Adware/Browser Hijacker: m55.dnsqa.me Code:
Alles auswählen Aufklappen ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
durchgeführt von norbe (2016-03-22 09:57:24)
Gestartet von D:\Downloads
Windows 10 Pro Version 1511 (X64) (2016-02-13 19:34:53)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3455921864-2365325757-1580788810-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3455921864-2365325757-1580788810-503 - Limited - Disabled)
Gast (S-1-5-21-3455921864-2365325757-1580788810-501 - Limited - Disabled)
norbe (S-1-5-21-3455921864-2365325757-1580788810-1001 - Administrator - Enabled) => C:\Users\norbe
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: 360 Total Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 8.2.0.1098 - 360 Security Center)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Skybox Labs)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C5300 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0203.1043.19267 - Advanced Micro Devices, Inc.) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
Freedom Planet (HKLM-x32\...\Steam App 248310) (Version: - GalaxyTrail)
GCFScape 1.8.5 (HKLM\...\GCFScape_is1) (Version: - Ryan Gregg)
GemCraft - Chasing Shadows (HKLM-x32\...\Steam App 296490) (Version: - Game in a Bottle)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart C5300 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{12440487-BEA5-48CF-A36C-C86F5D350999}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Live! Cam Chat HD VF0790 Driver (1.00.07.00) (HKLM\...\Creative VF0790) (Version: - Creative Technology Ltd.)
Magicka 2 (HKLM-x32\...\Steam App 238370) (Version: - Pieces Interactive)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 de)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
Ninja Cats vs Samurai Dogs (HKLM-x32\...\Steam App 260380) (Version: - Eutechnyx)
NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.51 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
NVIDIA Grafiktreiber 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Pharaoh Gold (HKLM-x32\...\GOGPACKPHARAOH_is1) (Version: 2.0.0.12 - GOG.com)
PS_AIO_04_C5300_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version: - Firaxis Games)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-3455921864-2365325757-1580788810-1001\...\Spotify) (Version: 1.0.23.90.g42187855 - Spotify AB)
Star Wars: The Force Unleashed II (HKLM-x32\...\Steam App 32500) (Version: - Aspyr Studios)
Star Wars: The Force Unleashed Ultimate Sith Edition (HKLM-x32\...\Steam App 32430) (Version: - LucasArts)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Time Mysteries 2: The Ancient Spectres (HKLM-x32\...\Steam App 313650) (Version: - Artifex Mundi sp. z o.o.)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version: - Ubisoft)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 17.1 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3455921864-2365325757-1580788810-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\norbe\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1D69B658-877F-47CC-8432-86BB34A0CA82} - System32\Tasks\{414B0950-34C1-4197-32DC-28352DDC627F} => C:\Windows\system32\regsvr32.exe [2015-10-30] (Microsoft Corporation)
Task: {22CECA3B-4F73-4FAC-9946-D47CD8A8B04B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-11] (Adobe Systems Incorporated)
Task: {4EC4E635-0B7B-43B5-B859-A8AF6440F729} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-10] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-10-30 08:17 - 2015-10-30 08:17 - 00028672 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-03-06 20:22 - 2016-03-08 07:42 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-07 18:49 - 2016-02-17 07:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-06 20:23 - 2016-02-17 07:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-07 18:49 - 2016-02-17 07:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-02 17:12 - 2016-02-23 12:27 - 02654872 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-03-02 17:12 - 2016-02-23 12:27 - 02654872 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-02-13 21:07 - 2016-02-01 07:20 - 00614480 _____ () D:\Programme\360 Total Security\360\Total Security\MenuEx64.dll
2016-02-13 21:21 - 2016-02-13 21:22 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 21:19 - 2016-01-05 02:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-02-13 21:18 - 2016-01-05 02:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-13 21:19 - 2016-01-16 06:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-13 21:19 - 2016-01-16 06:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-13 21:18 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-02 17:12 - 2016-02-23 09:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-02-13 21:07 - 2016-02-01 07:20 - 00088184 _____ () D:\Programme\360 Total Security\360\Total Security\deepscan\qutmload.dll
2016-02-13 21:21 - 2016-02-13 21:22 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-02-13 21:21 - 2016-02-13 21:22 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-03-06 20:23 - 2016-02-17 08:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-02-13 21:07 - 2016-02-01 07:20 - 00578168 _____ () D:\Programme\360 Total Security\360\Total Security\safemon\wdui2.dll
2016-03-09 07:22 - 2016-02-10 02:17 - 00782336 _____ () D:\Steam\SDL2.dll
2016-02-18 18:58 - 2015-07-03 17:12 - 04962816 _____ () D:\Steam\v8.dll
2016-03-13 21:45 - 2016-03-10 20:02 - 02547792 _____ () D:\Steam\video.dll
2016-03-09 07:22 - 2016-02-09 00:14 - 02549760 _____ () D:\Steam\libavcodec-56.dll
2016-03-09 07:22 - 2016-02-09 00:14 - 00491008 _____ () D:\Steam\libavformat-56.dll
2016-03-09 07:22 - 2016-02-09 00:14 - 00332800 _____ () D:\Steam\libavresample-2.dll
2016-03-09 07:22 - 2016-02-09 00:14 - 00442880 _____ () D:\Steam\libavutil-54.dll
2016-03-09 07:22 - 2016-02-09 00:14 - 00485888 _____ () D:\Steam\libswscale-3.dll
2016-02-18 18:58 - 2015-07-03 17:12 - 01556992 _____ () D:\Steam\icui18n.dll
2016-02-18 18:58 - 2015-07-03 17:12 - 01187840 _____ () D:\Steam\icuuc.dll
2016-03-13 21:45 - 2016-03-10 20:02 - 00802896 _____ () D:\Steam\bin\chromehtml.DLL
2016-03-09 07:22 - 2016-02-17 23:25 - 00281088 _____ () D:\Steam\openvr_api.dll
2016-03-09 07:22 - 2016-02-09 02:33 - 48400672 _____ () D:\Steam\bin\libcef.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2015-10-30 08:24 - 2016-02-20 15:06 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3455921864-2365325757-1580788810-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\norbe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "V0790Mon.exe"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-3455921864-2365325757-1580788810-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3455921864-2365325757-1580788810-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3455921864-2365325757-1580788810-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3455921864-2365325757-1580788810-1001\...\StartupApproved\Run: => "Skype"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{82771F4F-313C-4769-9AA4-418D3C5A49C5}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{321241D2-7594-4CDF-9997-AD580A82DE4F}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{063550EF-2CE1-43DB-A9CE-426B98E94894}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{90E744CE-D950-4454-8BBE-04390BB96C15}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E7097CE7-DBF8-4049-AC75-9F048848B468}] => (Allow) D:\Programme\360 Total Security\360\Total Security\LiveUpdate360.exe
FirewallRules: [{2BE741DB-055B-42B6-B9EC-235B0F89F006}] => (Allow) D:\Programme\360 Total Security\360\Total Security\LiveUpdate360.exe
FirewallRules: [TCP Query User{8FEA0249-4487-47B3-BAD0-F5414262E9EB}D:\spotify\spotify.exe] => (Allow) D:\spotify\spotify.exe
FirewallRules: [UDP Query User{5FD604EF-A8DA-45C4-AEE3-50FA5D263974}D:\spotify\spotify.exe] => (Allow) D:\spotify\spotify.exe
FirewallRules: [TCP Query User{AEDFE6C1-75FA-464C-BF00-F4D722AD5564}C:\users\norbe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\norbe\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BD12528C-4372-4A20-AF77-90C6F399B99E}C:\users\norbe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\norbe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{CA0150A1-115D-4924-BDC9-C1F48BFF4E04}] => (Allow) D:\Programme\Steam\Steam.exe
FirewallRules: [{83FE5A16-5AC3-4FFA-8558-925FBCC064F1}] => (Allow) D:\Programme\Steam\Steam.exe
FirewallRules: [{8837699B-DB72-4074-9BF0-4E3BA313EE73}] => (Allow) D:\Programme\Steam\bin\steamwebhelper.exe
FirewallRules: [{6E1BECD3-3A1C-42A1-A3A2-EC8BDE5B6CD3}] => (Allow) D:\Programme\Steam\bin\steamwebhelper.exe
FirewallRules: [{D67FAC31-1C9F-4845-9812-4B88964686C0}] => (Allow) D:\Programme\Steam\steamapps\common\GemCraft Chasing Shadows\GemCraft Chasing Shadows.exe
FirewallRules: [{17411AA6-1B6B-4099-A578-AC70AEE5EDFD}] => (Allow) D:\Programme\Steam\steamapps\common\GemCraft Chasing Shadows\GemCraft Chasing Shadows.exe
FirewallRules: [{F6275331-9AC0-40E8-B1DF-9107F9FE3EB9}] => (Allow) D:\Programme\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{F5390EA9-C481-40E9-9B75-7268A1C176F1}] => (Allow) D:\Programme\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{97D0A260-525D-4F6F-8287-6DDFCE9290FA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B7582BE0-18D4-47AF-9EF6-F2C87FC16E13}] => (Allow) D:\Programme\Steam\steamapps\common\Freedom Planet\FP.exe
FirewallRules: [{6B8A5FFA-4B29-4939-A168-DD62C33331C3}] => (Allow) D:\Programme\Steam\steamapps\common\Freedom Planet\FP.exe
FirewallRules: [{54B090DA-AFE5-4B3A-8E76-09E0A5879425}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{34F99482-372E-4C03-B611-55F153F0178F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{377CD92C-020A-48D4-A3DC-EE3F130E9940}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C1D8C5ED-8792-4A7F-B3C3-5F9B76E8F6BE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{49242490-A6B4-4D2F-ADC2-18217A6FD799}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{105EF175-A969-48FE-86FD-B8BC309686D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A2D66CE7-FE76-48EC-B8C6-E9E766F9C180}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{ED10C74A-7206-4821-9A09-8AFE82380456}] => (Allow) D:\Programme\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1026049B-7CD2-4E79-A26A-B3309563A1CB}] => (Allow) D:\Programme\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{3B68F7C5-11FD-47E9-9B52-CA6F3ED8371F}] => (Allow) D:\Programme\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{E0AE3CF6-56C0-4B49-B8D1-5EBA79110270}] => (Allow) D:\Programme\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{B92ED208-4DDC-4347-B0C5-0B7B83C3C236}] => (Allow) D:\Programme\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{40E4A88F-F2AC-4794-9181-C1C839AEC541}] => (Allow) D:\Programme\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{4E494B50-5FA5-4BB6-AB9A-888410B5C856}] => (Allow) D:\Programme\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{97D797B1-9984-495E-8050-D82F99B2AC55}] => (Allow) D:\Programme\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{0D57D7C6-23E3-4DD3-AB94-36DFAF490DBF}] => (Allow) D:\Programme\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{AD7779A4-0429-41C4-B1AB-ACC5440CEF9F}] => (Allow) D:\Programme\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe
FirewallRules: [{CADF9BC9-D54C-426F-98FD-97D73E6A0BE9}] => (Allow) D:\Programme\Steam\steamapps\common\Ninja Cats vs Samurai Dogs\NCvSD.exe
FirewallRules: [{61096F71-C5E2-4410-9ADF-803F333C79F9}] => (Allow) D:\Programme\Steam\steamapps\common\Ninja Cats vs Samurai Dogs\NCvSD.exe
FirewallRules: [{33FCB0D6-7F08-44B6-B911-AD1D516E4233}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{3A3C50EC-891A-4164-827F-CA282AF3C71F}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{4A0C63F2-89CD-4238-A503-A77D9ECB6894}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{C8A1EF93-D767-4F06-A8CA-BFF8AA6B4E83}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{E5B1270B-BE79-472A-AF9F-CB5FE8C14127}D:\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe] => (Allow) D:\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [UDP Query User{ACCB990A-03F9-4359-891F-E1057518A225}D:\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe] => (Allow) D:\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [TCP Query User{B003E7FE-24DD-4DA0-BBD4-96117CD65BF8}D:\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe] => (Allow) D:\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [UDP Query User{FBA336EC-DA7D-47BC-86A7-4C3D361D35F9}D:\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe] => (Allow) D:\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{32E37EAF-419B-4094-A544-DE4E0556FD13}] => (Allow) D:\Steam\steamapps\common\Star Wars The Force Unleashed\SWTFU Launcher.exe
FirewallRules: [{1F8DC8B5-C815-4889-8B3D-85B1D75575E8}] => (Allow) D:\Steam\steamapps\common\Star Wars The Force Unleashed\SWTFU Launcher.exe
FirewallRules: [{ECD3005E-F043-4F3C-801D-DC82E97BCB5F}] => (Allow) D:\Steam\steamapps\common\Star Wars The Force Unleashed 2\SWTFU2.exe
FirewallRules: [{07891999-1D00-489C-B2DC-B1F4D5109053}] => (Allow) D:\Steam\steamapps\common\Star Wars The Force Unleashed 2\SWTFU2.exe
FirewallRules: [{91CD8F53-38AD-4EEC-9907-68ACDFCC006A}] => (Allow) D:\Programme\Ubisoft Game Launcher\games\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [TCP Query User{14FD28E3-913B-4B1C-8236-F28CCE9FBFAD}D:\spiele\starcitizen\cloud imperium games\patcher\cigpatcher.exe] => (Allow) D:\spiele\starcitizen\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{AA853797-4223-467B-8605-39A97A239262}D:\spiele\starcitizen\cloud imperium games\patcher\cigpatcher.exe] => (Allow) D:\spiele\starcitizen\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [TCP Query User{68854D5E-BE70-4E11-A6B3-C4A1ACF6B621}C:\windows\system32\runtimebroker.exe] => (Allow) C:\windows\system32\runtimebroker.exe
FirewallRules: [UDP Query User{3C5BADF1-EE49-4090-8E3F-F324D9158CFE}C:\windows\system32\runtimebroker.exe] => (Allow) C:\windows\system32\runtimebroker.exe
FirewallRules: [{75484A13-E780-4845-8965-048E29C0AB53}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{1BB170B9-BEDB-40EB-AE17-28B2607BC560}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{5D07B46D-6670-48BD-96AF-615AEDD43837}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{C86083F9-4E11-49D9-8C7E-26296CEBD2A2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{7F0B20EC-9AFB-48CD-87AD-1E95ECA1040C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{ACE15E02-2066-42A8-82A8-F2C823223224}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{8F5A1E32-BDAD-42CC-BD52-3B4FB1BD0249}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{70BBE8DA-42F8-4C57-82B1-FA7C4D085F0F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{25B5BBCE-2F75-4C3C-88CE-A1BFDEA75A74}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{54C0F8C2-4390-49FA-A52C-531148526C60}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{020B6A51-5D60-484C-8B7F-64C2C430031C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{41627127-FEE6-46FC-8BB9-3A830D00D9BB}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{6E6BDBF6-5D85-41E1-B176-9122FA65FFDA}] => (Allow) D:\Programme\360 Total Security\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{EDF74480-6A27-4AB5-A8FB-8E6682B21DFA}] => (Allow) D:\Programme\360 Total Security\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{85B0153A-1EA8-4CA0-BF92-87954E3C6EF2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1C60D1D7-BEC7-452D-8314-86A8861EFF50}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Wiederherstellungspunkte =========================
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (03/21/2016 09:39:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "8066". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
Error: (03/21/2016 09:39:44 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT-AUTORITÄT)
Description: Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "8066". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten.
Error: (03/21/2016 10:38:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 44.0.2.5884, Zeitstempel: 0x56bbf417
Name des fehlerhaften Moduls: mozglue.dll, Version: 44.0.2.5884, Zeitstempel: 0x56bbe58e
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000ed3b
ID des fehlerhaften Prozesses: 0x72c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5
Error: (03/21/2016 10:33:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm firefox.exe, Version 44.0.2.5884 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1cf0
Startzeit: 01d183540c7e2d3a
Beendigungszeit: 4294967295
Anwendungspfad: D:\Programme\Mozilla\firefox.exe
Berichts-ID: f4b21e36-ef47-11e5-88ba-fcaa14310ba7
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (03/21/2016 10:15:50 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1320) SRUJet: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\Windows\system32\SRU\SRU0009C.log.
Error: (03/21/2016 10:13:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (03/21/2016 10:13:24 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (03/21/2016 10:11:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC-NORB)
Description: Bei der Aktivierung der App „Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2147023174. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (03/21/2016 10:10:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (03/21/2016 10:09:44 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Systemfehler:
=============
Error: (03/22/2016 09:06:28 AM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT-AUTORITÄT)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1
Error: (03/22/2016 08:55:16 AM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT-AUTORITÄT)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1
Error: (03/22/2016 08:44:27 AM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT-AUTORITÄT)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1
Error: (03/21/2016 10:14:25 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT-AUTORITÄT)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1
Error: (03/21/2016 10:14:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_4f279" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/21/2016 10:14:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _4f279" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/21/2016 10:14:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_4f279" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/21/2016 10:14:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_4f279" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/21/2016 10:14:03 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalAktivierung{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (03/21/2016 09:32:55 PM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT-AUTORITÄT)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1
CodeIntegrity:
===================================
Date: 2016-03-21 20:01:59.279
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-21 10:18:05.548
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-20 20:56:54.988
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-18 17:10:24.073
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-14 22:21:41.236
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-11 11:41:14.994
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-11 03:23:20.643
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-09 19:20:00.781
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-09 03:33:49.001
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-03-08 18:26:23.080
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Prozentuale Nutzung des RAM: 18%
Installierter physikalischer RAM: 16249.03 MB
Verfügbarer physikalischer RAM: 13241.46 MB
Summe virtueller Speicher: 18681.03 MB
Verfügbarer virtueller Speicher: 15378.86 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:237.92 GB) (Free:206.98 GB) NTFS
Drive d: (Volume) (Fixed) (Total:735.86 GB) (Free:492.61 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 26EB0CFA)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 26EB0CF2)
Partition 1: (Not Active) - (Size=735.9 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Code:
Alles auswählen Aufklappen ATTFilter
09:56:25.0657 0x21c4 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
09:56:25.0657 0x21c4 UEFI system
09:56:29.0341 0x21c4 ============================================================
09:56:29.0341 0x21c4 Current date / time: 2016/03/22 09:56:29.0341
09:56:29.0341 0x21c4 SystemInfo:
09:56:29.0341 0x21c4
09:56:29.0341 0x21c4 OS Version: 10.0.10586 ServicePack: 0.0
09:56:29.0341 0x21c4 Product type: Workstation
09:56:29.0341 0x21c4 ComputerName: PC-NORB
09:56:29.0341 0x21c4 UserName: norbe
09:56:29.0341 0x21c4 Windows directory: C:\Windows
09:56:29.0341 0x21c4 System windows directory: C:\Windows
09:56:29.0341 0x21c4 Running under WOW64
09:56:29.0341 0x21c4 Processor architecture: Intel x64
09:56:29.0341 0x21c4 Number of processors: 4
09:56:29.0341 0x21c4 Page size: 0x1000
09:56:29.0341 0x21c4 Boot type: Normal boot
09:56:29.0341 0x21c4 ============================================================
09:56:29.0942 0x21c4 KLMD registered as C:\Windows\system32\drivers\70552111.sys
09:56:30.0027 0x21c4 System UUID: {35373E4E-F4F2-17AC-71E4-6FD4689325E0}
09:56:30.0374 0x21c4 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:56:30.0390 0x21c4 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:56:30.0390 0x21c4 ============================================================
09:56:30.0390 0x21c4 \Device\Harddisk0\DR0:
09:56:30.0390 0x21c4 GPT partitions:
09:56:30.0390 0x21c4 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {B707FD4A-EF6B-481D-816A-146A80B18491}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xE1000
09:56:30.0390 0x21c4 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {F3694642-B6B9-4572-8BA6-24C9AEEC53CE}, Name: EFI system partition, StartLBA 0xE1800, BlocksNum 0x32000
09:56:30.0390 0x21c4 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {5D3D2C54-E4E8-4D35-AA98-CE2ECCF78EE5}, Name: Microsoft reserved partition, StartLBA 0x113800, BlocksNum 0x8000
09:56:30.0390 0x21c4 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {89D0FE92-B7F7-40CB-BCE8-7B480991F8C7}, Name: Basic data partition, StartLBA 0x11B800, BlocksNum 0x1DBD7800
09:56:30.0390 0x21c4 MBR partitions:
09:56:30.0390 0x21c4 \Device\Harddisk1\DR1:
09:56:30.0390 0x21c4 MBR partitions:
09:56:30.0390 0x21c4 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0x5BFB6000
09:56:30.0390 0x21c4 ============================================================
09:56:30.0390 0x21c4 C: <-> \Device\Harddisk0\DR0\Partition4
09:56:30.0407 0x21c4 D: <-> \Device\Harddisk1\DR1\Partition1
09:56:30.0407 0x21c4 ============================================================
09:56:30.0407 0x21c4 Initialize success
09:56:30.0407 0x21c4 ============================================================
10:15:18.0566 0x0328 ============================================================
10:15:18.0566 0x0328 Scan started
10:15:18.0566 0x0328 Mode: Manual; SigCheck; TDLFS;
10:15:18.0566 0x0328 ============================================================
10:15:18.0566 0x0328 KSN ping started
10:15:20.0938 0x0328 KSN ping finished: true
10:15:23.0032 0x0328 ================ Scan system memory ========================
10:15:23.0032 0x0328 System memory - ok
10:15:23.0032 0x0328 ================ Scan services =============================
10:15:23.0079 0x0328 [ DF1C3D7E6C7929AD83BE22852B5B08CB, 9ECF6211CCD30273A23247E87C31B3A2ACDA623133CEF6E9B3243463C0609C5F ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
10:15:23.0116 0x0328 1394ohci - ok
10:15:23.0132 0x0328 [ 1A21077AEE7EC27A1A4321C45AA923ED, E148E2FF0D2D08E2663BB67221B1EFA2F4831961C8CD94C0FC3A6B2B1EC0FABB ] 360AntiHacker C:\Windows\system32\Drivers\360AntiHacker64.sys
10:15:23.0148 0x0328 360AntiHacker - ok
10:15:23.0163 0x0328 [ 487CAEA3F23CA2E73C76E08E63920636, 39FFE43C7818E3D3B4D4FB85842470666E9B6810BA88074A64F270281F6F9060 ] 360AvFlt C:\Windows\system32\DRIVERS\360AvFlt.sys
10:15:23.0163 0x0328 360AvFlt - ok
10:15:23.0179 0x0328 [ F18C1EE63D7CBDA764F8ED13FF4A2D25, 155A41C5B377B71C13598687072663E67A6E8695EB06949AC944A004A5B79CF9 ] 360Box64 C:\Windows\system32\DRIVERS\360Box64.sys
10:15:23.0185 0x0328 360Box64 - ok
10:15:23.0185 0x0328 [ D31541708A595BCA380105D44C2C2AD5, 730351AAB90D627BDA6E73035869AE314508933160035DDE38F1CB4665B81498 ] 360Camera C:\Windows\system32\Drivers\360Camera64.sys
10:15:23.0185 0x0328 360Camera - ok
10:15:23.0201 0x0328 [ F08187540EFF73F6B64AD9BE20223793, DD2F731927753C2DEC4713CFB8E4B5A39F573EAABBCBEB12DFC3052DBD909ADB ] 360FsFlt C:\Windows\system32\DRIVERS\360FsFlt.sys
10:15:23.0217 0x0328 360FsFlt - ok
10:15:23.0217 0x0328 [ 2C5B3035B86770ADD2FE9BFBAF5B35A4, 19E16F9144FE3E33B5FF248CF0040AB079ACAE22290B1369CC72AE4CB5FE3A90 ] 3ware C:\Windows\system32\drivers\3ware.sys
10:15:23.0232 0x0328 3ware - ok
10:15:23.0248 0x0328 [ 469441BAE3FF8A16826FC62C51EF5E18, E1204677B87F47222D05F670F8DF3DB65EA0881782A8DCFBE0103478ED71187C ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:15:23.0263 0x0328 ACPI - ok
10:15:23.0263 0x0328 [ 7EADED8087C392876521F7EBCE846EF4, 99BF1BD948F97C1ECBC049C7F949B71D73D0B41FB505B2F75B208E655F7DC8A3 ] acpiex C:\Windows\system32\Drivers\acpiex.sys
10:15:23.0283 0x0328 acpiex - ok
10:15:23.0286 0x0328 [ C498887123327CDFD73A05E7A2780920, B45392C46254FCB8D79B6C3A82C8D894063199E6167D8E5F7EA7D60C75CD16EA ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
10:15:23.0286 0x0328 acpipagr - ok
10:15:23.0286 0x0328 [ C8DBE6EFFCF014CAA010B9BDDAC833EC, 96FC29340C62A6B0910DCCBF8945F32089FC300F45B451A540B8854D53734298 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
10:15:23.0301 0x0328 AcpiPmi - ok
10:15:23.0301 0x0328 [ 17039DBEB3B7B9ADCDB4B4533AA9771F, A4D38B144639A20B8B31E4F35FB776A028DB502FAC849FC73EECEB3CCD91830B ] acpitime C:\Windows\System32\drivers\acpitime.sys
10:15:23.0317 0x0328 acpitime - ok
10:15:23.0348 0x0328 [ 99B993BD0F4C033D832B50D5E83BEBEC, A091635B2B428A51400468353F52D3FF35095460D3FA8CB29E2C4A804D87B845 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:15:23.0348 0x0328 AdobeFlashPlayerUpdateSvc - ok
10:15:23.0381 0x0328 [ F7D0CD345D2DA42E7042ABCD73662403, 03183F90A994D69066F15C3DFC1D7D7514AEAF46A5AAC059B1FB327F8C30A35C ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS
10:15:23.0401 0x0328 ADP80XX - ok
10:15:23.0417 0x0328 [ 70148EFA9A562E7185B75BBE7D376BF7, 8200E3349A1AFA1040B3D956A17BAF3CDC784A1A3CA396125E7872B36C03D84A ] AFD C:\Windows\system32\drivers\afd.sys
10:15:23.0433 0x0328 AFD - ok
10:15:23.0433 0x0328 [ 870F1A2C936F92B5D053DF7EC75B352F, D617524FD5886D6D3BC2EFBBB5EA310E906454CD7CA7257C3D7BDEA8C4F2DA71 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:15:23.0448 0x0328 agp440 - ok
10:15:23.0448 0x0328 [ 3DF7751D5DC6525E7DC6617FBB45054F, 8E6D4C809DB3B66E7558C4829E01F5C227EE614AC82F33FD99DCC629770D1BE3 ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys
10:15:23.0464 0x0328 ahcache - ok
10:15:23.0464 0x0328 [ 19707ECBCEA71080A85DB2336580DB39, A09AE69C9DE2F3765417F212453B6927C317A94801AE68FBA6A8E8A7CB16CED7 ] AJRouter C:\Windows\System32\AJRouter.dll
10:15:23.0486 0x0328 AJRouter - ok
10:15:23.0486 0x0328 [ AA91A5E156D0364ABA7B01658C2EB014, F61055D581745023939C741CAB3370074D1416BB5A0BE0BD47642D5A75669E12 ] ALG C:\Windows\System32\alg.exe
10:15:23.0502 0x0328 ALG - ok
10:15:23.0502 0x0328 [ B70F0F2F54B4A4DB6E9C830454752F5A, C882DEAC30812E5FA4479A8CB688603C6AF269EF08236688F4C5E7EBED1D4572 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
10:15:23.0517 0x0328 AmdK8 - ok
10:15:23.0517 0x0328 [ B28145E732EDEBBEDABC311DBA56D52A, 43745C17A3AC2A7A6FB0DBF1A2158C6B365198581E8E3B1F7E7E9EE9763A2735 ] amdkmafd C:\Windows\system32\drivers\amdkmafd.sys
10:15:23.0517 0x0328 amdkmafd - ok
10:15:23.0533 0x0328 [ 35E890482C9728DD5C552B85DA8A5AB2, 1E0EB7D902AB4C38E23CAFC0BEA250E7F6E180E8814385B4F29730BFC373A191 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
10:15:23.0533 0x0328 AmdPPM - ok
10:15:23.0549 0x0328 [ 5B30BCFE6E02E45D3EE268FF001BC5E0, 9901DB728885CE36911F79998629B2DD42D56AF9633B5277834F498CC59B0346 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:15:23.0549 0x0328 amdsata - ok
10:15:23.0564 0x0328 [ F20B30F35A5C7888441B4DCA001ECF8E, 695A5BC1F18B65992EB06A202AD3CBFA17228E76DDFD1AE6977FD315724F75C2 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:15:23.0564 0x0328 amdsbs - ok
10:15:23.0580 0x0328 [ AFE838D7576C581D6483529621AB10CC, 14476A04CC64E7A0F1BBFDACCBD7A87F384BE1877C27656DBB973AF3975D4AE2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:15:23.0586 0x0328 amdxata - ok
10:15:23.0586 0x0328 [ EDDB0D726DBECDFC1DBCC6DB464E5A13, 98D128D1E6FA270ED9ADBFE50078F68A794C00D4CBB86E28EC6161FFAD0CA8FF ] AppID C:\Windows\system32\drivers\appid.sys
10:15:23.0602 0x0328 AppID - ok
10:15:23.0602 0x0328 [ 7A55F9237F726D1667073A47B0D1B90F, 7C2D9AA84F1D4CC6C1FAF6848DF9479A534E01029C4387E8C0647745F1E74603 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:15:23.0618 0x0328 AppIDSvc - ok
10:15:23.0618 0x0328 [ 56E219DF92BE16F62308F884739BE022, FE189EE8A52BC5A0E6B76C632021F84F60307A182F2A67C0C0C7CAA72DEFC723 ] Appinfo C:\Windows\System32\appinfo.dll
10:15:23.0633 0x0328 Appinfo - ok
10:15:23.0633 0x0328 [ B4AE5296C9597F45E1CFE0B1DBE7739E, C9DCA8EF32720D68119CC23DF4BCD783FFB5F999D14EDCC7937D17C590323B4B ] AppMgmt C:\Windows\System32\appmgmts.dll
10:15:23.0649 0x0328 AppMgmt - ok
10:15:23.0664 0x0328 [ 610499A73DF3599608EBB6B3F9929052, A9CA49C4A39A825916AB3791090BCFC7044FDB6B2C3538E01F0CFBC2A9931152 ] AppReadiness C:\Windows\system32\AppReadiness.dll
10:15:23.0687 0x0328 AppReadiness - ok
10:15:23.0718 0x0328 [ 3DF25A56F18D2AB4CF58C1300C8CD323, 34A20004A93BC0F22BF99E56E6657CF0A68B64B375A66408FB1E26ADA7A72FC4 ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll
10:15:23.0786 0x0328 AppXSvc - ok
10:15:23.0786 0x0328 [ E3FE8F610B1CC12BC3B2E6BC43DC97E2, 0E18542CF2095A9ADA1759AB8F986E78B0A50A3C6B2AD4EACD80A23D832A2C6D ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:15:23.0802 0x0328 arcsas - ok
10:15:23.0802 0x0328 [ 5E00748A1AD246CAECBBB7553BED36CC, DAD2C93F0894E7BB5E5D8D767D8286A909086B49172C504A01097C3A180998C6 ] AsyncMac C:\Windows\System32\drivers\asyncmac.sys
10:15:23.0818 0x0328 AsyncMac - ok
10:15:23.0818 0x0328 [ 492B99D2E3D5D7BFD5F0AE1BE7BD37DD, A3F6BFC4FDC1933FBF3145019B118689A414108B04F43E2563946B2673C89324 ] atapi C:\Windows\system32\drivers\atapi.sys
10:15:23.0833 0x0328 atapi - ok
10:15:23.0833 0x0328 [ 42BF7FA295F453618104B5A50BEE105B, AB44BA2AD2FC5AF3B6BE4489C444C03FD1AB02C22109BF5F39BE459294C4CB18 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
10:15:23.0849 0x0328 AudioEndpointBuilder - ok
10:15:23.0865 0x0328 [ 9610CE53A9ED0789C8B669A5F86008F7, 9EE4B3F8528B20682595DDBDB0FF9F98FD8B957EE4C335FDD4382AE30D3C2EA0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:15:23.0902 0x0328 Audiosrv - ok
10:15:23.0902 0x0328 [ 7062CE507814D5306DCA5D6A15B7B6B6, 9D60506003A66C2E516B1FCB70CC5B26FB3A9948B95D97C828DD0328E76F2C91 ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:15:23.0918 0x0328 AxInstSV - ok
10:15:23.0934 0x0328 [ 6447BA6FA709514B6C803D159B4C7D1E, 549DDCEAD93DF333F6BBD56A9258A867E4DA219741C00D48C68F8F230A87B11A ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
10:15:23.0949 0x0328 b06bdrv - ok
10:15:23.0965 0x0328 [ 8ADCD9C011CD1C1E7C0C5A3292D0F6B0, 85BB3B538F0926B6A84AA76EFD19ED77D7F48F431B2F2574AE898BAC20421B07 ] BAPIDRV C:\Windows\system32\DRIVERS\BAPIDRV64.sys
10:15:23.0965 0x0328 BAPIDRV - ok
10:15:23.0965 0x0328 [ B4AC08B1D04D0CE085435E5CD0E663C5, 61E641388E5692B2EB351E44BA1DB86B5305DD105EE56865D59072CA9407C8AC ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
10:15:23.0987 0x0328 BasicDisplay - ok
10:15:23.0987 0x0328 [ 25B5BB369DEE2BAE4BF459C978FF9035, DBC2157B2AC0BC92B4011CE5E01F2DCDAAE71E37D9D21102503C6455FAAC4DCA ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
10:15:23.0987 0x0328 BasicRender - ok
10:15:24.0002 0x0328 [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn C:\Windows\System32\drivers\bcmfn.sys
10:15:24.0002 0x0328 bcmfn - ok
10:15:24.0002 0x0328 [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys
10:15:24.0018 0x0328 bcmfn2 - ok
10:15:24.0034 0x0328 [ F8F398A4AF7E0917320BC2B2CD812888, 02B9A6EA0AA750CA9B62AB09E99956C35E252A12B22C2CBFDC4E941ED5870591 ] BDESVC C:\Windows\System32\bdesvc.dll
10:15:24.0049 0x0328 BDESVC - ok
10:15:24.0049 0x0328 [ 5A88834AEE15D97695FAE0837B73B3E4, 03035FB51DE218B8EDB15129A0376DDED0C7E7B6DA58DD95B12E4E5C8D852ED8 ] Beep C:\Windows\system32\drivers\Beep.sys
10:15:24.0065 0x0328 Beep - ok
10:15:24.0081 0x0328 [ 8EA08141590CB9331FA773FB430E91E4, 0507499EF423CC9EE9AC18C2B5CBF9965E69481C69DC96E361C2184C53C3F404 ] BFE C:\Windows\System32\bfe.dll
10:15:24.0102 0x0328 BFE - ok
10:15:24.0118 0x0328 [ 64582C924C48175D52AED0D0E64AB413, 75DC6BC01D26A4BABEDB8013F0C106780F0991CA63075798C7C24B66022F58E3 ] BITS C:\Windows\System32\qmgr.dll
10:15:24.0165 0x0328 BITS - ok
10:15:24.0165 0x0328 [ DA2C6F7ACE392193C424FEA975C5BFFB, 668F91F3E5F8EA170C10823D6959E0EDB32434C51FAA68BEA782EDDF5618690E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:15:24.0184 0x0328 bowser - ok
10:15:24.0187 0x0328 [ 9972A886D911234F833A265D5D641D30, E64199AB64CC60C75371D8421031DC02818C852427C4F66AD3DF7DCDF33952B1 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
10:15:24.0203 0x0328 BrokerInfrastructure - ok
10:15:24.0219 0x0328 [ DA4C9335434E71D6CC86A3CA567769CC, 9FE5EE3CC91CADBF952446E0A9A79A8834B03C8D4C47D6E9257AF64B2C17F518 ] Browser C:\Windows\System32\browser.dll
10:15:24.0234 0x0328 Browser - ok
10:15:24.0234 0x0328 [ CAEC7BC11AF69A181AF7932E636E09E4, 503C69045F1E025CBEE2405043BB71CC58478985ECAF6587F73FCB57860F5709 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
10:15:24.0250 0x0328 BthAvrcpTg - ok
10:15:24.0250 0x0328 [ 5F2B4B32E986C058525D3BA2A475A16C, CEC5BB0B025DD9525CFBBEDF6EB6F63336534798495A4F95763CE112DF915088 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
10:15:24.0250 0x0328 BthHFEnum - ok
10:15:24.0265 0x0328 [ 5406289E8AE2CB52FC408154E0A64BA7, 0A3795F2E6E2B51198452CF69A99159D8E11650E95F41DF0B575CB72F9C6C6B5 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
10:15:24.0265 0x0328 bthhfhid - ok
10:15:24.0285 0x0328 [ BAB101E7826BE287F79C4BA721621989, E6DD25C89267FE87253B8226292F2894F5E702075D3B23B09339D3B28744C060 ] BthHFSrv C:\Windows\System32\BthHFSrv.dll
10:15:24.0287 0x0328 BthHFSrv - ok
10:15:24.0303 0x0328 [ A76F20CCCA31895A1DA78A875E50F946, ECD4B3670DA5984AA24F4354457B4E45983938A89FF6DB03B556A633B4B37E3C ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
10:15:24.0303 0x0328 BTHMODEM - ok
10:15:24.0319 0x0328 [ 7A177E18AA6A6A6365E6351C2BF8EDAE, A35224A20014B1215A6824AE5E17B8869A775EA272EF7F25EAFFA18733F8D09D ] bthserv C:\Windows\system32\bthserv.dll
10:15:24.0319 0x0328 bthserv - ok
10:15:24.0334 0x0328 [ BF89BDBA5D3A0B4256D3F6FC8D31880D, 940F3BF55B88261C9E9A951A092331559FC5B24FE3BA0F1E1AB3450D2CA364C1 ] buttonconverter C:\Windows\System32\drivers\buttonconverter.sys
10:15:24.0334 0x0328 buttonconverter - ok
10:15:24.0350 0x0328 [ C24C27FDF93B85A4EFCF25F830253AA2, 35C87518BB59663B57C2361A13AD4E57E37392598F1EB9F07F86CA5A6321AF5A ] CapImg C:\Windows\System32\drivers\capimg.sys
10:15:24.0350 0x0328 CapImg - ok
10:15:24.0366 0x0328 [ 7F9C7226D743B232907ED2537B8A574F, 2211AFC30E8F8FA03020DB48EE14914CD31E50BB6A63FF20AC7C6FA481E72C18 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:15:24.0366 0x0328 cdfs - ok
10:15:24.0386 0x0328 [ 0A92DC116CFC7F6BE8167DD25CB925CC, 50CAC7BE14FF69B10C029E049F7C441A5572540F027F95F940B185C76C689409 ] CDPSvc C:\Windows\System32\CDPSvc.dll
10:15:24.0403 0x0328 CDPSvc - ok
10:15:24.0403 0x0328 [ 82D97776BF982AA143BDC7DFB5054EA8, 954F56728371E6B3514586DCEAF15C4727BAED6CAFBF788654C4E03BD702942C ] cdrom C:\Windows\System32\drivers\cdrom.sys
10:15:24.0419 0x0328 cdrom - ok
10:15:24.0419 0x0328 [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] CertPropSvc C:\Windows\System32\certprop.dll
10:15:24.0435 0x0328 CertPropSvc - ok
10:15:24.0435 0x0328 [ 0505C1D991D0F9D47F3353BB98597C7E, 3B801CCF4980256327A4A9FBD98007DA1E3ACE9C94E5A4C23AB21303B46E8B5A ] circlass C:\Windows\System32\drivers\circlass.sys
10:15:24.0450 0x0328 circlass - ok
10:15:24.0466 0x0328 [ 8B4B39C507ABA09AAFE8E3932D1B392C, 734700155A658BC08FC96E8F99A01DE7F7251D7DDEFA79D258B2EEB370BA7AA8 ] CLFS C:\Windows\system32\drivers\CLFS.sys
10:15:24.0466 0x0328 CLFS - ok
10:15:24.0488 0x0328 [ F7526C133AC265F283012E9CD751F873, 6AABDD92FD880F49F63C1CC478C3D8291AF670802CEC58B32730E7675D858D88 ] ClipSVC C:\Windows\System32\ClipSVC.dll
10:15:24.0504 0x0328 ClipSVC - ok
10:15:24.0519 0x0328 [ 95832B049E2833B9F5189823CDF946C7, 72773A42A89220B4A6AC72D1633B16F11191A44D876A44FAB5CEFB717CE3223D ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
10:15:24.0519 0x0328 CmBatt - ok
10:15:24.0535 0x0328 [ A1105260EEEE3DBD8D38FD054B22BD00, CA943B0B03527B07690CAFFD53F8ABF14FB3974DAAA1036E54815BD0DAF803D8 ] CNG C:\Windows\system32\Drivers\cng.sys
10:15:24.0551 0x0328 CNG - ok
10:15:24.0551 0x0328 [ 58D640BC2294C71BDE0953F12D4B432F, 0B3B7659FCB97791A2A1F895C8E6F9078F855C94C13EB47464492588C4B02B85 ] cnghwassist C:\Windows\system32\DRIVERS\cnghwassist.sys
10:15:24.0566 0x0328 cnghwassist - ok
10:15:24.0588 0x0328 [ 14F9883588398A1BDE49C75098C75DE6, D9D82DE89FAFE60BC902683BC44C7555533A030150FD5E5A35A24542FACC5CAD ] CompositeBus C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
10:15:24.0588 0x0328 CompositeBus - ok
10:15:24.0588 0x0328 COMSysApp - ok
10:15:24.0604 0x0328 [ 02B8E49148DE5E0A2F6FDF28CE94A6AC, EEA405823F441CA604BEAA44EB71A1D20BC80E124FF7B27380D0201AAF2E0849 ] condrv C:\Windows\system32\drivers\condrv.sys
10:15:24.0604 0x0328 condrv - ok
10:15:24.0620 0x0328 [ DE6DF2C34718EADCFF8776E597F2104D, 35D03E95853CEAC69F674FB09C819A4698EBEDFD8AC0474F0ADF02741492401E ] CoreMessagingRegistrar C:\Windows\system32\coremessaging.dll
10:15:24.0635 0x0328 CoreMessagingRegistrar - ok
10:15:24.0666 0x0328 [ 137BC921135ECDA3E9917B56E3550D32, 6585F4FFEAB32583B867A14F7B7C09C563B1EA715AD9C3B850A7965C54A819A0 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
10:15:24.0689 0x0328 cphs - ok
10:15:24.0689 0x0328 [ 2CE0D74AED86A372997E9D77AE10B9F5, 1AFAA22C68FD0B81F73CE0EB763AD77AB97E78916752843A5056E1352F0FEA82 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:15:24.0704 0x0328 CryptSvc - ok
10:15:24.0704 0x0328 [ 5D578EAAFB6FD4F59523E5878B541296, 73573124787B79179880AFAF9CB8427237A1605A9F13D7783228DE24D18963C0 ] CSC C:\Windows\system32\drivers\csc.sys
10:15:24.0735 0x0328 CSC - ok
10:15:24.0751 0x0328 [ 5F07CCEE514894C9474AEDCA50B6C2C7, 38F54897C91A2E7D80D00852CEB173B26E822D7C68F35D31228245F811E028A8 ] CscService C:\Windows\System32\cscsvc.dll
10:15:24.0767 0x0328 CscService - ok
10:15:24.0786 0x0328 [ 2619DC483579DB9FE804044C1ADFFD1A, 23A5420288735A980917091532BE7BB36EB51660AA4555C615AF736357EB02EC ] dam C:\Windows\system32\drivers\dam.sys
10:15:24.0789 0x0328 dam - ok
10:15:24.0805 0x0328 [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:15:24.0836 0x0328 DcomLaunch - ok
10:15:24.0836 0x0328 [ 620921E77351FB651632322AD2C195C4, 5A98971995D7A2B5AE6BEA69344FCC6687B582FEF74BDA206D32FB2E6CEB0478 ] DcpSvc C:\Windows\system32\dcpsvc.dll
10:15:24.0867 0x0328 DcpSvc - ok
10:15:24.0867 0x0328 [ 6129EA4294C5C69E4665801E95B16AB2, CE419186CF0F57434426FF925A09F13BE87639679CBB5F2074B0E1A243349D27 ] defragsvc C:\Windows\System32\defragsvc.dll
10:15:24.0905 0x0328 defragsvc - ok
10:15:24.0905 0x0328 [ D12B9B6A6C4885824876422AACC89954, 5853ED5CAF84B7AAFF3EDC5C71FE23EB121DB681D81267D77118424BA9AB6F88 ] DeviceAssociationService C:\Windows\system32\das.dll
10:15:24.0936 0x0328 DeviceAssociationService - ok
10:15:24.0936 0x0328 [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
10:15:24.0952 0x0328 DeviceInstall - ok
10:15:24.0952 0x0328 [ 5BF8BD9B19D665452494C8D56DF4B28D, E5FC649207EF42C04B6737D442FECD3383E82F8998B140319FF400773F1D0978 ] DevQueryBroker C:\Windows\system32\DevQueryBroker.dll
10:15:24.0967 0x0328 DevQueryBroker - ok
10:15:24.0967 0x0328 [ C9478D7DB7BE5D7ACE65CB1167F07320, D5082D09EE62E34A195768040B741E22ACC9421CFF315423D77A63ABF8F5E39E ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
10:15:24.0989 0x0328 Dfsc - ok
10:15:24.0989 0x0328 [ 5841A361D28069DFC82E1E98040FDC3F, 3A48DB7ADE90654242CB54DAD07F5FF0CD5CABF372C50D5B2C4D7AED068986E1 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:15:25.0005 0x0328 Dhcp - ok
10:15:25.0005 0x0328 [ 9F5AC03F5A0000DD96FA29CD68A6605B, 6964E077635E65DA902CA6C69E704A9DCD5856D22BA75E1CF823E63E62266AF7 ] diagnosticshub.standardcollector.service C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
10:15:25.0020 0x0328 diagnosticshub.standardcollector.service - ok
10:15:25.0052 0x0328 [ 15D174719872A30F2FDD6B5B1B8BA5D9, B0E6FF6FC47B731C204F110D4B768231906B144B31F602ECE8EAC24D70BA880D ] DiagTrack C:\Windows\system32\diagtrack.dll
10:15:25.0089 0x0328 DiagTrack - ok
10:15:25.0089 0x0328 [ 4904B152E4942BF700F2D73228B4D477, 0E5646DCA05A24C71F057C9F9F64AE992D338DA72DF3126175C2FA178854C30F ] disk C:\Windows\system32\drivers\disk.sys
10:15:25.0105 0x0328 disk - ok
10:15:25.0105 0x0328 [ 49F069E2D22F33955A69D44DFD1B5179, 739C52C7B961BA683E8C7CCDB0E95423C17561B2F1F506BAE923DC53DB96B067 ] DmEnrollmentSvc C:\Windows\system32\Windows.Internal.Management.dll
10:15:25.0121 0x0328 DmEnrollmentSvc - ok
10:15:25.0136 0x0328 [ 0197AE4B9790A4E73751CACFAA480126, 86BBB398F1A93754B2C329271F13A88FD2F285F30225C38F068F565CCA14EB9F ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
10:15:25.0136 0x0328 dmvsc - ok
10:15:25.0136 0x0328 [ 5EF8EC71A7A91F3DF7798BEFE6786B0E, A3A56B43C72926881C66B7A17C9EAA35C2D9603C8D3849438838536BCD3F4633 ] dmwappushservice C:\Windows\system32\dmwappushsvc.dll
10:15:25.0152 0x0328 dmwappushservice - ok
10:15:25.0168 0x0328 [ 570BB222E3AFC4407636B53F6EABFA70, D0194A128370BB0A337B61402F9EEDD6F7942ADB19BF672D0F92DA2DA563D0DD ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:15:25.0188 0x0328 Dnscache - ok
10:15:25.0190 0x0328 [ 1B15297A3A2CAB6BD586676154F389D8, 623D5F5FC8622B7D9AEEEB1787E6846C1570F0EEF94341239440B616D09D672A ] dot3svc C:\Windows\System32\dot3svc.dll
10:15:25.0205 0x0328 dot3svc - ok
10:15:25.0205 0x0328 [ 27069CFFF29B7F04F4B1BB10154BE52B, 6869626F9A1D3F64224883C5E661638CEE893A3E29651C7B9302A03E52180415 ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
10:15:25.0221 0x0328 dot4 - ok
10:15:25.0221 0x0328 [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print C:\Windows\System32\drivers\Dot4Prt.sys
10:15:25.0221 0x0328 Dot4Print - ok
10:15:25.0237 0x0328 [ B7D595F2F464F7B628AD53F06547792C, F5D06A91EF54FBF56305FCC882B854350B266B2A005D80CC77AEBC2929440729 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
10:15:25.0237 0x0328 dot4usb - ok
10:15:25.0237 0x0328 [ 316C2D8B8E3C0727969F1C3790EF7193, 631F8578FDB26578C8436E4B9C4DF21E1F58FCFE6DA66E5769AAC3739005D465 ] DPS C:\Windows\system32\dps.dll
10:15:25.0252 0x0328 DPS - ok
10:15:25.0252 0x0328 [ 25FA06D3B49D6ADF8E874FFCDCD76B50, 9AF09B96ED79D94EA36581ABE6CC73313A72891779774B15860D018BEA2BBA0F ] drmkaud C:\Windows\System32\drivers\drmkaud.sys
10:15:25.0268 0x0328 drmkaud - ok
10:15:25.0268 0x0328 [ 16EE6701115BECF8C657D9D6E123F6A1, 16E115B5245C3C988F8B58B90D30F183021C7C7792D3D1C74BEC606E49672B2A ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
10:15:25.0290 0x0328 DsmSvc - ok
10:15:25.0290 0x0328 [ FBC8C56814642A7CA88ACBCA8DD1121F, 108690704A359991C3D6577477E232F5F2F46B36DF6B4B0738A893EF05D7D4EB ] DsSvc C:\Windows\System32\DsSvc.dll
10:15:25.0306 0x0328 DsSvc - ok
10:15:25.0337 0x0328 [ F45665E77D11F3C1552EDBEAD1559DC8, C7C4B493CB36A1A35B8CA33C044BA0ED273CDA80E36F48BFF7CE3A0356246838 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:15:25.0388 0x0328 DXGKrnl - ok
10:15:25.0390 0x0328 [ E716140ACA798A5EC48531F0739A0290, C585F1D9B08A406FE0ED35E07C2F20E793E67F8E153314A449701125C8EA7A4B ] e1iexpress C:\Windows\System32\drivers\e1i63x64.sys
10:15:25.0406 0x0328 e1iexpress - ok
10:15:25.0421 0x0328 [ 0CDF6B61D7F7FFCD195AF0113B9B2C16, 828D3FA31742B54075EAED2E67BBB5166D2EF4F84B791077E96DC0BD5557F11E ] Eaphost C:\Windows\System32\eapsvc.dll
10:15:25.0437 0x0328 Eaphost - ok
10:15:25.0490 0x0328 [ 491275B864B704B54EC08168344E0F38, B4849400C3F819CF7809A2001EA2ECB527022483F7DFE31C3930F951EAFE50CE ] ebdrv C:\Windows\system32\drivers\evbda.sys
10:15:25.0553 0x0328 ebdrv - ok
10:15:25.0569 0x0328 [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] EFS C:\Windows\System32\lsass.exe
10:15:25.0569 0x0328 EFS - ok
10:15:25.0569 0x0328 [ CEF108FCE06892CFA5F1B49527D4BF49, FA337584024B6E6EE4AF519F57FFA4C0FCA19EDC148FF309336C4CCA8F9C9CE8 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
10:15:25.0591 0x0328 EhStorClass - ok
10:15:25.0591 0x0328 [ 5B1EAAE3001A7A320C106FC3859F4111, 700BA2C7D4DFAFFEB78D3804B310A4EE5B4295C84600442665693FF661673951 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
10:15:25.0591 0x0328 EhStorTcgDrv - ok
10:15:25.0606 0x0328 [ E34DEFC09F2843C2C24C2248F1ABE6D8, 1FD67EB5820A1D2F4402DE9D95DE288DB69D421A8473074FF23491D7CA8B5ACE ] embeddedmode C:\Windows\System32\embeddedmodesvc.dll
10:15:25.0622 0x0328 embeddedmode - ok
10:15:25.0622 0x0328 [ 062152DD5B225518A991DFCD8536770C, 5C8EF4E0C7DE3B24387FF239A8D0CDA39C2376826F16EAFF09739A6C7EDA01E0 ] EntAppSvc C:\Windows\system32\EnterpriseAppMgmtSvc.dll
10:15:25.0638 0x0328 EntAppSvc - ok
10:15:25.0638 0x0328 [ 7A2705148A4BB3CA255F81624338B461, 68AC8F8D2DD8AA4E8F2224A0054DE2AF67EA199217E87CD3C7299B021048F14F ] ErrDev C:\Windows\System32\drivers\errdev.sys
10:15:25.0653 0x0328 ErrDev - ok
10:15:25.0669 0x0328 [ 17BE4A35829B37C742084DC02D48E5F0, 7FDA62B56DF585C3F2C6FFB10AC7C0D8F70FA921C4DEA47B2789745CFE2618CE ] EventSystem C:\Windows\system32\es.dll
10:15:25.0691 0x0328 EventSystem - ok
10:15:25.0691 0x0328 [ DFE8A33FBCF6F38182631A4D6097B92D, F9D06780830E74FD5309E6DC5C3EEDB9334A8AE284F381FA91EF2729297F8632 ] exfat C:\Windows\system32\drivers\exfat.sys
10:15:25.0707 0x0328 exfat - ok
10:15:25.0722 0x0328 [ 03DE0EC072C5EBD5B018CAD83F1E522A, 9D0B30A2870FBA20B95017CE3A4205F2DD53FE169A0D16715E962D83DE040FB3 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:15:25.0738 0x0328 fastfat - ok
__________________ 
22.03.2016, 10:46
Baum-Darstellung