramData\Dokumente
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 _SHDL C:\Dokumente und Einstellungen
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 __SHD C:\Recovery
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 ____D C:\Users\BOXI\AppData\Local\VirtualStore
2015-07-03 08:55 - 2015-07-03 08:55 - 00000000 ____D C:\Users\BOXI
2015-07-03 08:55 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-03 08:55 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-03 08:55 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-03 08:55 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-03 08:55 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-03 08:55 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-03 08:55 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-03 08:55 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-03 08:55 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-03 08:55 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-03 08:55 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-03 08:55 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-03 08:55 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-03 08:55 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-03 08:55 - 2009-07-14 06:54 - 00000000 ___RD C:\Users\BOXI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-03 08:55 - 2009-07-14 06:49 - 00000000 ___RD C:\Users\BOXI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-03 08:51 - 2015-07-03 08:51 - 00001355 _____ C:\Windows\TSSysprep.log
2015-07-03 08:51 - 2015-07-03 08:51 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-07-03 08:51 - 2015-07-03 08:51 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-03 18:49 - 2009-07-14 07:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2015-07-03 18:49 - 2009-07-14 07:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-07-03 18:49 - 2009-07-14 06:45 - 00000000 ____D C:\Windows\Setup
2015-07-03 18:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe
2015-07-03 18:48 - 2010-11-21 09:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-03 18:48 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\winrm
2015-07-03 18:48 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\WCN
2015-07-03 18:48 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\sysprep
2015-07-03 18:48 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2015-07-03 18:48 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-07-03 18:48 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\winrm
2015-07-03 18:48 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\WCN
2015-07-03 18:48 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\slmgr
2015-07-03 18:48 - 2010-11-21 09:06 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2015-07-03 18:48 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\DigitalLocker
2015-07-03 18:48 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-07-03 18:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-07-03 18:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-07-03 18:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-07-03 18:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-07-03 18:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2015-07-03 18:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-07-03 18:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\com
2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Setup
2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\MUI
2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\com
2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\IME
2015-07-03 18:48 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-03 14:29 - 2009-07-14 07:13 - 01472002 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-03 14:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-03 14:24 - 2009-07-14 06:51 - 00022032 _____ C:\Windows\setupact.log
2015-07-03 10:46 - 2009-07-14 06:45 - 00020848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-03 10:46 - 2009-07-14 06:45 - 00020848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-03 08:55 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\restore
2015-07-03 08:55 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-03 08:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Recovery
2015-07-03 08:55 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-03 08:55 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Windows NT
2015-07-03 08:52 - 2009-07-14 06:45 - 00274464 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-03 08:51 - 2009-07-14 06:46 - 00002790 _____ C:\Windows\DtcInstall.log
2015-07-03 08:51 - 2009-07-14 05:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-03 08:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-07-03 08:50 - 2010-11-21 09:17 - 00000000 ____D C:\Windows\CSC

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-03 08:50

==================== End of log ============================
         
Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by BOXI at 2015-07-03 14:42:54
Running from C:\Users\BOXI\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4217404165-918743094-1610603988-500 - Administrator - Disabled)
BOXI (S-1-5-21-4217404165-918743094-1610603988-1000 - Administrator - Enabled) => C:\Users\BOXI
Gast (S-1-5-21-4217404165-918743094-1610603988-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
GameRanger (HKU\S-1-5-21-4217404165-918743094-1610603988-1000\...\GameRanger) (Version:  - GameRanger Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

03-07-2015 08:55:19 Windows Update
03-07-2015 09:47:23 Windows Update
03-07-2015 10:10:21 Windows Modules Installer
03-07-2015 10:30:01 Windows Modules Installer

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E8845C7-A54B-4F29-A568-3B559F0C5C59} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-03] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2012-12-07 16:16 - 2012-12-07 16:16 - 22224096 _____ () C:\Users\BOXI\AppData\Roaming\GameRanger\GameRanger Prefs\Components\libcef.dll
2015-07-03 14:36 - 2015-07-03 14:36 - 17321648 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4217404165-918743094-1610603988-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\BOXI\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2015 02:25:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2015 11:15:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2015 11:12:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2015 10:44:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2015 10:10:13 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).

Error: (07/03/2015 09:39:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error: (07/03/2015 08:56:58 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.


System errors:
=============
Error: (07/03/2015 02:24:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎03.‎07.‎2015 um 11:19:01 unerwartet heruntergefahren.

Error: (07/03/2015 11:11:17 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎03.‎07.‎2015 um 11:09:25 unerwartet heruntergefahren.

Error: (07/03/2015 10:42:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst wuauserv erreicht.


Microsoft Office:
=========================
Error: (07/03/2015 02:25:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2015 11:15:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2015 11:12:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2015 10:44:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2015 10:10:13 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (07/03/2015 09:39:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (07/03/2015 08:56:58 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.


==================== Memory info =========================== 

Processor: AMD FX(tm)-8350 Eight-Core Processor 
Percentage of memory in use: 56%
Total physical RAM: 3071.55 MB
Available physical RAM: 1348.7 MB
Total Pagefile: 6141.31 MB
Available Pagefile: 4388.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:100.68 GB) (Free:83.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 100.8 GB) (Disk ID: 02FD857A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.7 GB) - (Type=07 NTFS)

==================== End of log ============================
         

Alt 03.07.2015, 14:52   #2
schrauber
/// the machine
/// TB-Ausbilder
 

GameRanger Gefahr? - Standard

GameRanger Gefahr?



Hi,

sieht gut aus
__________________

__________________

Antwort

Themen zu GameRanger Gefahr?
.dll, administrator, adobe flash player, adware, browser, defender, desktop, explorer, explorer.exe, fehler, flash player, frage, microsoft, programm, prozess, registry, security, services.exe, software, svchost.exe, system, system32, wallpaper, windows, winlogon.exe



Ähnliche Themen: GameRanger Gefahr?


  1. Hintergrund: Passwörter in Gefahr - was nun?
    Nachrichten - 10.04.2014 (0)
  2. Serielle Gefahr im Internet
    Nachrichten - 25.04.2013 (0)
  3. Trojan.Encoder - HDD in Gefahr
    Nachrichten - 12.02.2012 (0)
  4. Trojaner Gefahr
    Log-Analyse und Auswertung - 11.07.2011 (6)
  5. Schreckliche Gefahr von '007guard.com'!......?
    Plagegeister aller Art und deren Bekämpfung - 03.04.2011 (15)
  6. Gefahr auf Virus?
    Log-Analyse und Auswertung - 01.04.2010 (14)
  7. toolbarurlsearchhook (Trojan.BHO) - Gefahr?-
    Plagegeister aller Art und deren Bekämpfung - 06.08.2009 (11)
  8. Broban eine Gefahr?
    Diskussionsforum - 09.09.2006 (14)
  9. besteht hier gefahr bei icq?
    Überwachung, Datenschutz und Spam - 10.01.2006 (2)
  10. Gefahr durch Punkbuster?
    Überwachung, Datenschutz und Spam - 20.06.2005 (3)
  11. bitte! bin ich eine Gefahr??
    Plagegeister aller Art und deren Bekämpfung - 27.01.2005 (3)
  12. svchost.exe svshost.exe GEFAHR?
    Plagegeister aller Art und deren Bekämpfung - 05.11.2004 (5)
  13. XP-Antispy und Dialer-GEFAHR
    Plagegeister aller Art und deren Bekämpfung - 05.08.2003 (5)

Zum Thema GameRanger Gefahr? - Hallo Trojaner-Board, ich bin vor einigen tagen auf ein tolles Programm gestoßen : Game Ranger. Es belebt den mutliplayer von Spielen wieder die nicht mehr vom hersteller aus Multiplayer unterstützt - GameRanger Gefahr?...
Archiv
Du betrachtest: GameRanger Gefahr? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.