|
Log-Analyse und Auswertung: Windows 7, grüner Bildschirm bei Start, Installation Stand Feb 2012Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.09.2013, 13:43 | #1 |
| Windows 7, grüner Bildschirm bei Start, Installation Stand Feb 2012 Hallo, mein Mutter hat heute ihren Laptop hochgefahren, dann war er grün und sie konnte nur die "Installation" (habs leider nicht gesehen und weiß nicht, wie es hieß) auf den Stand von Februar 2012 auswählen. Das hat sie dann auch gemacht. Jetzt ist alles weg, das Antivirenprogramm ist angeblich abgelaufen, dabei wurde es erst vor ein paar Monaten neu abonniert. In outlook sind die ganzen Mails nach Feb 2012 weg, die seitdem neuinstallierten Programme und ganzen Dateien sind weg. Außerdem erkennt der laptop die WLAN-Verbindung nicht mehr. Die hab ich jetzt erst mal noch nicht wieder neu eingegeben. Ich war leider nicht dabei, sonst hätte ich sie davon abgehalten. Was ist da passiert? Warum ist dieser grüne Bildschirm gekommen und kann ich noch irgendetwas retten? Ich hab leider nirgends etwas gefunden. Hoffe, jemand kann mir helfen. Hab auch noch nichts gemacht, also nen Scan oder so, weil ich mir nicht sicher bin, was ich jetzt machen soll. Vielen Dank. MfG. ela |
09.09.2013, 14:30 | #2 |
/// the machine /// TB-Ausbilder | Windows 7, grüner Bildschirm bei Start, Installation Stand Feb 2012 hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
09.09.2013, 15:09 | #3 |
| Windows 7, grüner Bildschirm bei Start, Installation Stand Feb 2012 Ach ja, hab vergessen zu schreiben, dass jetzt beim Start ganz am Anfang immer "starting Windows" dasteht.
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 Ran by Samsung (administrator) on SAMSUNG-PC on 09-09-2013 16:57:10 Running from C:\Users\Samsung\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\windows\system32\nvvsvc.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\fssm32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSHDLL64.EXE (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\fshoster32.exe (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Spam Control\fsscoepl_x64.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe (SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-13] (ELAN Microelectronics Corp.) HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 HKLM-x32\...\Run: [F-Secure Hoster] - C:\Program Files (x86)\F-Secure\fshoster32.exe [160424 2011-12-14] (F-Secure Corporation) HKLM-x32\...\Run: [F-Secure Manager] - C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSM32.EXE [310936 2011-12-19] (F-Secure Corporation) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Samsung BHO Class - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Browsing Protection Class - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll (F-Secure Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\BPP\iescript\BaseLitmus.dll (F-Secure Corporation) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\yn1lg684.default FF NetworkProxy: "type", 0 FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [litmus-ff@f-secure.com] C:\Program Files (x86)\F-Secure\apps\OnlineSafety\BPP\litmus-ff@f-secure.com\ FF Extension: No Name - C:\Program Files (x86)\F-Secure\apps\OnlineSafety\BPP\litmus-ff@f-secure.com\ ==================== Services (Whitelisted) ================= R3 FSDFWD; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FWES\Program\fsdfwd.exe [920216 2011-12-19] (F-Secure Corporation) R2 fshoster; C:\Program Files (x86)\F-Secure\fshoster32.exe [160424 2011-12-14] (F-Secure Corporation) R3 FSMA; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSMA32.EXE [212632 2011-12-19] (F-Secure Corporation) R2 FSORSPClient; C:\Program Files (x86)\F-Secure\apps\CCF_Reputation\fsorsp.exe [61120 2011-12-12] (F-Secure Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () ==================== Drivers (Whitelisted) ==================== R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [198808 2012-02-24] () R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [198808 2012-02-24] () R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [62120 2012-02-24] (F-Secure Corporation) R1 F-Secure HIPS; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\HIPS\drivers\fshs.sys [62120 2012-02-24] (F-Secure Corporation) R3 fsccsys1330092172; C:\windows\System32\drivers\fsccsys.sys [60408 2011-12-19] (F-Secure Corporation) R1 FSES; C:\Windows\System32\drivers\fses.sys [44984 2011-12-19] (F-Secure Corporation) R1 FSFW; C:\Windows\System32\drivers\fsdfw.sys [94072 2011-12-19] (F-Secure Corporation) R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13976 2011-12-19] () R1 fsvista; C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [13976 2011-12-19] () S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-12-01] (Windows (R) 2003 DDK 3790 provider) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-12-01] (Windows (R) 2003 DDK 3790 provider) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-09 16:56 - 2013-09-09 15:55 - 01948948 _____ (Farbar) C:\Users\Samsung\Desktop\FRST64.exe ==================== One Month Modified Files and Folders ======= 2013-09-09 16:57 - 2013-09-09 16:57 - 00000000 ____D C:\FRST 2013-09-09 16:56 - 2009-07-14 06:51 - 00043613 _____ C:\windows\setupact.log 2013-09-09 16:55 - 2011-10-31 22:16 - 00646482 _____ C:\windows\system32\perfh007.dat 2013-09-09 16:55 - 2011-10-31 22:16 - 00127608 _____ C:\windows\system32\perfc007.dat 2013-09-09 16:55 - 2009-07-14 07:13 - 01480174 _____ C:\windows\system32\PerfStringBackup.INI 2013-09-09 16:54 - 2011-10-31 22:39 - 01810973 _____ C:\windows\WindowsUpdate.log 2013-09-09 16:51 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-09-09 16:50 - 2009-07-14 06:45 - 00020992 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-09 16:50 - 2009-07-14 06:45 - 00020992 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-09 16:41 - 2009-07-14 05:20 - 00000000 ____D C:\windows\system32\NDF 2013-09-09 15:55 - 2013-09-09 16:56 - 01948948 _____ (Farbar) C:\Users\Samsung\Desktop\FRST64.exe 2013-09-09 14:02 - 2012-02-24 19:34 - 00000000 ____D C:\Users\Samsung\Documents\Outlook-Dateien Files to move or delete: ==================== C:\Users\Samsung\AppData\Local\Temp\FSINSTALLER9E2EBE810265.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-09 10:32 ==================== End Of Log ============================ --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013 Ran by Samsung at 2013-09-09 16:57:36 Running from C:\Users\Samsung\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= „Windows Live Essentials“ (x32 Version: 15.4.3502.0922) „Windows Live Mail“ (x32 Version: 15.4.3502.0922) „Windows Live Messenger“ (x32 Version: 15.4.3538.0513) „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922) adcom 802.11 Network Adapter (Version: 5.60.48.55) Adobe Flash Player 10 ActiveX (x32 Version: 10.1.53.64) Adobe Reader 9.1 - Deutsch (x32 Version: 9.1.0) Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82) Atheros Client Installation Program (x32 Version: 9.0) BatteryLifeExtender (x32 Version: 1.0.11) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95) Bing Bar (x32 Version: 7.0.610.0) Build-a-lot (x32 Version: 2.2.0.82) Chuzzle Deluxe (x32 Version: 2.2.0.82) Computer Security 12.49.104.0 (release) (x32 Version: 12.49.104.0) CyberLink Media Suite (x32 Version: 8.0.2227) CyberLink Media+ Player10 (x32 Version: 10.0.1110.00) CyberLink MediaShow (x32 Version: 5.0.1130a) CyberLink Power2Go (x32 Version: 6.1.3802) CyberLink PowerDirector (x32 Version: 8.0.3306) CyberLink YouCam (x32 Version: 3.1.3509) D3DX10 (x32 Version: 15.4.2368.0902) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82) Easy Content Share (x32 Version: 1.0) Easy Display Manager (x32 Version: 3.2) Easy Migration (x32 Version: 1.0) Easy Network Manager (x32 Version: 4.4.7) Easy SpeedUp Manager (x32 Version: 2.1.1.1) EasyBatteryManager (x32 Version: 4.0.0.4) EasyFileShare (x32 Version: 1.0.12) ETDWare PS/2-X64 8.0.7.2_WHQL (Version: 8.0.7.2) Farm Frenzy (x32 Version: 2.2.0.82) Fast Start (x32 Version: 2.2.0.1) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922) F-Secure CCF Reputation (x32 Version: 1.0.24.1358) F-Secure Launch pad (x32 Version: 1.49.436.0) F-Secure Network CCF 1.02.106 (x32 Version: 1.02.106) Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922) Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922) Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922) Galerie de photos Windows Live (x32 Version: 15.4.3502.0922) Galerie foto Windows Live (x32 Version: 15.4.3502.0922) Insaniquarium Deluxe (x32 Version: 2.2.0.82) Intel PROSet Wireless (x32) Intel(R) Management Engine Components (x32 Version: 7.0.0.1144) Intel(R) PROSet/Wireless WiFi Software (Version: 14.01.1000) Intel(R) Rapid Storage Technology (x32 Version: 10.1.5.1001) John Deere Drive Green (x32 Version: 2.2.0.82) Junk Mail filter update (x32 Version: 15.4.3502.0922) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4763.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.4763.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.4763.1000) Microsoft Silverlight (x32 Version: 4.0.50401.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Movie Color Enhancer (x32 Version: 1.0) Mozilla Firefox 10.0.2 (x86 de) (x32 Version: 10.0.2) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) Multimedia POP (x32 Version: 1.0) Norton Online Backup (x32 Version: 2.1.17869) NVIDIA Display Control Panel (Version: 6.14.12.6704) NVIDIA Graphics Driver 267.04 (Version: 267.04) NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1) NVIDIA Install Application (Version: 2.265.39.0) Online Safety 1.49.30982.0 (x32 Version: 1.49.30982.0) Peggle (x32 Version: 2.2.0.82) Penguins! (x32 Version: 2.2.0.82) PhoneShare (x32 Version: 9.1.4) Plants vs. Zombies (x32 Version: 2.2.0.82) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922) Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922) Polar Golfer (x32 Version: 2.2.0.82) Pošta Windows Live (x32 Version: 15.4.3502.0922) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922) Realtek Ethernet Controller Driver (x32 Version: 7.40.126.2011) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6400) Samsung AnyWeb Print (x32 Version: 2.0.67.1) Samsung Printer Live Update (x32) Samsung Recovery Solution 5 (x32 Version: 5.0.1.0) Samsung Support Center (x32 Version: 1.1.24) Samsung Universal Print Driver (x32 Version: 2.02.05.00:27) Samsung Universal Scan Driver (x32 Version: 1.2.5.0) Samsung Update Plus (x32 Version: 3.0.0.17) Skype™ 4.2 (x32 Version: 4.2.169) Update for Microsoft Outlook Social Connector (KB2583935) (x32) User Guide (x32 Version: 1.7) WildTangent Games (x32 Version: 1.0.1.5) WildTangent ORB Game Console (x32) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922) Windows Live Fotogaléria (x32 Version: 15.4.3502.0922) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live Foto-galerija (x32 Version: 15.4.3502.0922) Windows Live Fotogalleri (x32 Version: 15.4.3502.0922) Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922) Windows Live Fotótár (x32 Version: 15.4.3502.0922) Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922) Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3538.0513) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Pošta (x32 Version: 15.4.3502.0922) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows Live 메일 (x32 Version: 15.4.3502.0922) Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922) Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922) Windows Live 影像中心 (x32 Version: 15.4.3502.0922) Windows Live 照片库 (x32 Version: 15.4.3502.0922) Windows Live 程式集 (x32 Version: 15.4.3502.0922) Windows Live 程式集 (x32 Version: 15.4.3538.0513) Windows Live 软件包 (x32 Version: 15.4.3502.0922) Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922) Windows Liven sähköposti (x32 Version: 15.4.3502.0922) Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922) WordCaptureX Pro (x32 Version: 4.0.0) Zuma Deluxe (x32 Version: 2.2.0.95) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922) Основные компоненты Windows Live (x32 Version: 15.4.3502.0922) Почта Windows Live (x32 Version: 15.4.3502.0922) Фотоальбом Windows Live (x32 Version: 15.4.3502.0922) Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922) גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922) بريد Windows Live (x32 Version: 15.4.3502.0922) معرض صور Windows Live (x32 Version: 15.4.3502.0922) ==================== Restore Points ========================= 09-09-2013 08:39:52 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {06CA6E62-9B7F-4526-9152-7AEB2643B9E4} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe Task: {12B15A75-AE31-4726-A105-C77172F9A649} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics) Task: {14AF975D-7658-4BF5-BB94-845182867142} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink) Task: {16A2B260-EA10-41D0-A2ED-CD43B05A4244} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-23] (Samsung Electronics Co., Ltd.) Task: {5820AAD3-CADE-447F-8593-B1D5BBECF4DC} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.) Task: {5E2260BC-8566-42AD-9338-8FAF52759CA5} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-29] (Samsung Electronics Co., Ltd.) Task: {6398E2F6-8BA0-44EF-9910-C680104E5AC2} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {7CAE3CA3-A033-4657-8D9D-A95DEF8E5F9D} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-02-07] (SAMSUNG Electronics) Task: {8B9C2BEA-B0B0-4C30-AAB3-6AEB01233E12} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {934FD08E-DBDC-4006-80F8-8A118B0BD5C1} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.) Task: {A653CAEA-9876-4343-94DD-98196BF41232} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.) Task: {B9353728-C9C4-4D3F-97F2-837CD6CAD053} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {E689CC2A-9B46-41FA-8800-8971B2119D80} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-02-14] (SEC) Task: {ECA9E47D-54ED-411B-B8EE-9B7EBDB75ED6} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2010-02-10] (Samsung Electronics Co., Ltd.) Task: {FF17078D-7A7A-445F-B1AE-5DBFBE8BE1C5} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2011-01-04] (Samsung Electronics Co., Ltd.) ==================== Loaded Modules (whitelisted) ============= 2012-02-24 16:07 - 2012-02-24 16:07 - 01042600 _____ (F-Secure Corporation) c:\program files (x86)\f-secure\apps\computersecurity\hips\fshook64.dll 2009-07-14 02:18 - 2009-07-14 03:38 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\imaadp32.acm 2009-07-14 02:18 - 2009-07-14 03:38 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\msg711.acm 2009-07-14 02:18 - 2009-07-14 03:38 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\msgsm32.acm 2009-07-14 02:18 - 2009-07-14 03:38 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\msadp32.acm 2009-07-14 02:22 - 2009-07-14 03:38 - 00081408 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\System32\l3codeca.acm 2012-02-24 16:02 - 2011-12-19 05:28 - 00303256 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Spam Control\fsscoepl_x64.dll 2011-10-31 06:45 - 2011-02-10 14:41 - 07715944 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll 2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2011-10-31 22:05 - 2010-11-13 00:23 - 00351016 _____ (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDFavorite.dll 2011-10-31 22:05 - 2010-11-13 00:23 - 00335144 _____ (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDApix.dll 2011-10-31 22:05 - 2010-11-13 00:23 - 00369960 _____ (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCmds.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 01644184 _____ (F-Secure Corporation) c:\program files (x86)\f-secure\apps\computersecurity\fsgui\fsscgui64.dll 2012-02-24 16:02 - 2011-12-19 05:28 - 00304280 _____ (F-Secure Corporation) c:\program files (x86)\f-secure\apps\computersecurity\common\fslapi64.dll 2012-02-24 16:02 - 2011-12-19 05:28 - 00204440 _____ (F-Secure Corporation) c:\program files (x86)\f-secure\apps\computersecurity\common\fsma_64.dll 2012-02-24 16:02 - 2011-12-19 05:28 - 00235160 _____ (F-Secure Corporation) c:\program files (x86)\f-secure\apps\computersecurity\common\fspmapi_64.dll 2011-12-14 13:24 - 2011-12-14 13:24 - 00070312 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\CCFIPC.dll 2011-12-14 13:24 - 2011-12-14 13:24 - 00074408 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\CCFDLLHosterAPI.dll 2011-12-14 13:24 - 2011-12-14 13:24 - 00967336 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\ControlLayer.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00041640 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\JsonParser.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00031912 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\ParserFramework.dll 2012-02-24 15:13 - 2012-02-24 15:13 - 02256552 _____ () C:\windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtCore4.dll 2011-12-14 13:24 - 2011-12-14 13:24 - 00049320 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\CuifTypes.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00119464 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\DataLayer.dll 2012-02-24 15:13 - 2012-02-24 15:13 - 08347304 _____ () C:\windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtGui4.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00144040 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\DeclarationHandler.dll 2012-02-24 15:13 - 2012-02-24 15:13 - 00372392 _____ () C:\windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtXml4.dll 2011-12-14 13:24 - 2011-12-14 13:24 - 00836264 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\widgets\CuifWidgets.dll 2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2011-12-19 04:29 - 2011-12-19 04:29 - 00239096 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\OnlineSafety\FSCC\widgets\OnlineSafetyWidgets.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00070312 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\widgets\CommonSettingsWidgets.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00139944 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\widgets\HelpWidgets.dll 2012-02-24 15:13 - 2012-02-24 15:13 - 00450216 _____ () C:\windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtHelp4.dll 2012-02-24 15:13 - 2012-02-24 15:13 - 00622248 _____ () C:\windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtSql4.dll 2012-02-24 15:13 - 2012-02-24 15:13 - 00986792 _____ () C:\windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtNetwork4.dll 2012-02-24 15:13 - 2012-02-24 15:13 - 01072808 _____ () C:\windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtCLucene4.dll 2011-12-14 13:24 - 2011-12-14 13:24 - 00127656 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\widgets\ActionCenterWidgets.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00275112 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\widgets\LaunchPadWidgets.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00242344 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\widgets\servicewidgets.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00034984 _____ () C:\Program Files (x86)\F-Secure\imageformats\qgif4.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00037032 _____ () C:\Program Files (x86)\F-Secure\imageformats\qico4.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00242344 _____ () C:\Program Files (x86)\F-Secure\imageformats\qmng4.dll 2012-02-24 16:02 - 2011-12-19 05:28 - 00257688 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Spam Control\fsscoepl.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00111272 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\plugins\NotificationsHistoryPlugin.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00111272 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\fs_ccf_settings32.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 00037528 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\data\fs_cs_status_notification.dll 2011-12-14 13:24 - 2011-12-14 13:24 - 00042664 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\plugins\CuifSimpleAction.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00078504 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\plugins\HelpPlugin.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00201384 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\plugins\Localization.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00103080 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\plugins\LaunchPadPlugin.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 00029336 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\data\Help.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 00134808 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\data\ManagementAgent.dll 2012-02-24 16:02 - 2011-12-19 05:28 - 00149656 _____ (F-Secure Corporation) c:\program files (x86)\f-secure\apps\computersecurity\common\fsma32.dll 2012-02-24 16:02 - 2011-12-19 05:28 - 00175768 _____ (F-Secure Corporation) c:\program files (x86)\f-secure\apps\computersecurity\common\fspmapi.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00254632 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\plugins\fs_subscription_reminder.dll 2012-02-24 15:13 - 2012-02-24 15:13 - 01162920 _____ () C:\windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtScript4.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 00085656 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\data\ManagementAgent\AntiVirus.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00172712 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\plugins\CommonSettingsPlugin.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 00046232 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\data\About.dll 2011-12-19 04:29 - 2011-12-19 04:29 - 00046072 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\OnlineSafety\FSCC\plugins\ControlPanelTools.dll 2011-12-14 13:24 - 2011-12-14 13:24 - 00500392 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\plugins\agent.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 00056984 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\data\ManagementAgent\AUASettings.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00073728 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\fsaua_api_dll.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 00038040 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\data\ManagementAgent\Email.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 00102040 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\data\ManagementAgent\Firewall.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 00028824 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\data\ManagementAgent\CentralManagement.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 00027800 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\data\ProductInfo.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00066216 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\fs_ccf_id_converter32.dll 2011-12-14 13:24 - 2011-12-14 13:24 - 00051368 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\plugins\AboutPlugin.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00156328 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\plugins\serviceinstallerui.dll 2011-12-14 13:24 - 2011-12-14 13:24 - 00107176 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\CuifApi.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 00044184 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\data\Navigator.dll 2011-12-14 13:24 - 2011-12-14 13:24 - 00152232 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\plugins\ActionCenterPlugin.dll 2011-12-14 13:24 - 2011-12-14 13:24 - 00144040 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\plugins\addproductplugin.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 00061080 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\data\TryAndBuy.dll 2012-02-24 16:02 - 2011-12-19 05:28 - 00200344 _____ (F-Secure Corporation) c:\program files (x86)\f-secure\apps\computersecurity\tnb\fstnb.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00058024 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\CCF_Licensing.dll 2011-12-19 04:29 - 2011-12-19 04:29 - 00288248 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\OnlineSafety\FSCC\plugins\OnlineSafety.dll 2011-12-19 04:29 - 2011-12-19 04:29 - 00051704 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\OnlineSafety\FSCC\fsosstat.dll 2011-12-19 04:29 - 2011-12-19 04:29 - 00198648 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\OnlineSafety\FSCC\fsccapi.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00053928 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\plugins\checkforupdatesui.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 00020632 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\data\LocaleInfo.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 00073368 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\data\Status.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 00029848 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\data\SystemInfo.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 00085656 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\data\LegacyLink.dll 2011-12-14 13:25 - 2011-12-14 13:25 - 00164520 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\plugins\FlyerPlugin.dll 2012-02-24 16:02 - 2011-12-19 05:28 - 00175768 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\FSPMAPI.dll 2012-02-24 16:02 - 2011-12-19 05:28 - 00237208 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\fslapi.dll 2012-02-24 16:02 - 2011-12-19 05:28 - 00149656 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\fsma32.dll 2012-02-24 16:02 - 2011-12-19 05:28 - 00098304 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\fsmres.eng 2012-02-24 16:02 - 2011-12-19 05:27 - 02092696 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\fsmuiav.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 00556696 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\gres.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 00220824 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\guilaunc.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 01359512 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\fsavesui.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 01838744 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\flyer.dll 2012-02-24 16:02 - 2011-12-19 05:27 - 00049152 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\fsavures.eng 2012-02-24 16:02 - 2011-12-19 05:28 - 00732824 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\fsmaui32.dll 2012-02-24 16:02 - 2011-12-19 05:28 - 00013312 _____ (F-Secure Corporation) C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\Common\fsmaures.eng 2012-02-24 16:02 - 2011-12-19 05:27 - 00143360 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\flyerres.eng 2012-02-24 16:02 - 2011-12-19 05:27 - 00086016 _____ () C:\Program Files (x86)\F-Secure\apps\ComputerSecurity\FSGUI\strres.eng 2012-02-24 16:02 - 2011-12-19 05:27 - 01445528 _____ (F-Secure Corporation) c:\program files (x86)\f-secure\apps\computersecurity\fsgui\fsscgui.dll 2011-10-31 06:58 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll 2011-10-31 07:11 - 2010-05-07 16:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll 2009-11-02 07:20 - 2009-11-02 07:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll 2009-11-02 07:23 - 2009-11-02 07:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll 2011-10-31 07:00 - 2010-07-05 12:42 - 00203776 _____ () C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll ==================== Alternate Data Streams (whitelisted) ========== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/09/2013 04:52:57 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/09/2013 04:51:22 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (09/09/2013 04:51:22 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (09/09/2013 04:39:09 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/09/2013 04:37:44 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (09/09/2013 04:37:44 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (09/09/2013 01:53:35 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/09/2013 01:52:07 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (09/09/2013 01:52:07 PM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error: (09/09/2013 11:40:59 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (09/09/2013 10:15:27 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (09/09/2013 10:15:27 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Error: (09/09/2013 10:14:44 AM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 25.02.2012 um 12:10:48 unerwartet heruntergefahren. Error: (02/25/2012 00:23:47 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT) Description: Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus. Error: (02/25/2012 00:23:47 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT) Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005 Error: (02/25/2012 00:23:47 PM) (Source: DCOM) (User: ) Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (02/25/2012 00:23:37 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: %%16405 Error: (02/24/2012 07:33:52 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (02/24/2012 07:33:04 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Error: (02/24/2012 07:33:04 PM) (Source: Schannel) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10. Microsoft Office Sessions: ========================= Error: (09/09/2013 04:52:57 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/09/2013 04:51:22 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (09/09/2013 04:51:22 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (09/09/2013 04:39:09 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/09/2013 04:37:44 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (09/09/2013 04:37:44 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (09/09/2013 01:53:35 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/09/2013 01:52:07 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (09/09/2013 01:52:07 PM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. Error: (09/09/2013 11:40:59 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 30% Total physical RAM: 4075.55 MB Available physical RAM: 2824.88 MB Total Pagefile: 8149.29 MB Available Pagefile: 6790.18 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111 GB) (Free:78.29 GB) NTFS Drive d: () (Fixed) (Total:163.58 GB) (Free:138.43 GB) NTFS Drive f: (Qimonda) (Removable) (Total:0.47 GB) (Free:0.45 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 298 GB) (Disk ID: 1AE12585) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=164 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=23 GB) - (Type=27) ======================================================== Disk: 1 (Size: 477 MB) (Disk ID: ACA464FC) Partition 1: (Active) - (Size=477 MB) - (Type=0E) ==================== End Of Log ============================ Geändert von ela11 (09.09.2013 um 15:14 Uhr) |
09.09.2013, 17:36 | #4 |
/// the machine /// TB-Ausbilder | Windows 7, grüner Bildschirm bei Start, Installation Stand Feb 2012 Keine ahnung was da passiert ist, aber durch das Rücksetzen auf Februar sind alle späteren Daten weg.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
09.09.2013, 18:31 | #5 |
| Windows 7, grüner Bildschirm bei Start, Installation Stand Feb 2012 Heißt das, dass es schon mal kein Virus o.Ä. war? |
10.09.2013, 06:52 | #6 |
/// the machine /// TB-Ausbilder | Windows 7, grüner Bildschirm bei Start, Installation Stand Feb 2012 kann ich nicht sagen, die aktuellen Logs sind in ordnung.
__________________ --> Windows 7, grüner Bildschirm bei Start, Installation Stand Feb 2012 |
10.09.2013, 10:59 | #7 |
| Windows 7, grüner Bildschirm bei Start, Installation Stand Feb 2012 Also ich hab jetzt mal eine Software (Recuva) drüber laufen lassen, die Dateien wiederherstellt. Die hat dann eine Liste von gelöschten Daten erstellt, die man wiederherstellen könnte. Ich hab die jetzt mal etwas durchgesehen und dabei sind mir ein paar Dateien aufgefallen: emalware.i_fortlaufende Nummer, e_spyw.i_fortlaufende Nummer und mobmalware. Der angegebenen Pfad war immer C:/?/. Beim Datum stand das Datum von gestern Abend und auch von heute. Können diese Dateien noch gefährlich werden? Ich mach jetzt mal nen vollständigen Scan mit dem Antivirenprogramm auf dem Laptop, das jetzt seit heute vormittag wieder funktioniert. |
10.09.2013, 13:39 | #8 |
/// the machine /// TB-Ausbilder | Windows 7, grüner Bildschirm bei Start, Installation Stand Feb 2012 kann ich dir so nicht sagen mit nur so halben Dateinamen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 7, grüner Bildschirm bei Start, Installation Stand Feb 2012 |
abgelaufen, angeblich, antivirenprogramm, bildschirm, dateien, erkennt, grüner, heute, hoffe, installation, irgendetwas, konnte, laptop, mails, monate, neu, nichts, outlook, programm, programme, retten, scan, start, warum, windows, windows 7 |