Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 10: Trotux

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 03.08.2016, 06:59   #1
Crossfire_HD
 
Windows 10: Trotux - Ausrufezeichen

Windows 10: Trotux



Hey,
das ist mein erster Thread in den Forum also nicht zuviel erhoffen !

Schilderung des Problems:
Ganz einfach Trotux hat sich bei mir im Chrome Browser festgesetzt.
Hab schon probiert mit Anti Malwarebytes dagegen vorzugehen hat aber nichts gebracht!
Bit Defender wil bei mir erst gar nicht richtig starten!
Avira konnte auch wie Malwarebytes was finden und folglich in die Quarantäne gesteckt!
Dennoch verschwindet Trotux nicht !
Ein Interessanter Aspekt ist auch das wenn ich Chrome starte sich auch ein neues Fenster(Chrome Fenster öffnet)!
Hab auch überlegt ob es sich in den Eigenschaften befindet doch die kann ich warum immer nicht finden für Chrome!
Scan Dateien im Anhang!
Bei Logs.rar handelt es sich um Anti Malwarebytes!

Jetzt weiß ich nicht mehr weiter und hoffe hier auf Hilfe!
Danke im Voraus!

Mit Freundlichen Grüßen
-Crossfire

Alt 03.08.2016, 07:29   #2
Warlord711
/// TB-Ausbilder
 
Windows 10: Trotux - Standard

Windows 10: Trotux



Hallo Crossfire_HD



Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Hier findest du die Anleitung für Hilfesuchende
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir arbeiten hier alle freiwillig und meist auch nur in unserer Freizeit. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.


Führe sämtliche Tools mit administrativen Rechten aus, Vista, Win7,Win8, Win10 User mit Rechtsklick "als Administrator starten".

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Cursor zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.


Bitte die Logs so posten, ggf. auf mehrere Postings aufteilen, Danke !
__________________

__________________

Alt 03.08.2016, 07:48   #3
Crossfire_HD
 
Windows 10: Trotux - Standard

Windows 10: Trotux



Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
durchgeführt von Crossfire_HD (Administrator) auf CROSSFIRE_HD-PC (03-08-2016 07:54:20)
Gestartet von C:\Users\Crossfire_HD\Downloads
Geladene Profile: Crossfire_HD &  (Verfügbare Profile: Crossfire_HD & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 4\creator-ws.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(© pdfforge GmbH.) C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Spotify Ltd) C:\Users\Crossfire_HD\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Crossfire_HD\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Crossfire_HD\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Crossfire_HD\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Crossfire_HD\AppData\Roaming\Spotify\Spotify.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\java.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [Cm108Sound] => C:\WINDOWS\syswow64\RunDll32.exe C:\WINDOWS\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [888344 2016-01-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [17008 2016-07-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [831064 2016-07-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [FreePDF Assistant] => "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe -autorun
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2851408 2016-07-09] (Valve Corporation)
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29502592 2016-07-14] (Skype Technologies S.A.)
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-08-02] (Electronic Arts)
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\Run: [Spotify Web Helper] => C:\Users\Crossfire_HD\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-03] (Spotify Ltd)
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\Run: [Spotify] => C:\Users\Crossfire_HD\AppData\Roaming\Spotify\Spotify.exe [6937200 2016-08-03] (Spotify Ltd)
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\Run: [SimpleNoteApp] => C:\Users\Crossfire_HD\AppData\Roaming\SimpleNotepad\SimpleNoteApp.exe [419840 2016-07-28] ()
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\Run: [GoogleChromeAutoLaunch_E5480AB2FC0B1D04F5B79263E5033BD0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1152840 2016-07-19] (Google Inc.)
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\MountPoints2: {58fa407a-4bae-11e6-920a-382c4ae7ea75} - "D:\startme.exe" 
HKU\S-1-5-21-288855440-1587857584-130986015-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [232960 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2851408 2016-07-09] (Valve Corporation)
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29502592 2016-07-14] (Skype Technologies S.A.)
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-08-02] (Electronic Arts)
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Crossfire_HD\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-03] (Spotify Ltd)
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Crossfire_HD\AppData\Roaming\Spotify\Spotify.exe [6937200 2016-08-03] (Spotify Ltd)
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SimpleNoteApp] => C:\Users\Crossfire_HD\AppData\Roaming\SimpleNotepad\SimpleNoteApp.exe [419840 2016-07-28] ()
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_E5480AB2FC0B1D04F5B79263E5033BD0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1152840 2016-07-19] (Google Inc.)
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {58fa407a-4bae-11e6-920a-382c4ae7ea75} - "D:\startme.exe" 
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [232960 2015-10-30] (Microsoft Corporation)
ShellExecuteHooks:  - {6710C780-E20E-4C49-A87D-321850ED3D7C} - C:\Users\Crossfire_HD\AppData\Local\Microsoft\Windows\INetCookies\zamock.dll Keine Datei [ ]
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Crossfire_HD\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-21] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Crossfire_HD\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-21] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Crossfire_HD\AppData\Local\MEGAsync\ShellExtX64.dll [2016-07-21] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Crossfire_HD\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-21] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Crossfire_HD\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-21] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Crossfire_HD\AppData\Local\MEGAsync\ShellExtX32.dll [2016-07-21] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Setup-Assistent.lnk [2016-01-30]
ShortcutTarget: NETGEAR WNA3100 Setup-Assistent.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\Users\Crossfire_HD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-07-18]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Crossfire_HD\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
GroupPolicy: Beschränkung - Chrome <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{29ba0bb2-63ee-4cd6-9d5f-6ae3daea40d5}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{c6a863b1-340a-4486-9830-d5ed0b4ca1e8}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{d8f9edbf-dfec-48bf-98eb-29fad67c4fda}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-288855440-1587857584-130986015-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-288855440-1587857584-130986015-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-at/?pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-at/?pc=UE01&ocid=UE01DHP
SearchScopes: HKLM -> DefaultScope {E69617BF-CA64-44B1-8348-63B4F07C694F} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKLM -> {E69617BF-CA64-44B1-8348-63B4F07C694F} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-288855440-1587857584-130986015-1000 -> {E69617BF-CA64-44B1-8348-63B4F07C694F} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {E69617BF-CA64-44B1-8348-63B4F07C694F} URL = hxxp://www.startseite24.net/?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-24] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-24] (Oracle Corporation)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-01-15] (pdfforge GmbH)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-01-15] (pdfforge GmbH)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Crossfire_HD\AppData\Roaming\Profiles\s1g2xtcs.default
FF DefaultSearchEngine: trotux
FF SelectedSearchEngine: trotux
FF Homepage: hxxp://www.trotux.com/?z=2d8cd755c3fd6c8cdb627fdg6zem8e3g5w9m0meg4q&from=isr&uid=ST1000DM003_Z9A0176KXXXXZ9A0176K&type=hp
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.)
FF Plugin-x32: PDF Architect 4 -> C:\Program Files (x86)\PDF Architect 4\np-previewer.dll [2016-01-15] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-288855440-1587857584-130986015-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-07-26] ()
FF Plugin HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-07-26] ()
FF Extension: Avira Browser Safety - C:\Users\Crossfire_HD\AppData\Roaming\Mozilla\Firefox\Profiles\et8nOPA3.default\Extensions\abs@avira.com [2016-04-04]
FF Extension: Adblocker for Youtube™ - C:\Users\Crossfire_HD\AppData\Roaming\Mozilla\Firefox\Profiles\et8nOPA3.default\Extensions\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} [2016-08-02] [ist nicht signiert]
FF Extension: Avira Browser Safety - C:\Users\Crossfire_HD\AppData\Roaming\Profiles\s1g2xtcs.default\Extensions\abs@avira.com [2016-08-02]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: PDF Architect 4 Creator - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2016-03-09] [ist nicht signiert]

Chrome: 
=======
CHR HomePage: jaientgrinerlykerhule -> hxxps://www.google.at/
CHR StartupUrls: jaientgrinerlykerhule -> "hxxp://www.trotux.com/?z=2d8cd755c3fd6c8cdb627fdg6zem8e3g5w9m0meg4q&from=isr&uid=ST1000DM003_Z9A0176KXXXXZ9A0176K&type=hp"
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-07-2016
durchgeführt von Crossfire_HD (2016-08-03 07:48:14)
Gestartet von C:\Users\Crossfire_HD\Downloads
Windows 10 Pro Version 1511 (X64) (2016-02-10 16:53:09)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-288855440-1587857584-130986015-500 - Administrator - Disabled)
Crossfire_HD (S-1-5-21-288855440-1587857584-130986015-1000 - Administrator - Enabled) => C:\Users\Crossfire_HD
DefaultAccount (S-1-5-21-288855440-1587857584-130986015-503 - Limited - Disabled)
Gast (S-1-5-21-288855440-1587857584-130986015-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-288855440-1587857584-130986015-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.18.354 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 2.5.5.2425 - Avira Operations GmbH & Co. KG)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BlueStacks App Player (HKLM-x32\...\{4047E0FE-CBD8-4915-BBB1-45F6CBF417AC}) (Version: 2.0.4.5627 - BlueStack Systems, Inc.)
Call of Duty: Black Ops III (HKLM\...\Steam App 311210) (Version:  - Treyarch)
Devenv-Ressourcen für Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Dotfuscator and Analytics Community Edition 5.19.0 (x32 Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack 5.19.0 de-DE (x32 Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{2466E484-9D86-416B-9C88-AA533F15AF1C}) (Version: 12.0.2000.8 - Microsoft Corporation)
Far Cry® 3 (HKLM\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FileZilla Client 3.18.0 (HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\FileZilla Client) (Version: 3.18.0 - Tim Kosse)
FileZilla Client 3.18.0 (HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\FileZilla Client) (Version: 3.18.0 - Tim Kosse)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.13.0 - Androxyde)
FLV and Media Player 4.2.1.1 (HKLM-x32\...\FLV and Media Player) (Version: 4.2.1.1 - Applian Technologies)
Gemeinsam genutzte Microsoft Azure-Komponenten für Visual Studio 2015 Sprachpaket (DEU) - v1.5 (x32 Version: 1.5.30619.1602 - Microsoft Corporation) Hidden
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.82 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{48DF59F8-2ACD-4F1F-87F3-D820FE7A6178}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3070 B611 series Hilfe (HKLM-x32\...\{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}) (Version: 140.0.2.2 - Hewlett Packard)
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LIMBO (HKLM\...\Steam App 48000) (Version:  - Playdead)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.493 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.493 - LogMeIn, Inc.) Hidden
Magical Jelly Bean PasswdFinder (HKLM-x32\...\PasswdFinder_is1) (Version: 1.0.0.29 - PasswdFinder)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manager (x32 Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (Deutsch) (HKLM-x32\...\{EE8BD24B-75E1-4BBF-86B9-91FE16ADE71C}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (Deutsch) (HKLM-x32\...\{529EFF09-750D-48B9-A47A-34A3B6248C3F}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Help Viewer 2.2 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.2 Sprachpaket - DEU) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (14.0.50616.0) (HKLM-x32\...\{FA604873-01A0-4834-AF87-418534E465BB}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft SQL Server*2014 Management Objects  (HKLM-x32\...\{4F4CB3E2-9D2F-465A-854B-8276B02F4E7D}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Management Objects (x64) (HKLM\...\{03CB711D-679E-46ED-851B-C568418CF914}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Transact-SQL ScriptDom  (HKLM\...\{F2A2DB39-2C5A-4764-AA0F-5AB112663FFA}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 T-SQL Language Service  (HKLM-x32\...\{06BE8B71-46C6-434B-869E-85C58EF3120A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 mit Update 1 (HKLM-x32\...\{5790c106-6f85-49ac-8036-8ae82a465ec4}) (Version: 14.0.24720.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2014 (HKLM\...\{7F6DCED8-6A2B-4436-AF20-8F659D04E388}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2014 (HKLM-x32\...\{48BF289B-F3FA-4023-9251-80ABF7B726F9}) (Version: 12.0.2402.29 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mit C# erstellte geräteübergreifende Hybrid-Apps - Vorlagen - DEU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.7 - F.J. Wechselberger)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.11.6.18139 - Electronic Arts, Inc.)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM-x32\...\{3F514FDC-F0F2-3B99-86D6-F7B3A2679B39}) (Version: 4.5.51209 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6 (Deutsch) (HKLM-x32\...\{FACF2669-E25A-428A-9167-5EEDE741F3B9}) (Version: 4.6.00127 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM-x32\...\{4860C1E5-CE58-4D32-89DE-37951333B4C9}) (Version: 4.6.01055 - Microsoft Corporation)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PreEmptive Analytics Client German Language Pack (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28549 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
ROCCAT Juke (HKLM\...\C-Media CM108 Like Sound Driver) (Version:  - )
Roslyn Language Services - x86 (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.24730 - Microsoft Corporation) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
SimpleNotepad (HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\SimpleNotepad) (Version:  - )
SimpleNotepad (HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SimpleNotepad) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Sony Mobile Emma (HKLM-x32\...\Emma) (Version: 2.15.14.201510090937 - Sony Mobile Communications Inc.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.16.9.201606210840 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spotify (HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\Spotify) (Version: 1.0.34.146.g28f9eda2 - Spotify AB)
Spotify (HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.34.146.g28f9eda2 - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.23.2.4686 - Enigma Software Group, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TCSS (HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\2986f393c60af42d) (Version: 1.3.1.16 - THAUMCRAFT RESEARCH HELPER)
TCSS (HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\2986f393c60af42d) (Version: 1.3.1.16 - THAUMCRAFT RESEARCH HELPER)
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.24712 - Microsoft Corporation) Hidden
Team-ELAN Launcher (HKLM-x32\...\{02E71465-AFE4-4A68-B0A5-3C3691C879C0}) (Version: 1.00.0000 - Team ELAN)
TeamSpeak 3 Client (HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 20.2 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 DEU Language Pack (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 DEU Language Pack (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WhatsApp (HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\WhatsApp) (Version: 0.2.1455 - WhatsApp)
WhatsApp (HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WhatsApp) (Version: 0.2.1455 - WhatsApp)
WinRAR 5.30 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Xperia Companion (HKLM-x32\...\{8f4f39fa-087f-4e5c-84f3-1433ac7389e9}) (Version: 1.2.8.0 - Sony)
Xperia Companion (x32 Version: 1.2.8.0 - Sony) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-288855440-1587857584-130986015-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Crossfire_HD\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {03B722C9-3ED5-44EF-82DC-AB4D732117EC} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {0B6A444B-CFEA-4C87-AD59-C043D96C2E63} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-06-14] (Bitdefender)
Task: {0C1CD28F-B943-45AB-B7BE-8E73FA70F0D0} - System32\Tasks\Update Service for Youtube AdBlock2 => C:\Program Files (x86)\Youtube AdBlock\Okf2aCN.exe
Task: {0D0F1CCC-C39A-4A9A-8328-0E0FEBEA414D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {10B45967-D3FE-4180-B8C1-70EBA079A40B} - System32\Tasks\Update Service for Youtube AdBlock => C:\Program Files (x86)\Youtube AdBlock\Okf2aCN.exe
Task: {12409727-2BC2-40F2-B5BF-38736DD51E74} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {13F82722-4A8D-4987-AA7B-C1F6C7B17ED0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {16546C53-62C5-48A7-8F6B-ED7CCEF312F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {19946831-151D-4C1D-B513-528450613A4E} - System32\Tasks\4c6eafcdf1ccde1dca49300c8e6ac84f => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\WINDOWS\4c6eafcdf1ccde1dca49300c8e6ac84f.ps1 <==== ACHTUNG
Task: {19FD6172-39F1-4D95-B66B-B45DC956BB37} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {1A590FD1-2723-4510-A950-F089245D9FE0} - System32\Tasks\Reoqucultsterke Mapper => C:\Program Files (x86)\Nevusygerwersh\ReoqucultsterkemppCdr.exe
Task: {1B76CA70-5B82-4B0D-88F4-290133870C27} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {2C74342F-6991-48DD-B43B-2B06A7437196} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3019A36A-E4FB-4982-85CD-629F7B7EB0F6} - System32\Tasks\{0681938D-4E8B-4C9B-8322-DA55158A383F} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=deDE --uid=battle.net --displayname="Battle.net"
Task: {34093819-0357-4AFC-AF33-8692CAA113EF} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3A0DBA06-C893-4489-8998-8D315984CCF2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {49EC0C86-355F-4EE3-9A6E-41B6054CB868} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {4E7FCCD0-A6B1-4843-BABA-ECF7EF3B663C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {5A7FD728-AA1F-4DC3-B454-4F436ADC3B37} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6827CC08-472B-4082-B270-23FCBBEA239E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> Keine Datei <==== ACHTUNG
Task: {841D2B5A-08FD-4BEB-895B-240979235A5E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {85E2F4BA-17C0-420C-9948-802555DFD119} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {8E12F9B7-368C-45CA-B3C9-5AA63C7B6747} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {8E29A291-BF95-4934-80E2-A847A24980E3} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {8F821C14-793F-400B-9265-DA081362F424} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {9103782E-A8AD-4DF6-B4F8-B169EFBA03BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {963D80A5-7680-4376-8CBE-E7D2099BDD82} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {A3ECC9D6-C076-4D60-8E15-16265431612C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {AF529768-B830-4EE4-8F5C-CFE061BAB939} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {AFF82AC0-4F84-44E4-B99A-2D54BD299B04} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2016-07-14] (Avira Operations GmbH & Co. KG)
Task: {B070F8F1-E072-4423-BC20-6933077B3551} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {B54CEE19-D968-44F7-A9A2-4A0CF71C83C3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {B8C3C573-E76B-4CF0-9C87-A0349C1A7F94} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {C2D6FCD4-2257-420A-B2EA-E10F39FA0505} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {C537A78E-02C5-48E4-B4BC-75405C6C4FA5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {D0969457-4F1F-45D0-9E48-600206A0B61B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D5490FD3-6B4A-4FF2-AB66-F2EBBFE1C8D7} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {DBD6A389-84F7-4E2F-BAE3-EB4DD6690DDF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {DD7D8A66-BB3A-4FA1-8947-4F28E2487D73} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {DE3476E9-97D1-45DB-A166-CF25EBD5013E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E40AC3C1-DFBC-4A24-B531-DC41BFC1F817} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2016-08-03] (Enigma Software Group USA, LLC.)
Task: {E57F69EF-E582-40E9-948B-CB218082CAF4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {E58A9822-D1F6-41F4-98AA-FF1DF222C1C7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {E7EFA255-3ECE-4F9B-B18B-A80B45B7286B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {F7DC0386-5E90-48AC-8C96-7EBD72570D4E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Update Service for Youtube AdBlock.job => C:\Program Files (x86)\Youtube AdBlock\Okf2aCN.exe
Task: C:\WINDOWS\Tasks\Update Service for Youtube AdBlock2.job => C:\Program Files (x86)\Youtube AdBlock\Okf2aCN.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\Crossfire_HD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\26f6af815f3d1884\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=jaientgrinerlykerhule

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-08-02 22:19 - 2016-08-02 22:19 - 00138752 ____H () C:\Users\Crossfire_HD\AppData\LocalLow\Youtube AdBlock\local64spl.dll
2016-08-02 22:19 - 2016-08-02 22:19 - 00138752 ____H () C:\Users\Crossfire_HD\AppData\Local\Temp\local64spl.dll
2016-08-02 22:19 - 2016-08-02 22:19 - 00138752 ____H () C:\Users\DefaultAppPool\AppData\LocalLow\Youtube AdBlock\local64spl.dll
2016-08-02 22:19 - 2016-08-02 22:19 - 00138752 ____H () C:\Users\DefaultAppPool\AppData\Local\Temp\local64spl.dll
2016-08-02 22:19 - 2016-08-02 22:19 - 00138752 ____H () C:\WINDOWS\Temp\local64spl.dll
2016-08-02 22:19 - 2016-08-02 22:19 - 00138752 ____H () C:\Users\Crossfire_HD\AppData\Roaming\Mozilla\Firefox\Profiles\et8nOPA3.default\local64spl.dll
2016-08-02 22:19 - 2016-08-02 22:19 - 00138752 ____H () C:\Users\Crossfire_HD\AppData\Local\Google\Chrome\User Data\local64spl.dll
2016-04-09 01:18 - 2016-06-14 22:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-09 01:18 - 2016-06-14 22:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-09 01:18 - 2016-06-14 22:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-04-09 01:18 - 2016-06-14 22:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-04-19 01:55 - 2016-04-19 01:55 - 00187824 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-03-13 22:56 - 2016-03-13 23:02 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-01-30 23:29 - 2010-08-26 18:48 - 00285152 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2016-07-12 21:49 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 21:49 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-20 16:06 - 2016-05-20 16:06 - 00959168 _____ () C:\Users\Crossfire_HD\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2014-05-01 16:13 - 2016-07-21 15:20 - 00592384 _____ () C:\Users\Crossfire_HD\AppData\Local\MEGAsync\ShellExtX64.dll
2016-05-27 14:19 - 2016-05-27 14:19 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-05-18 00:42 - 2016-05-18 00:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-04-09 01:18 - 2016-06-14 22:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-09 01:18 - 2016-06-14 22:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-09 01:18 - 2016-06-14 22:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-04-09 01:18 - 2016-06-14 22:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-02-10 07:51 - 2016-02-10 07:51 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 21:51 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 21:50 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 21:50 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 21:50 - 2016-07-01 05:22 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-07-12 21:50 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 21:50 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-12 21:50 - 2016-07-01 05:21 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-10-30 09:18 - 2015-10-30 20:46 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2016-06-03 16:26 - 2016-06-03 16:26 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-06-03 16:26 - 2016-06-03 16:26 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-03 16:26 - 2016-06-03 16:26 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-03-04 13:46 - 2016-03-04 13:47 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-04-09 01:16 - 2016-03-22 04:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-08-03 07:07 - 2016-07-19 03:31 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.82\libglesv2.dll
2016-08-03 07:07 - 2016-07-19 03:31 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.82\libegl.dll
2016-08-03 07:10 - 2016-08-03 07:10 - 00317440 _____ () C:\Users\Crossfire_HD\AppData\Roaming\.minecraft\versions\1.9.2-OptiFine_HD_U_B3\1.9.2-OptiFine_HD_U_B3-natives-20326945752345\lwjgl64.dll
2016-08-03 07:10 - 2016-08-03 07:10 - 00382464 _____ () C:\Users\Crossfire_HD\AppData\Roaming\.minecraft\versions\1.9.2-OptiFine_HD_U_B3\1.9.2-OptiFine_HD_U_B3-natives-20326945752345\OpenAL64.dll
2016-08-03 07:24 - 2016-08-03 07:26 - 03712064 _____ () C:\Users\Crossfire_HD\Downloads\AdwCleaner_5.201.exe
2016-01-30 23:29 - 2010-07-09 17:38 - 00331776 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2016-04-05 21:12 - 2016-08-03 07:04 - 52042352 _____ () C:\Users\Crossfire_HD\AppData\Roaming\Spotify\libcef.dll
2016-04-05 21:12 - 2016-08-03 07:04 - 01741936 _____ () C:\Users\Crossfire_HD\AppData\Roaming\Spotify\libglesv2.dll
2016-04-05 21:12 - 2016-08-03 07:04 - 00087664 _____ () C:\Users\Crossfire_HD\AppData\Roaming\Spotify\libegl.dll
2014-05-01 16:15 - 2016-07-21 15:19 - 00564224 _____ () C:\Users\Crossfire_HD\AppData\Local\MEGAsync\ShellExtX32.dll
2016-01-30 23:33 - 2016-06-14 22:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\amazon.de -> hxxps://amazon.de
IE trusted site: HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\amazon.de -> hxxps://amazon.de
IE trusted site: HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\amazon.de -> hxxps://amazon.de

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-288855440-1587857584-130986015-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Crossfire_HD\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\vans_off_the_wall_by_ceejaydejesus-d5z6a6j.jpg
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Crossfire_HD\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\vans_off_the_wall_by_ceejaydejesus-d5z6a6j.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "FreePDF Assistant"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\StartupApproved\Run: => "Sidebar"
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\StartupApproved\Run: => "SimpleNoteApp"
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Sidebar"
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "SimpleNoteApp"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{5EF3CE5A-5FCF-4499-AF8D-C1537822FE52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{61BC6AF0-D27B-4F17-9158-4AACB45AC9E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{40C0E97D-3FB7-4721-A423-09865CE5BDB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{A443B6FA-8735-47F9-BDE6-409E85DBB983}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{B915A188-F426-4198-A154-EACC9541F7C4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{89A159FD-34A1-425F-8D76-2F9F0536A640}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{464F63F2-ADD0-4FAB-A0AE-0A03B1FC5D79}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DAF89BFB-2D75-4C68-9FDE-580BDA3736C8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9CA29EEA-430A-48B6-8226-B70122938B5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{8EE749A3-B783-43A3-A2A7-B255CC2A90E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [UDP Query User{271BBA05-1BBD-46DC-86BC-B1251C425E0E}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [TCP Query User{FF36982C-09CD-444D-9E06-6C1CA212B9AD}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{24787684-9BE1-41E4-965B-7D7A075204F2}C:\users\crossfire_hd\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\crossfire_hd\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{F77AEB34-F461-40AB-BFEB-3308BA17F226}C:\users\crossfire_hd\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\crossfire_hd\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{B08C78AD-FF20-4B5F-99AD-5677A05AAD4A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{88B404FC-7F10-4109-8DDC-B023E08C35F0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EC190D54-2015-4178-8CE4-CBA23864EFEE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C101FC18-5250-4905-9442-A275DC403A70}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{77BDA175-4E2F-4343-8F7C-77954AFE09B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{FF0E8C0D-16A0-47B7-A8FF-6F1D1891933D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{D4DDF5BE-CE67-46D3-B8C0-4E49563597E8}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\DeviceSetup.exe
FirewallRules: [{E0703A42-3640-431C-8E7D-CDD5F42AD68B}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{8959406C-9A0B-4E3C-8536-61D71030A130}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{874885FE-F0B2-473C-BF28-B621492C525A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{273F825A-7CAE-4ADE-9F54-70402380C3DB}C:\users\crossfire_hd\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\crossfire_hd\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8803B7F4-175B-492B-8E71-CD0B55317D5B}C:\users\crossfire_hd\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\crossfire_hd\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{A55EA6B5-1A55-457D-B063-FB670AD31F7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{93EA1D0C-C124-4438-BBDA-C8C27F1B220E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2925B00B-867C-4DD2-8A38-68CB724D5E4C}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{BFCCF9AC-2CEF-4921-9434-AAE3E96C64E9}C:\users\crossfire_hd\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\crossfire_hd\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7FCF6CEF-7F45-4DB1-8C30-3848DDD98314}C:\users\crossfire_hd\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\crossfire_hd\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{251EBECF-F7EC-4431-896C-3F8A2FCE0C3C}] => (Block) C:\users\crossfire_hd\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{4DE2F103-F0AE-42B7-BCDD-84184917EE32}] => (Block) C:\users\crossfire_hd\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{836EAA45-EADB-4A2E-8F07-AC22C7E64E01}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9E297BA3-3E9A-40B7-8490-58975FEA3309}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CD066CA8-57FB-4954-A4CE-083EDBD7DB01}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3B09FAE8-9364-4E5C-9CC7-179961BFE279}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{C2B5EAE5-033D-4A49-9182-E070A7B04DE5}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{8329CD47-6EFA-451F-AE44-F80108EE9CB6}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{15014D23-FAFE-49C6-8AB9-FDD694882C3B}] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{EB774CE1-F27C-4D08-AF0F-0028D06689CF}] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{D56DF930-9AF2-44CD-8E48-D882FA6058EC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3153A4A6-5F28-4ECB-A10E-B9F60BABFDEF}C:\users\crossfire_hd\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\crossfire_hd\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{75CBA290-589C-4E16-8937-44C69E70E540}C:\users\crossfire_hd\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\crossfire_hd\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C6CE97E8-646C-4E1E-BFCF-C4FC8A206DBE}] => (Block) C:\users\crossfire_hd\appdata\roaming\spotify\spotify.exe
FirewallRules: [{020AA45B-A6D6-4254-B5CF-9B0EFA3D7866}] => (Block) C:\users\crossfire_hd\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4EB26D04-98A0-44FF-8FFE-437C1AE8A9A9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DD3FF646-47C6-400B-B9DD-61EAF5401E75}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{959743B3-D063-4AAF-8920-2805E179F37C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BAA37FC3-EA46-4403-96D9-3D77D921D208}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9FFCA6EC-D175-458D-B6F1-1D48552E736F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{BF1F1B48-CC37-442E-A29D-D9A2E21CE4CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{06ACC150-ECD3-48E1-BD15-0F3CE375790D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{89E441BF-D92D-426C-815B-2946DAB563EB}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{822864CA-0C70-4131-9734-E8A5B2E831F7}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{B00F9E88-1389-4F1F-BD9A-9240F8C62480}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{E60C83CD-09E6-4C38-BE0D-0168F6AAF846}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{9B2B2B53-D986-40A0-A6C0-3284AAB94741}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{97919623-A009-4B6B-BD75-AC0154CF4FB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [TCP Query User{A9F2D2D2-1A26-45F0-B51D-30CA2324A05F}C:\users\crossfire_hd\desktop\neuer ordner (2)\bin\javaw.exe] => (Allow) C:\users\crossfire_hd\desktop\neuer ordner (2)\bin\javaw.exe
FirewallRules: [UDP Query User{56F4FCC7-720F-4C6C-8377-AD740194AA3D}C:\users\crossfire_hd\desktop\neuer ordner (2)\bin\javaw.exe] => (Allow) C:\users\crossfire_hd\desktop\neuer ordner (2)\bin\javaw.exe
FirewallRules: [{623D7AAD-9442-4EC5-B14B-12415EE8C128}] => (Block) C:\users\crossfire_hd\desktop\neuer ordner (2)\bin\javaw.exe
FirewallRules: [{9CDF9B88-C90E-4B21-B68D-12743AFBFA6D}] => (Block) C:\users\crossfire_hd\desktop\neuer ordner (2)\bin\javaw.exe
FirewallRules: [TCP Query User{97CEC51A-EF86-4825-8CB1-E6760EBAD383}C:\program files\java\jdk1.7.0_79\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\javaw.exe
FirewallRules: [UDP Query User{5308EDF0-8BD0-4B64-9DEA-E8ED8D31C6A0}C:\program files\java\jdk1.7.0_79\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\javaw.exe
FirewallRules: [{85EA38C6-60AB-4F7A-9D87-FBB0A4173896}] => (Block) C:\program files\java\jdk1.7.0_79\bin\javaw.exe
FirewallRules: [{C4DEEE0B-4D19-4F8A-8F61-2D5A447C1874}] => (Block) C:\program files\java\jdk1.7.0_79\bin\javaw.exe
FirewallRules: [TCP Query User{503B7353-60C0-469C-8206-F3EB55A2680F}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{F3792FA2-20A8-4B92-82BB-24C22D7E3A8D}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{502912E2-A8E3-4928-8DBE-215F91FA4D15}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{1D40FD7F-CA06-463B-8E30-CA72DC8966F2}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{554B4F15-A35D-4D55-A6CE-79C8454042A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2C6EEBD1-42B0-4BEF-86DC-458D23011B60}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4A106C42-AF83-4630-AB49-B182ECA4CCEA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{72368A6B-FA8F-4FA2-A740-A093F9FFF9ED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{56C04943-E89A-4934-86DE-07992A6435F3}C:\program files\java\jdk1.7.0_79\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_79\jre\bin\javaw.exe
FirewallRules: [UDP Query User{372EE4F6-ADCC-4F45-901C-AE83590C5BB8}C:\program files\java\jdk1.7.0_79\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_79\jre\bin\javaw.exe
FirewallRules: [{68B96CF5-9ABA-442A-8506-BBC39FB8BF6A}] => (Block) C:\program files\java\jdk1.7.0_79\jre\bin\javaw.exe
FirewallRules: [{7B387F09-B494-48B7-B442-0C7C24B4CAB0}] => (Block) C:\program files\java\jdk1.7.0_79\jre\bin\javaw.exe
FirewallRules: [{CA99C704-E03F-4EE0-BA93-08FE77AE6C1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{47C4EE5D-4248-47C1-B7C3-FE7D5445D814}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{05AE53B6-E876-49AF-9753-F595F5DB072D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{62563AC7-0D40-4984-A23C-C02A15E4DB3E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{31A8DD71-C335-42EE-BB16-EC12DEB4581A}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{32374964-B9FF-4ABD-8B6D-0E631ADED40D}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{F733A6CA-4137-421F-A5A7-99FD191FC8C9}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{3CE9BD81-F1A6-4FEB-845B-ADB1B6A5864C}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{97C9FF9E-BA72-4789-89D4-3EF3CB69A51A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{449316A9-EBB8-4737-99C1-EE9BE7CAA1C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [TCP Query User{C5A7BAD6-1340-40FD-B07A-F933EAB3006D}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{9C6BF01C-F4BA-4018-8C28-A73C5DFB0297}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{584F97A6-DF55-425B-A66A-F7397F3F9EFC}] => (Block) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{978EFA41-EA34-4993-AF4B-4312D858426A}] => (Block) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{FF0F4D96-2380-4C1C-8D8E-C8B82CD0F9EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{9C523F85-575B-4C42-ACAA-3487662E695F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{B6E7C1B5-8B4A-4B3B-91AB-91A9BF682AF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{90306B6E-B245-40E9-A0CD-3B8F2F626572}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{5CCD9B34-8985-4DEA-A576-70FFC4BB133F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{942D50C2-DC74-4144-998C-538D62D83151}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{952CCE90-01F3-46B5-BB75-6CA0ECF818FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{B3508DE4-7C5C-49F4-9960-BEA755AE5226}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{937A63A8-C6DD-472B-BB07-E1A802F4B946}] => (Allow) C:\Program Files (x86)\Sony Mobile\Emma\Emma.exe
FirewallRules: [{EE5B3824-001B-475C-BA7C-678EF00838B0}] => (Allow) C:\Program Files (x86)\Sony Mobile\Emma\Emma.exe
FirewallRules: [{F9D56BA1-44C4-4A70-B192-9E56DCF267FD}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{DA733C7B-7F50-4C2F-908D-A0384C4233EF}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{B3409589-296B-48CD-81AE-019E68AAE8D8}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [TCP Query User{7771E9DA-C11C-4771-9CAE-CD88127ED2B1}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{2BA25583-650B-4689-8516-356F42B2E679}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{B9D82093-A02F-44E6-86C5-AF434C799451}] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{C63DF258-8DB9-4A5B-98C5-C1BF436C9A9B}] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{A6C7413A-1EBF-4A9B-9FF2-5B2A1E95939F}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{18519D2B-1AC9-4595-AF0F-DDA4D1E1B2EE}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{92FC2F6D-5A95-43C5-86D0-3116B4A2498D}] => (Block) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{0E22687F-7619-4659-96D6-F515CB21C493}] => (Block) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{C3F1A4EE-6B11-4F83-96A0-2730062612FD}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{E3AD4811-0940-415A-9F0E-31D90FDD7843}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{3767DB84-EE01-4CB6-AE54-F901A7ACDA06}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{63AC1CB5-FB14-478C-8F4A-2A013ED2D67F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{0FFAECCD-2F78-4BC7-B15A-5B4FF120F922}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{957724D8-A382-4EDF-A1C0-5E82923B86D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{038B1896-8459-46B8-99BF-40B2EA3C39A2}C:\users\crossfire_hd\desktop\golf with friends\golf with friends.exe] => (Allow) C:\users\crossfire_hd\desktop\golf with friends\golf with friends.exe
FirewallRules: [UDP Query User{FA226547-1920-4108-8D73-50C15AA69FA7}C:\users\crossfire_hd\desktop\golf with friends\golf with friends.exe] => (Allow) C:\users\crossfire_hd\desktop\golf with friends\golf with friends.exe
FirewallRules: [{44D5B824-868E-4755-A97F-C73196B3C307}] => (Block) C:\users\crossfire_hd\desktop\golf with friends\golf with friends.exe
FirewallRules: [{AAB4D1EB-10FD-4A9F-9A0C-84BDB6496128}] => (Block) C:\users\crossfire_hd\desktop\golf with friends\golf with friends.exe
FirewallRules: [{73F107F5-8BBC-4EB4-AA9F-F9EBF4BA922B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

25-07-2016 20:32:37 Avira System Speedup 2.5.5
02-08-2016 17:13:14 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/03/2016 07:18:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CROSSFIRE_HD-PC)
Description: Bei der Aktivierung der App „Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/03/2016 06:07:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d8f0
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.10586.306, Zeitstempel: 0x571af2eb
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00000000000a9ba0
ID des fehlerhaften Prozesses: 0x5098
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (08/03/2016 02:06:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d8f0
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.10586.306, Zeitstempel: 0x571af2eb
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00000000000a9ba0
ID des fehlerhaften Prozesses: 0x1c68
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (08/03/2016 01:37:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d8f0
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.10586.306, Zeitstempel: 0x571af2eb
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000ee6fc
ID des fehlerhaften Prozesses: 0x29bc
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (08/03/2016 01:37:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NetworkUXBroker.exe, Version: 10.0.10586.420, Zeitstempel: 0x57491d98
Name des fehlerhaften Moduls: NetworkUXBroker.exe, Version: 10.0.10586.420, Zeitstempel: 0x57491d98
Ausnahmecode: 0xe0464645
Fehleroffset: 0x000000000000a6d6
ID des fehlerhaften Prozesses: 0x253c
Startzeit der fehlerhaften Anwendung: 0xNetworkUXBroker.exe0
Pfad der fehlerhaften Anwendung: NetworkUXBroker.exe1
Pfad des fehlerhaften Moduls: NetworkUXBroker.exe2
Berichtskennung: NetworkUXBroker.exe3
Vollständiger Name des fehlerhaften Pakets: NetworkUXBroker.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: NetworkUXBroker.exe5

Error: (08/02/2016 11:57:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NetworkUXBroker.exe, Version: 10.0.10586.420, Zeitstempel: 0x57491d98
Name des fehlerhaften Moduls: NetworkUXBroker.exe, Version: 10.0.10586.420, Zeitstempel: 0x57491d98
Ausnahmecode: 0xe0464645
Fehleroffset: 0x000000000000a6d6
ID des fehlerhaften Prozesses: 0xe18
Startzeit der fehlerhaften Anwendung: 0xNetworkUXBroker.exe0
Pfad der fehlerhaften Anwendung: NetworkUXBroker.exe1
Pfad des fehlerhaften Moduls: NetworkUXBroker.exe2
Berichtskennung: NetworkUXBroker.exe3
Vollständiger Name des fehlerhaften Pakets: NetworkUXBroker.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: NetworkUXBroker.exe5

Error: (08/02/2016 11:56:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.ServiceHost.exe, Version: 1.1.67.18988, Zeitstempel: 0x57836066
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.494, Zeitstempel: 0x5775e78b
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000bdae8
ID des fehlerhaften Prozesses: 0xb00
Startzeit der fehlerhaften Anwendung: 0xAvira.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.ServiceHost.exe2
Berichtskennung: Avira.ServiceHost.exe3
Vollständiger Name des fehlerhaften Pakets: Avira.ServiceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Avira.ServiceHost.exe5

Error: (08/02/2016 11:56:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.IOException
   bei Avira.OE.AvConnector.AvEventRepository.ReadAll(System.String)
   bei Avira.OE.AvConnector.AvEventRepository.GetLastEvent()
   bei Avira.OE.AvConnector.AvEventRepository.StartDatabaseMonitoring()
   bei Avira.OE.AvConnector.AvEventRepository.Initialize(System.String, System.String, Int32, System.String)
   bei Avira.OE.AvConnector.AvStatusReporter.GetDatabaseReader()
   bei Avira.OE.AvConnector.AvStatusReporter.GetLastEvent()
   bei Avira.OE.AvConnector.AvConnector.GetAvStatusData(Boolean, Avira.OE.WinCore.Interface.ServiceEvent)
   bei Avira.OE.AvConnector.AvConnector.RefreshDeviceState(Boolean, Avira.OE.WinCore.Interface.ServiceEvent)
   bei Avira.OE.AvConnector.AvConnector.Start()
   bei Avira.OE.ServiceHost.ServiceHost.StartServiceModules()
   bei Avira.OE.ServiceHost.ServiceHost.Initialize()
   bei Avira.OE.ServiceHost.Program+<>c__DisplayClass1.<OnServiceStart>b__0(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/02/2016 11:50:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CROSSFIRE_HD-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/02/2016 11:50:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CROSSFIRE_HD-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (08/03/2016 07:18:59 AM) (Source: DCOM) (EventID: 10010) (User: CROSSFIRE_HD-PC)
Description: MicrosoftEdge.AppXeb42j1vh6rk395pm0vmcx57dxqjhej5d.mca

Error: (08/03/2016 06:58:03 AM) (Source: DCOM) (EventID: 10010) (User: CROSSFIRE_HD-PC)
Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}

Error: (08/03/2016 03:10:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_4d38f" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/03/2016 03:10:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _4d38f" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/03/2016 03:10:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_4d38f" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/03/2016 03:10:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_4d38f" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/03/2016 01:46:33 AM) (Source: usbehci) (EventID: 4) (User: )
Description: A timeout occurred while waiting for the EHCI host controller Interrupt on Async Advance Doorbell response.

Error: (08/03/2016 01:38:59 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll
Fehlercode: 21

Error: (08/03/2016 01:38:35 AM) (Source: DCOM) (EventID: 10016) (User: CROSSFIRE_HD-PC)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Crossfire_HD-PCCrossfire_HDS-1-5-21-288855440-1587857584-130986015-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (08/03/2016 01:38:35 AM) (Source: DCOM) (EventID: 10016) (User: CROSSFIRE_HD-PC)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Crossfire_HD-PCCrossfire_HDS-1-5-21-288855440-1587857584-130986015-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742


CodeIntegrity:
===================================
  Date: 2016-07-16 23:10:04.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-15 07:20:04.303
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-14 00:52:29.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-20 00:41:26.820
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-17 05:23:03.555
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-17 03:20:46.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-22 13:34:36.268
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Overwolf\0.94.107.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

  Date: 2016-05-22 13:34:36.266
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Overwolf\0.94.107.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

  Date: 2016-05-20 02:04:49.384
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Overwolf\0.94.107.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

  Date: 2016-05-20 00:56:06.254
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Overwolf\0.94.107.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: AMD FX(tm)-6300 Six-Core Processor 
Prozentuale Nutzung des RAM: 65%
Installierter physikalischer RAM: 8091.79 MB
Verfügbarer physikalischer RAM: 2788.22 MB
Summe virtueller Speicher: 16283.79 MB
Verfügbarer virtueller Speicher: 8058.02 MB

==================== Laufwerke ================================

Drive c: (Festplatte) (Fixed) (Total:465.32 GB) (Free:35.39 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]

==================== MBR & Partitionstabelle ==================
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 0.

==================== Ende von Addition.txt ============================
         
__________________

Alt 03.08.2016, 07:52   #4
Crossfire_HD
 
Windows 10: Trotux - Standard

Windows 10: Trotux



Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-07-2016
durchgeführt von Crossfire_HD (2016-08-03 07:48:14)
Gestartet von C:\Users\Crossfire_HD\Downloads
Windows 10 Pro Version 1511 (X64) (2016-02-10 16:53:09)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-288855440-1587857584-130986015-500 - Administrator - Disabled)
Crossfire_HD (S-1-5-21-288855440-1587857584-130986015-1000 - Administrator - Enabled) => C:\Users\Crossfire_HD
DefaultAccount (S-1-5-21-288855440-1587857584-130986015-503 - Limited - Disabled)
Gast (S-1-5-21-288855440-1587857584-130986015-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-288855440-1587857584-130986015-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.18.354 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 2.5.5.2425 - Avira Operations GmbH & Co. KG)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BlueStacks App Player (HKLM-x32\...\{4047E0FE-CBD8-4915-BBB1-45F6CBF417AC}) (Version: 2.0.4.5627 - BlueStack Systems, Inc.)
Call of Duty: Black Ops III (HKLM\...\Steam App 311210) (Version:  - Treyarch)
Devenv-Ressourcen für Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Dotfuscator and Analytics Community Edition 5.19.0 (x32 Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack 5.19.0 de-DE (x32 Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{2466E484-9D86-416B-9C88-AA533F15AF1C}) (Version: 12.0.2000.8 - Microsoft Corporation)
Far Cry® 3 (HKLM\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FileZilla Client 3.18.0 (HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\FileZilla Client) (Version: 3.18.0 - Tim Kosse)
FileZilla Client 3.18.0 (HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\FileZilla Client) (Version: 3.18.0 - Tim Kosse)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.13.0 - Androxyde)
FLV and Media Player 4.2.1.1 (HKLM-x32\...\FLV and Media Player) (Version: 4.2.1.1 - Applian Technologies)
Gemeinsam genutzte Microsoft Azure-Komponenten für Visual Studio 2015 Sprachpaket (DEU) - v1.5 (x32 Version: 1.5.30619.1602 - Microsoft Corporation) Hidden
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.82 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{48DF59F8-2ACD-4F1F-87F3-D820FE7A6178}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3070 B611 series Hilfe (HKLM-x32\...\{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}) (Version: 140.0.2.2 - Hewlett Packard)
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LIMBO (HKLM\...\Steam App 48000) (Version:  - Playdead)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.493 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.493 - LogMeIn, Inc.) Hidden
Magical Jelly Bean PasswdFinder (HKLM-x32\...\PasswdFinder_is1) (Version: 1.0.0.29 - PasswdFinder)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manager (x32 Version: 4.0.1.25166 - 2015 pdfforge GmbH. All rights reserved) Hidden
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (Deutsch) (HKLM-x32\...\{EE8BD24B-75E1-4BBF-86B9-91FE16ADE71C}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (Deutsch) (HKLM-x32\...\{529EFF09-750D-48B9-A47A-34A3B6248C3F}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Help Viewer 2.2 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.2 Sprachpaket - DEU) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{F09DEB00-9F41-4BC9-BA81-9F131B12B3D5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{8E4BA1E5-54E8-41F0-919B-CD875B83CFCE}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - DEU (14.0.50616.0) (HKLM-x32\...\{FA604873-01A0-4834-AF87-418534E465BB}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft SQL Server*2014 Management Objects  (HKLM-x32\...\{4F4CB3E2-9D2F-465A-854B-8276B02F4E7D}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Management Objects (x64) (HKLM\...\{03CB711D-679E-46ED-851B-C568418CF914}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 Transact-SQL ScriptDom  (HKLM\...\{F2A2DB39-2C5A-4764-AA0F-5AB112663FFA}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server*2014 T-SQL Language Service  (HKLM-x32\...\{06BE8B71-46C6-434B-869E-85C58EF3120A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{307a22b8-8353-4c5e-b67b-2404c5734558}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 mit Update 1 (HKLM-x32\...\{5790c106-6f85-49ac-8036-8ae82a465ec4}) (Version: 14.0.24720.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2014 (HKLM\...\{7F6DCED8-6A2B-4436-AF20-8F659D04E388}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft-System-CLR-Typen für SQL Server 2014 (HKLM-x32\...\{48BF289B-F3FA-4023-9251-80ABF7B726F9}) (Version: 12.0.2402.29 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mit C# erstellte geräteübergreifende Hybrid-Apps - Vorlagen - DEU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.7 - F.J. Wechselberger)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.11.6.18139 - Electronic Arts, Inc.)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM-x32\...\{3F514FDC-F0F2-3B99-86D6-F7B3A2679B39}) (Version: 4.5.51209 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6 (Deutsch) (HKLM-x32\...\{FACF2669-E25A-428A-9167-5EEDE741F3B9}) (Version: 4.6.00127 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM-x32\...\{4860C1E5-CE58-4D32-89DE-37951333B4C9}) (Version: 4.6.01055 - Microsoft Corporation)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDF Architect 4 (HKLM-x32\...\PDF Architect 4) (Version: 4.0.34.26215 - pdfforge GmbH)
PDF Architect 4 Create Module (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 Edit Module (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PDF Architect 4 View Module (Version: 4.0.12.26604 - pdfforge GmbH) Hidden
PreEmptive Analytics Client German Language Pack (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28549 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
ROCCAT Juke (HKLM\...\C-Media CM108 Like Sound Driver) (Version:  - )
Roslyn Language Services - x86 (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.24730 - Microsoft Corporation) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
SimpleNotepad (HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\SimpleNotepad) (Version:  - )
SimpleNotepad (HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SimpleNotepad) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Sony Mobile Emma (HKLM-x32\...\Emma) (Version: 2.15.14.201510090937 - Sony Mobile Communications Inc.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.16.9.201606210840 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spotify (HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\Spotify) (Version: 1.0.34.146.g28f9eda2 - Spotify AB)
Spotify (HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.34.146.g28f9eda2 - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.23.2.4686 - Enigma Software Group, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TCSS (HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\2986f393c60af42d) (Version: 1.3.1.16 - THAUMCRAFT RESEARCH HELPER)
TCSS (HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\2986f393c60af42d) (Version: 1.3.1.16 - THAUMCRAFT RESEARCH HELPER)
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.24712 - Microsoft Corporation) Hidden
Team-ELAN Launcher (HKLM-x32\...\{02E71465-AFE4-4A68-B0A5-3C3691C879C0}) (Version: 1.00.0000 - Team ELAN)
TeamSpeak 3 Client (HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamSpeak 3 Client (HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 20.2 - Ubisoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 DEU Language Pack (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 DEU Language Pack (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WhatsApp (HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\WhatsApp) (Version: 0.2.1455 - WhatsApp)
WhatsApp (HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WhatsApp) (Version: 0.2.1455 - WhatsApp)
WinRAR 5.30 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Xperia Companion (HKLM-x32\...\{8f4f39fa-087f-4e5c-84f3-1433ac7389e9}) (Version: 1.2.8.0 - Sony)
Xperia Companion (x32 Version: 1.2.8.0 - Sony) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-288855440-1587857584-130986015-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Crossfire_HD\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {03B722C9-3ED5-44EF-82DC-AB4D732117EC} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {0B6A444B-CFEA-4C87-AD59-C043D96C2E63} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-06-14] (Bitdefender)
Task: {0C1CD28F-B943-45AB-B7BE-8E73FA70F0D0} - System32\Tasks\Update Service for Youtube AdBlock2 => C:\Program Files (x86)\Youtube AdBlock\Okf2aCN.exe
Task: {0D0F1CCC-C39A-4A9A-8328-0E0FEBEA414D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {10B45967-D3FE-4180-B8C1-70EBA079A40B} - System32\Tasks\Update Service for Youtube AdBlock => C:\Program Files (x86)\Youtube AdBlock\Okf2aCN.exe
Task: {12409727-2BC2-40F2-B5BF-38736DD51E74} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {13F82722-4A8D-4987-AA7B-C1F6C7B17ED0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {16546C53-62C5-48A7-8F6B-ED7CCEF312F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {19946831-151D-4C1D-B513-528450613A4E} - System32\Tasks\4c6eafcdf1ccde1dca49300c8e6ac84f => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File C:\WINDOWS\4c6eafcdf1ccde1dca49300c8e6ac84f.ps1 <==== ACHTUNG
Task: {19FD6172-39F1-4D95-B66B-B45DC956BB37} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {1A590FD1-2723-4510-A950-F089245D9FE0} - System32\Tasks\Reoqucultsterke Mapper => C:\Program Files (x86)\Nevusygerwersh\ReoqucultsterkemppCdr.exe
Task: {1B76CA70-5B82-4B0D-88F4-290133870C27} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {2C74342F-6991-48DD-B43B-2B06A7437196} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3019A36A-E4FB-4982-85CD-629F7B7EB0F6} - System32\Tasks\{0681938D-4E8B-4C9B-8322-DA55158A383F} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=deDE --uid=battle.net --displayname="Battle.net"
Task: {34093819-0357-4AFC-AF33-8692CAA113EF} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3A0DBA06-C893-4489-8998-8D315984CCF2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {49EC0C86-355F-4EE3-9A6E-41B6054CB868} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {4E7FCCD0-A6B1-4843-BABA-ECF7EF3B663C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {5A7FD728-AA1F-4DC3-B454-4F436ADC3B37} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6827CC08-472B-4082-B270-23FCBBEA239E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> Keine Datei <==== ACHTUNG
Task: {841D2B5A-08FD-4BEB-895B-240979235A5E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {85E2F4BA-17C0-420C-9948-802555DFD119} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {8E12F9B7-368C-45CA-B3C9-5AA63C7B6747} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {8E29A291-BF95-4934-80E2-A847A24980E3} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {8F821C14-793F-400B-9265-DA081362F424} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {9103782E-A8AD-4DF6-B4F8-B169EFBA03BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-03] (Google Inc.)
Task: {963D80A5-7680-4376-8CBE-E7D2099BDD82} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {A3ECC9D6-C076-4D60-8E15-16265431612C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {AF529768-B830-4EE4-8F5C-CFE061BAB939} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {AFF82AC0-4F84-44E4-B99A-2D54BD299B04} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2016-07-14] (Avira Operations GmbH & Co. KG)
Task: {B070F8F1-E072-4423-BC20-6933077B3551} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {B54CEE19-D968-44F7-A9A2-4A0CF71C83C3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {B8C3C573-E76B-4CF0-9C87-A0349C1A7F94} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {C2D6FCD4-2257-420A-B2EA-E10F39FA0505} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {C537A78E-02C5-48E4-B4BC-75405C6C4FA5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {D0969457-4F1F-45D0-9E48-600206A0B61B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D5490FD3-6B4A-4FF2-AB66-F2EBBFE1C8D7} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {DBD6A389-84F7-4E2F-BAE3-EB4DD6690DDF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {DD7D8A66-BB3A-4FA1-8947-4F28E2487D73} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {DE3476E9-97D1-45DB-A166-CF25EBD5013E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E40AC3C1-DFBC-4A24-B531-DC41BFC1F817} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2016-08-03] (Enigma Software Group USA, LLC.)
Task: {E57F69EF-E582-40E9-948B-CB218082CAF4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {E58A9822-D1F6-41F4-98AA-FF1DF222C1C7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {E7EFA255-3ECE-4F9B-B18B-A80B45B7286B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {F7DC0386-5E90-48AC-8C96-7EBD72570D4E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Update Service for Youtube AdBlock.job => C:\Program Files (x86)\Youtube AdBlock\Okf2aCN.exe
Task: C:\WINDOWS\Tasks\Update Service for Youtube AdBlock2.job => C:\Program Files (x86)\Youtube AdBlock\Okf2aCN.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\Crossfire_HD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\26f6af815f3d1884\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=jaientgrinerlykerhule

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-08-02 22:19 - 2016-08-02 22:19 - 00138752 ____H () C:\Users\Crossfire_HD\AppData\LocalLow\Youtube AdBlock\local64spl.dll
2016-08-02 22:19 - 2016-08-02 22:19 - 00138752 ____H () C:\Users\Crossfire_HD\AppData\Local\Temp\local64spl.dll
2016-08-02 22:19 - 2016-08-02 22:19 - 00138752 ____H () C:\Users\DefaultAppPool\AppData\LocalLow\Youtube AdBlock\local64spl.dll
2016-08-02 22:19 - 2016-08-02 22:19 - 00138752 ____H () C:\Users\DefaultAppPool\AppData\Local\Temp\local64spl.dll
2016-08-02 22:19 - 2016-08-02 22:19 - 00138752 ____H () C:\WINDOWS\Temp\local64spl.dll
2016-08-02 22:19 - 2016-08-02 22:19 - 00138752 ____H () C:\Users\Crossfire_HD\AppData\Roaming\Mozilla\Firefox\Profiles\et8nOPA3.default\local64spl.dll
2016-08-02 22:19 - 2016-08-02 22:19 - 00138752 ____H () C:\Users\Crossfire_HD\AppData\Local\Google\Chrome\User Data\local64spl.dll
2016-04-09 01:18 - 2016-06-14 22:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-09 01:18 - 2016-06-14 22:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-04-09 01:18 - 2016-06-14 22:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-04-09 01:18 - 2016-06-14 22:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-04-19 01:55 - 2016-04-19 01:55 - 00187824 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-03-13 22:56 - 2016-03-13 23:02 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-01-30 23:29 - 2010-08-26 18:48 - 00285152 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2016-07-12 21:49 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 21:49 - 2016-07-01 06:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-20 16:06 - 2016-05-20 16:06 - 00959168 _____ () C:\Users\Crossfire_HD\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2014-05-01 16:13 - 2016-07-21 15:20 - 00592384 _____ () C:\Users\Crossfire_HD\AppData\Local\MEGAsync\ShellExtX64.dll
2016-05-27 14:19 - 2016-05-27 14:19 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-05-18 00:42 - 2016-05-18 00:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-04-09 01:18 - 2016-06-14 22:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-04-09 01:18 - 2016-06-14 22:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-04-09 01:18 - 2016-06-14 22:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-04-09 01:18 - 2016-06-14 22:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-02-10 07:51 - 2016-02-10 07:51 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 21:51 - 2016-07-01 05:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 21:50 - 2016-07-01 05:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 21:50 - 2016-07-01 05:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 21:50 - 2016-07-01 05:22 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-07-12 21:50 - 2016-07-01 05:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 21:50 - 2016-07-01 05:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-12 21:50 - 2016-07-01 05:21 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-10-30 09:18 - 2015-10-30 20:46 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2016-06-03 16:26 - 2016-06-03 16:26 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-06-03 16:26 - 2016-06-03 16:26 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-03 16:26 - 2016-06-03 16:26 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-03-04 13:46 - 2016-03-04 13:47 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-04-09 01:16 - 2016-03-22 04:37 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-08-03 07:07 - 2016-07-19 03:31 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.82\libglesv2.dll
2016-08-03 07:07 - 2016-07-19 03:31 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.82\libegl.dll
2016-08-03 07:10 - 2016-08-03 07:10 - 00317440 _____ () C:\Users\Crossfire_HD\AppData\Roaming\.minecraft\versions\1.9.2-OptiFine_HD_U_B3\1.9.2-OptiFine_HD_U_B3-natives-20326945752345\lwjgl64.dll
2016-08-03 07:10 - 2016-08-03 07:10 - 00382464 _____ () C:\Users\Crossfire_HD\AppData\Roaming\.minecraft\versions\1.9.2-OptiFine_HD_U_B3\1.9.2-OptiFine_HD_U_B3-natives-20326945752345\OpenAL64.dll
2016-08-03 07:24 - 2016-08-03 07:26 - 03712064 _____ () C:\Users\Crossfire_HD\Downloads\AdwCleaner_5.201.exe
2016-01-30 23:29 - 2010-07-09 17:38 - 00331776 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2016-04-05 21:12 - 2016-08-03 07:04 - 52042352 _____ () C:\Users\Crossfire_HD\AppData\Roaming\Spotify\libcef.dll
2016-04-05 21:12 - 2016-08-03 07:04 - 01741936 _____ () C:\Users\Crossfire_HD\AppData\Roaming\Spotify\libglesv2.dll
2016-04-05 21:12 - 2016-08-03 07:04 - 00087664 _____ () C:\Users\Crossfire_HD\AppData\Roaming\Spotify\libegl.dll
2014-05-01 16:15 - 2016-07-21 15:19 - 00564224 _____ () C:\Users\Crossfire_HD\AppData\Local\MEGAsync\ShellExtX32.dll
2016-01-30 23:33 - 2016-06-14 22:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\amazon.de -> hxxps://amazon.de
IE trusted site: HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\amazon.de -> hxxps://amazon.de
IE trusted site: HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\amazon.de -> hxxps://amazon.de

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-288855440-1587857584-130986015-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Crossfire_HD\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\vans_off_the_wall_by_ceejaydejesus-d5z6a6j.jpg
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Crossfire_HD\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\vans_off_the_wall_by_ceejaydejesus-d5z6a6j.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\...\StartupApproved\Run32: => "Avira SystrayStartTrigger"
HKLM\...\StartupApproved\Run32: => "avgnt"
HKLM\...\StartupApproved\Run32: => "Avira System Speedup User Starter"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "FreePDF Assistant"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\StartupApproved\Run: => "Sidebar"
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-288855440-1587857584-130986015-1000\...\StartupApproved\Run: => "SimpleNoteApp"
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Sidebar"
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "SimpleNoteApp"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{5EF3CE5A-5FCF-4499-AF8D-C1537822FE52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{61BC6AF0-D27B-4F17-9158-4AACB45AC9E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{40C0E97D-3FB7-4721-A423-09865CE5BDB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{A443B6FA-8735-47F9-BDE6-409E85DBB983}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{B915A188-F426-4198-A154-EACC9541F7C4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{89A159FD-34A1-425F-8D76-2F9F0536A640}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{464F63F2-ADD0-4FAB-A0AE-0A03B1FC5D79}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DAF89BFB-2D75-4C68-9FDE-580BDA3736C8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9CA29EEA-430A-48B6-8226-B70122938B5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{8EE749A3-B783-43A3-A2A7-B255CC2A90E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [UDP Query User{271BBA05-1BBD-46DC-86BC-B1251C425E0E}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [TCP Query User{FF36982C-09CD-444D-9E06-6C1CA212B9AD}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{24787684-9BE1-41E4-965B-7D7A075204F2}C:\users\crossfire_hd\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\crossfire_hd\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{F77AEB34-F461-40AB-BFEB-3308BA17F226}C:\users\crossfire_hd\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\crossfire_hd\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{B08C78AD-FF20-4B5F-99AD-5677A05AAD4A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{88B404FC-7F10-4109-8DDC-B023E08C35F0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EC190D54-2015-4178-8CE4-CBA23864EFEE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C101FC18-5250-4905-9442-A275DC403A70}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{77BDA175-4E2F-4343-8F7C-77954AFE09B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{FF0E8C0D-16A0-47B7-A8FF-6F1D1891933D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{D4DDF5BE-CE67-46D3-B8C0-4E49563597E8}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\DeviceSetup.exe
FirewallRules: [{E0703A42-3640-431C-8E7D-CDD5F42AD68B}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{8959406C-9A0B-4E3C-8536-61D71030A130}] => (Allow) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{874885FE-F0B2-473C-BF28-B621492C525A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{273F825A-7CAE-4ADE-9F54-70402380C3DB}C:\users\crossfire_hd\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\crossfire_hd\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{8803B7F4-175B-492B-8E71-CD0B55317D5B}C:\users\crossfire_hd\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\crossfire_hd\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{A55EA6B5-1A55-457D-B063-FB670AD31F7D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{93EA1D0C-C124-4438-BBDA-C8C27F1B220E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2925B00B-867C-4DD2-8A38-68CB724D5E4C}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{BFCCF9AC-2CEF-4921-9434-AAE3E96C64E9}C:\users\crossfire_hd\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\crossfire_hd\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7FCF6CEF-7F45-4DB1-8C30-3848DDD98314}C:\users\crossfire_hd\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\crossfire_hd\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{251EBECF-F7EC-4431-896C-3F8A2FCE0C3C}] => (Block) C:\users\crossfire_hd\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{4DE2F103-F0AE-42B7-BCDD-84184917EE32}] => (Block) C:\users\crossfire_hd\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{836EAA45-EADB-4A2E-8F07-AC22C7E64E01}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9E297BA3-3E9A-40B7-8490-58975FEA3309}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CD066CA8-57FB-4954-A4CE-083EDBD7DB01}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3B09FAE8-9364-4E5C-9CC7-179961BFE279}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{C2B5EAE5-033D-4A49-9182-E070A7B04DE5}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{8329CD47-6EFA-451F-AE44-F80108EE9CB6}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{15014D23-FAFE-49C6-8AB9-FDD694882C3B}] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{EB774CE1-F27C-4D08-AF0F-0028D06689CF}] => (Block) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{D56DF930-9AF2-44CD-8E48-D882FA6058EC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3153A4A6-5F28-4ECB-A10E-B9F60BABFDEF}C:\users\crossfire_hd\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\crossfire_hd\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{75CBA290-589C-4E16-8937-44C69E70E540}C:\users\crossfire_hd\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\crossfire_hd\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C6CE97E8-646C-4E1E-BFCF-C4FC8A206DBE}] => (Block) C:\users\crossfire_hd\appdata\roaming\spotify\spotify.exe
FirewallRules: [{020AA45B-A6D6-4254-B5CF-9B0EFA3D7866}] => (Block) C:\users\crossfire_hd\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4EB26D04-98A0-44FF-8FFE-437C1AE8A9A9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DD3FF646-47C6-400B-B9DD-61EAF5401E75}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{959743B3-D063-4AAF-8920-2805E179F37C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BAA37FC3-EA46-4403-96D9-3D77D921D208}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9FFCA6EC-D175-458D-B6F1-1D48552E736F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{BF1F1B48-CC37-442E-A29D-D9A2E21CE4CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{06ACC150-ECD3-48E1-BD15-0F3CE375790D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{89E441BF-D92D-426C-815B-2946DAB563EB}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{822864CA-0C70-4131-9734-E8A5B2E831F7}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{B00F9E88-1389-4F1F-BD9A-9240F8C62480}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{E60C83CD-09E6-4C38-BE0D-0168F6AAF846}] => (Block) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{9B2B2B53-D986-40A0-A6C0-3284AAB94741}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{97919623-A009-4B6B-BD75-AC0154CF4FB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [TCP Query User{A9F2D2D2-1A26-45F0-B51D-30CA2324A05F}C:\users\crossfire_hd\desktop\neuer ordner (2)\bin\javaw.exe] => (Allow) C:\users\crossfire_hd\desktop\neuer ordner (2)\bin\javaw.exe
FirewallRules: [UDP Query User{56F4FCC7-720F-4C6C-8377-AD740194AA3D}C:\users\crossfire_hd\desktop\neuer ordner (2)\bin\javaw.exe] => (Allow) C:\users\crossfire_hd\desktop\neuer ordner (2)\bin\javaw.exe
FirewallRules: [{623D7AAD-9442-4EC5-B14B-12415EE8C128}] => (Block) C:\users\crossfire_hd\desktop\neuer ordner (2)\bin\javaw.exe
FirewallRules: [{9CDF9B88-C90E-4B21-B68D-12743AFBFA6D}] => (Block) C:\users\crossfire_hd\desktop\neuer ordner (2)\bin\javaw.exe
FirewallRules: [TCP Query User{97CEC51A-EF86-4825-8CB1-E6760EBAD383}C:\program files\java\jdk1.7.0_79\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\javaw.exe
FirewallRules: [UDP Query User{5308EDF0-8BD0-4B64-9DEA-E8ED8D31C6A0}C:\program files\java\jdk1.7.0_79\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_79\bin\javaw.exe
FirewallRules: [{85EA38C6-60AB-4F7A-9D87-FBB0A4173896}] => (Block) C:\program files\java\jdk1.7.0_79\bin\javaw.exe
FirewallRules: [{C4DEEE0B-4D19-4F8A-8F61-2D5A447C1874}] => (Block) C:\program files\java\jdk1.7.0_79\bin\javaw.exe
FirewallRules: [TCP Query User{503B7353-60C0-469C-8206-F3EB55A2680F}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [UDP Query User{F3792FA2-20A8-4B92-82BB-24C22D7E3A8D}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{502912E2-A8E3-4928-8DBE-215F91FA4D15}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{1D40FD7F-CA06-463B-8E30-CA72DC8966F2}] => (Block) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe
FirewallRules: [{554B4F15-A35D-4D55-A6CE-79C8454042A7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2C6EEBD1-42B0-4BEF-86DC-458D23011B60}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4A106C42-AF83-4630-AB49-B182ECA4CCEA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{72368A6B-FA8F-4FA2-A740-A093F9FFF9ED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{56C04943-E89A-4934-86DE-07992A6435F3}C:\program files\java\jdk1.7.0_79\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_79\jre\bin\javaw.exe
FirewallRules: [UDP Query User{372EE4F6-ADCC-4F45-901C-AE83590C5BB8}C:\program files\java\jdk1.7.0_79\jre\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_79\jre\bin\javaw.exe
FirewallRules: [{68B96CF5-9ABA-442A-8506-BBC39FB8BF6A}] => (Block) C:\program files\java\jdk1.7.0_79\jre\bin\javaw.exe
FirewallRules: [{7B387F09-B494-48B7-B442-0C7C24B4CAB0}] => (Block) C:\program files\java\jdk1.7.0_79\jre\bin\javaw.exe
FirewallRules: [{CA99C704-E03F-4EE0-BA93-08FE77AE6C1A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [{47C4EE5D-4248-47C1-B7C3-FE7D5445D814}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{05AE53B6-E876-49AF-9753-F595F5DB072D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{62563AC7-0D40-4984-A23C-C02A15E4DB3E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{31A8DD71-C335-42EE-BB16-EC12DEB4581A}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{32374964-B9FF-4ABD-8B6D-0E631ADED40D}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{F733A6CA-4137-421F-A5A7-99FD191FC8C9}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{3CE9BD81-F1A6-4FEB-845B-ADB1B6A5864C}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [{97C9FF9E-BA72-4789-89D4-3EF3CB69A51A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{449316A9-EBB8-4737-99C1-EE9BE7CAA1C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [TCP Query User{C5A7BAD6-1340-40FD-B07A-F933EAB3006D}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{9C6BF01C-F4BA-4018-8C28-A73C5DFB0297}C:\program files\filezilla ftp client\filezilla.exe] => (Allow) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{584F97A6-DF55-425B-A66A-F7397F3F9EFC}] => (Block) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{978EFA41-EA34-4993-AF4B-4312D858426A}] => (Block) C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{FF0F4D96-2380-4C1C-8D8E-C8B82CD0F9EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{9C523F85-575B-4C42-ACAA-3487662E695F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{B6E7C1B5-8B4A-4B3B-91AB-91A9BF682AF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{90306B6E-B245-40E9-A0CD-3B8F2F626572}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{5CCD9B34-8985-4DEA-A576-70FFC4BB133F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{942D50C2-DC74-4144-998C-538D62D83151}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{952CCE90-01F3-46B5-BB75-6CA0ECF818FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{B3508DE4-7C5C-49F4-9960-BEA755AE5226}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{937A63A8-C6DD-472B-BB07-E1A802F4B946}] => (Allow) C:\Program Files (x86)\Sony Mobile\Emma\Emma.exe
FirewallRules: [{EE5B3824-001B-475C-BA7C-678EF00838B0}] => (Allow) C:\Program Files (x86)\Sony Mobile\Emma\Emma.exe
FirewallRules: [{F9D56BA1-44C4-4A70-B192-9E56DCF267FD}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe
FirewallRules: [{DA733C7B-7F50-4C2F-908D-A0384C4233EF}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{B3409589-296B-48CD-81AE-019E68AAE8D8}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [TCP Query User{7771E9DA-C11C-4771-9CAE-CD88127ED2B1}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{2BA25583-650B-4689-8516-356F42B2E679}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{B9D82093-A02F-44E6-86C5-AF434C799451}] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{C63DF258-8DB9-4A5B-98C5-C1BF436C9A9B}] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{A6C7413A-1EBF-4A9B-9FF2-5B2A1E95939F}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{18519D2B-1AC9-4595-AF0F-DDA4D1E1B2EE}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{92FC2F6D-5A95-43C5-86D0-3116B4A2498D}] => (Block) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{0E22687F-7619-4659-96D6-F515CB21C493}] => (Block) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{C3F1A4EE-6B11-4F83-96A0-2730062612FD}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{E3AD4811-0940-415A-9F0E-31D90FDD7843}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{3767DB84-EE01-4CB6-AE54-F901A7ACDA06}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{63AC1CB5-FB14-478C-8F4A-2A013ED2D67F}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Tom Clancy's Rainbow Six Siege\RainbowSixGame.exe
FirewallRules: [{0FFAECCD-2F78-4BC7-B15A-5B4FF120F922}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{957724D8-A382-4EDF-A1C0-5E82923B86D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [TCP Query User{038B1896-8459-46B8-99BF-40B2EA3C39A2}C:\users\crossfire_hd\desktop\golf with friends\golf with friends.exe] => (Allow) C:\users\crossfire_hd\desktop\golf with friends\golf with friends.exe
FirewallRules: [UDP Query User{FA226547-1920-4108-8D73-50C15AA69FA7}C:\users\crossfire_hd\desktop\golf with friends\golf with friends.exe] => (Allow) C:\users\crossfire_hd\desktop\golf with friends\golf with friends.exe
FirewallRules: [{44D5B824-868E-4755-A97F-C73196B3C307}] => (Block) C:\users\crossfire_hd\desktop\golf with friends\golf with friends.exe
FirewallRules: [{AAB4D1EB-10FD-4A9F-9A0C-84BDB6496128}] => (Block) C:\users\crossfire_hd\desktop\golf with friends\golf with friends.exe
FirewallRules: [{73F107F5-8BBC-4EB4-AA9F-F9EBF4BA922B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

25-07-2016 20:32:37 Avira System Speedup 2.5.5
02-08-2016 17:13:14 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (08/03/2016 07:18:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CROSSFIRE_HD-PC)
Description: Bei der Aktivierung der App „Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/03/2016 06:07:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d8f0
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.10586.306, Zeitstempel: 0x571af2eb
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00000000000a9ba0
ID des fehlerhaften Prozesses: 0x5098
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (08/03/2016 02:06:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d8f0
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.10586.306, Zeitstempel: 0x571af2eb
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00000000000a9ba0
ID des fehlerhaften Prozesses: 0x1c68
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (08/03/2016 01:37:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: backgroundTaskHost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d8f0
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.10586.306, Zeitstempel: 0x571af2eb
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000ee6fc
ID des fehlerhaften Prozesses: 0x29bc
Startzeit der fehlerhaften Anwendung: 0xbackgroundTaskHost.exe0
Pfad der fehlerhaften Anwendung: backgroundTaskHost.exe1
Pfad des fehlerhaften Moduls: backgroundTaskHost.exe2
Berichtskennung: backgroundTaskHost.exe3
Vollständiger Name des fehlerhaften Pakets: backgroundTaskHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: backgroundTaskHost.exe5

Error: (08/03/2016 01:37:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NetworkUXBroker.exe, Version: 10.0.10586.420, Zeitstempel: 0x57491d98
Name des fehlerhaften Moduls: NetworkUXBroker.exe, Version: 10.0.10586.420, Zeitstempel: 0x57491d98
Ausnahmecode: 0xe0464645
Fehleroffset: 0x000000000000a6d6
ID des fehlerhaften Prozesses: 0x253c
Startzeit der fehlerhaften Anwendung: 0xNetworkUXBroker.exe0
Pfad der fehlerhaften Anwendung: NetworkUXBroker.exe1
Pfad des fehlerhaften Moduls: NetworkUXBroker.exe2
Berichtskennung: NetworkUXBroker.exe3
Vollständiger Name des fehlerhaften Pakets: NetworkUXBroker.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: NetworkUXBroker.exe5

Error: (08/02/2016 11:57:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NetworkUXBroker.exe, Version: 10.0.10586.420, Zeitstempel: 0x57491d98
Name des fehlerhaften Moduls: NetworkUXBroker.exe, Version: 10.0.10586.420, Zeitstempel: 0x57491d98
Ausnahmecode: 0xe0464645
Fehleroffset: 0x000000000000a6d6
ID des fehlerhaften Prozesses: 0xe18
Startzeit der fehlerhaften Anwendung: 0xNetworkUXBroker.exe0
Pfad der fehlerhaften Anwendung: NetworkUXBroker.exe1
Pfad des fehlerhaften Moduls: NetworkUXBroker.exe2
Berichtskennung: NetworkUXBroker.exe3
Vollständiger Name des fehlerhaften Pakets: NetworkUXBroker.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: NetworkUXBroker.exe5

Error: (08/02/2016 11:56:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.ServiceHost.exe, Version: 1.1.67.18988, Zeitstempel: 0x57836066
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.10586.494, Zeitstempel: 0x5775e78b
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000bdae8
ID des fehlerhaften Prozesses: 0xb00
Startzeit der fehlerhaften Anwendung: 0xAvira.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.ServiceHost.exe2
Berichtskennung: Avira.ServiceHost.exe3
Vollständiger Name des fehlerhaften Pakets: Avira.ServiceHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Avira.ServiceHost.exe5

Error: (08/02/2016 11:56:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.IOException
   bei Avira.OE.AvConnector.AvEventRepository.ReadAll(System.String)
   bei Avira.OE.AvConnector.AvEventRepository.GetLastEvent()
   bei Avira.OE.AvConnector.AvEventRepository.StartDatabaseMonitoring()
   bei Avira.OE.AvConnector.AvEventRepository.Initialize(System.String, System.String, Int32, System.String)
   bei Avira.OE.AvConnector.AvStatusReporter.GetDatabaseReader()
   bei Avira.OE.AvConnector.AvStatusReporter.GetLastEvent()
   bei Avira.OE.AvConnector.AvConnector.GetAvStatusData(Boolean, Avira.OE.WinCore.Interface.ServiceEvent)
   bei Avira.OE.AvConnector.AvConnector.RefreshDeviceState(Boolean, Avira.OE.WinCore.Interface.ServiceEvent)
   bei Avira.OE.AvConnector.AvConnector.Start()
   bei Avira.OE.ServiceHost.ServiceHost.StartServiceModules()
   bei Avira.OE.ServiceHost.ServiceHost.Initialize()
   bei Avira.OE.ServiceHost.Program+<>c__DisplayClass1.<OnServiceStart>b__0(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/02/2016 11:50:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CROSSFIRE_HD-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/02/2016 11:50:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CROSSFIRE_HD-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (08/03/2016 07:18:59 AM) (Source: DCOM) (EventID: 10010) (User: CROSSFIRE_HD-PC)
Description: MicrosoftEdge.AppXeb42j1vh6rk395pm0vmcx57dxqjhej5d.mca

Error: (08/03/2016 06:58:03 AM) (Source: DCOM) (EventID: 10010) (User: CROSSFIRE_HD-PC)
Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}

Error: (08/03/2016 03:10:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenzugriff_4d38f" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/03/2016 03:10:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Benutzerdatenspeicher _4d38f" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/03/2016 03:10:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Kontaktdaten_4d38f" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/03/2016 03:10:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_4d38f" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (08/03/2016 01:46:33 AM) (Source: usbehci) (EventID: 4) (User: )
Description: A timeout occurred while waiting for the EHCI host controller Interrupt on Async Advance Doorbell response.

Error: (08/03/2016 01:38:59 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.

Modulpfad: C:\WINDOWS\System32\bcmihvsrv64.dll
Fehlercode: 21

Error: (08/03/2016 01:38:35 AM) (Source: DCOM) (EventID: 10016) (User: CROSSFIRE_HD-PC)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Crossfire_HD-PCCrossfire_HDS-1-5-21-288855440-1587857584-130986015-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (08/03/2016 01:38:35 AM) (Source: DCOM) (EventID: 10016) (User: CROSSFIRE_HD-PC)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Crossfire_HD-PCCrossfire_HDS-1-5-21-288855440-1587857584-130986015-1000LocalHost (unter Verwendung von LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742


CodeIntegrity:
===================================
  Date: 2016-07-16 23:10:04.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-15 07:20:04.303
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-14 00:52:29.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-20 00:41:26.820
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-17 05:23:03.555
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-17 03:20:46.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-22 13:34:36.268
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Overwolf\0.94.107.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

  Date: 2016-05-22 13:34:36.266
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Overwolf\0.94.107.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

  Date: 2016-05-20 02:04:49.384
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Overwolf\0.94.107.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

  Date: 2016-05-20 00:56:06.254
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Overwolf\0.94.107.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: AMD FX(tm)-6300 Six-Core Processor 
Prozentuale Nutzung des RAM: 65%
Installierter physikalischer RAM: 8091.79 MB
Verfügbarer physikalischer RAM: 2788.22 MB
Summe virtueller Speicher: 16283.79 MB
Verfügbarer virtueller Speicher: 8058.02 MB

==================== Laufwerke ================================

Drive c: (Festplatte) (Fixed) (Total:465.32 GB) (Free:35.39 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]

==================== MBR & Partitionstabelle ==================
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 0.

==================== Ende von Addition.txt ============================
         
Hey,
soweit alles gesendet!
Hab paar Spiele gespielt und da ist mir aufgefallen das es eigentlich ziemlich gelaggt hat (von der Grafischen Leistung) ich denke das kommt auch daher!

Danke für die schnelle Rückmeldung!

-Crossfire

Alt 03.08.2016, 08:00   #5
Warlord711
/// TB-Ausbilder
 
Windows 10: Trotux - Standard

Windows 10: Trotux



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
cmd: type C:\WINDOWS\4c6eafcdf1ccde1dca49300c8e6ac84f.ps1
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 03.08.2016, 08:12   #6
Crossfire_HD
 
Windows 10: Trotux - Standard

Windows 10: Trotux



Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-07-2016
durchgeführt von Crossfire_HD (2016-08-03 09:11:13) Run:1
Gestartet von C:\Users\Crossfire_HD\Downloads
Geladene Profile: Crossfire_HD &  (Verfügbare Profile: Crossfire_HD & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
cmd: type C:\WINDOWS\4c6eafcdf1ccde1dca49300c8e6ac84f.ps1
*****************


========= type C:\WINDOWS\4c6eafcdf1ccde1dca49300c8e6ac84f.ps1 =========

$lnlfd = "01000000d08c9ddf0115d1118c7a00c04fc297eb0100000039d2ea92e86fac48ab8f647cf35a520a0000000002000000000010660000000100002000000015991e5906da1b8614eb454ac8e56c4ede36f32c72e50e60b73346ad0981bcd7000000000e800000000200002000000092d28a62bf2f8e9a39e34ac82a05d314c0e2496f542bd7d51f957d9cc41105c7403c0000f9c830133d5de96288684254c49876f05df7734466b695457ee19d5ec755acce2e2072cbb37a15a70a4e0b06efa2b867dfa498b7b657fbe21889b15240d999ef736ef777180ef2be41dc8f55f02b6cd86dc7b6c765e168dec3ba3992b2d72d6e84341be9ef8f1de94cc523acc940961e7cc8ea8e288afdd6a7f5cae1bffb53e1130ec3b58b4bf9bb9177ea096c03b34b9c849d9d1b35530e500c198f1b9adb9446d1e4ff10639a89e5e84d6e53135f4e3d0de82ac022bd86eedb39f5a49b6c849f81c3c5d6c034ae9a09cb1092de08e31a96cd1c899da394a7cae57ac1a7369bea08734b6d0b3b74693e0da3def6078da1f67b265848832dde8ede946b700d1f46377a14fb7a779c707d457e3dced45fc83281df7eb43416a9e896dd7a79be63fe952ac8649b9675e20a1cfbc48dedbd236bf542f938f1f67ed63444435a75ff23bed03c2a56c206d2b7587c7a895607b10549b93f9a1fd7131c343ecee9330613908f7f050678bc8773513aa3ad88b56303471bfab2bc2fe05ec6f295cc3a144b703cbd6c4e2d8684245633b761f55bedbd47c87bd131971f3eb87c3d675e076f387f0ae063902dc17e676f40bb6da36ed7d2f4ffb07e2a5afd00a91e740958bc1e61fea679172468a138d7af3eb3fec49ab4c7ecdfe6e346020404fff3fb04088dbcb28ac926d589ce3d67eaaee0858462a055f7f12135f29ff21fd3c47891464108cbb60d2c5316dff93ef905e13ca240353b04dd1899632e259c70221df26c0b9db9ed03793ba7f6804ebecf3755e3695eba3a3b4914788f0cdddb91ec5568b1f3fd154e78ebf5da2a45c1a64d83c2760e83ef162a4011b854070597c6c20d0487d309dac84ebbf03721f9ee9e5d70467fd9e127dc603a7d6c90274671c07430f1c8e93b42852c5bd5e128bf19f95b283db5b2e833c9b469861df7386e8cf917bc9e21633c06a6128cffed33ff493015f6e3a02f7c6b2d900a67f37653a5eac65110c72c107ec3924036ca7dfc731b06c83d62dfb725ff6b93ebc46fc3b114f5e2175798ce44c6b4f27bee912ea8f61e43bf3a694c8f905c59ab62568c029799edfedd0b8f5565187d3d8d85f9245ca2175317a5080ffd8ae94a4b85f3866f5eb27b72012bb589917c4a74f24a67d300217266d9d91f2cc26e46dea2a449f189b7daac7a5a35a571283d1f17b7f2086b5c6072b128352c670ac4beb7fa469d3c4a30afc49569c8861eb4b4a230d13b1b9f9edb35feb0a4c48cdc9a34f3304c6e257b01c7797b780617bb9b67e74ce343b94f2d21f1d712858702efcc7cf5aef0aadb454508330c25617c91f9fbb4421f4668f419644dc056af7cf9b3c42e7ed7e4280d361148259849d264ad39a923f8e61e5097c929d6fda042987b05599dbe2dc93e10bea7bdb14329501b9a22b74728ffad05fb87be87f19bc82e7f0c21233960c2297ef0c7d06e6c8f162f1e0b09ae628f1039582f44a15edfc2403052ff1402045bf4a617d48afa936aaf5fd506b8cf1c106ad24aec55bdfa1eaa0995e477603ebfa75a25f810f2b6e40578b259aa73bbbe3b01cff3686eed2b2f3e31ceec299e38cc32554905d3d4a1b8c37d5517110d06a41a2d3c16604df5fbab61594fdba4bf6e09800c8ee43a2e2c15cb0a2cfc1f707b4bdfdad1a9db3c893a12d93d4b7e3803d81d139a8e8fcfc13949f415777f827020f7f5912eef261fbe9409da03ceac5bf37f826da2dfa93fb9f0a720cb54fa786944fddbf64594f194611d6d6756ab930806062f695a19a5ffa40a5612624d1d5a5b7cc67b166dc3849b69ad34f0f2d11cdfdd4968f41abfa77786fdf6445dd6f2a7f94212ba3d337e0ca4400e105617d2e5af74f0db8003b9e48869432e408209c27b79e29ccd9b93a2f8808629d3ac99aef418138c9f1ddf974c1e0d1df07cd1ad2b0130ef208ece33100b44a089f27943844bcc7f4017f723180afc4f90fb7e62926c6bc414da3ded722bbc6063bd7f702e9f4404940dd83ed3c2aab534c06c77743a43e2f387ad902620010ab135b958c2a724f3087d9829ae5f192d635a11d8107889447560089346253570d8072be7dddcbdcef360e6734e5f4a84ddf22838b1429de81b5f0ecfaf8652fad1e46389c74644c6506891db25d3dc91d8866929fb5960438ea51a78afc099f1049f81f91a42d469b9d1813d6cff3db3ebec4a538fee109dc9dcaf9bf926ad4c79f7651c7909d8b68059ed9557aa84b97642eb86674cdbc666eb336f3b536f84a078435ff334111cd54e72d43aeb41b2c8f5e4e989ef4a7a8eb286f5e65dfbab3e71f639379537edfa6a6a9034c25a425540a8bc72406777a21ee6f4903d8b6aa2c9742daa6793dde03fb7b51c2d1ef71fc567d792a8c62ec112092d9742ccbe30f8aeb824711d399a94a0f9f350494dd15d77f1b6e9f41c9ecc3edf45305ca3d6f7677d3322f1fc262f7c4520b1e4bb74f125ba77c743e05da2bdab4fad8679ad0def11760b07a2fe4e6e53d37e37a6b8c87a9837a866b2fbdd5899c2977dfdf1ef7e53d732eafd0c93ad2a92996125ed3f51fde97dbeb263d3369bc3ad381948011aede97c6a09b8a272c4d10d7996c0b259ff0b50190b36080b68a2113ebbdfbe84cbe193274f9c89b073ef683654262b0be752b995a1f9a2c30a8403ccca2d1023587082052f4d63bbe7725413b3caca1b8e7344c2b39225f57a412176bacb6c8b1ff1b7531988898be4402a9369c7312daf277441f8791700f5553daea4d17162983b64c3aa50d8cea0d89472e49e3e5463f0eb40d3f99030a0cbb0ad55df462b1eade5b946ba0eed1d94f3db5bc41d52054069cf3602e566998a93851bda77bb7e310cb0a7bbf8d782f37b0bc7d93417d9a95876da7103b666b6336f97552d35139ff72e5024f35df14f3fce1c9daea7b919a582132c592114b9a7c5194ffcf28e044d7176564e198dc15541d9553507e39af18790ae1dbaebae664a4572feab9690cfb9da431d3a9ef1ff5dcd42c35fc028753f37abc256a0359b13f101286e0e38ccb41c07c159d00fc13d50f86bc610891867708bc8ac00d6d8158121caba18f1b5348b5701604196b02f280185253e0c69b423d061bc689b04543d9a5572c69d79eef41e0b6b4f0d1b15d9ec92960d6a527b79f72157512c5a2eeb17e7ee3a00971c8d5e3004743c990a9a784a4b9729f88ea3c73424a7be6261f2f60ee1a2957345388a02c85767e90a53cad1ef2f13c8eb58279f6728d2975d248623441acf8bec8b07f5800a6ac96efcc8375eecf5d7e045dd93eb1f4704ed048b40e5c5364f0f79d0aee68653d8c23cce142ca287d39bc8690d9fe6aff7250480c5b48da7780215dbd99f0696b62850bb4aeabfe769df1fe13c9784d21dc104079cdc6f41c73a15c4bd68a448e2249fc80a7e1ca82a2343604eceaff69748b89ea48aa7b3addab614eb016dfaf0236382dd591489d07d69473f6e0b4ab7ad7db6cfddcf46f90ad9e05ae933571e1447a2c2685f8dde2e6e50577a3b9cd6e46e945bb5027f54c7dc2502f34e4b3800cc8e813409bb06c1578a2466b96f35c0a4670c4c55b7a3a32fe272035b764e6f46ea933fdc2b2749bddbb8cf034f24b73166eb1d1b434a3b1fc8a775e9a696922ae06f75a7b984d725e3231bc90476c1e44f2cf59d25e2e5fcc39f7de652b9b6b13a53be281662701871c5a3931bee665c52a1b87edd851fcb157dc052ef955e56a476f1ed74026ed6e4856ee367869aeb75665893b1cfe528bc0e16ce8272ee562704da674efc78b306bfbdcde001bc0df81c0eb81b7ecfb64e97f81a7767fb3f8bb324e39ccffbf9619fb44b8117e2a897bf9a576e36ef836ff2d65b7b0cf93c4a44a28794c445476ff0eeec53e6f11484ef182bf986e2dd4fac643557e3bf54392fce9488ce59553960c24038926f89e28637ee0d2b1a59890c7c3fb331dea78b3368a19c2f6848c29ccec3538de35db92f4b662cf5877c2b115131fbf78d15f82dccbe9074dc6279bb91ceccfc6278d5527c91f3533c1a2ad2b856e658ed959c037370344e5b34020c201c8c5b314cd9d6700a5d9b24c1e464ad1bda57758e31fe874d826e9cc193a3f01d7edc1ce0809d8059d46bb3bce2a14042fe8f53d37c30d3186f3972899d005c2812cfda25e9f2910956e2cebfec50443643cf637fe2effeeb8a8d482c79094aad175ac59183ebb03c570c7de460c79862f146acddfd2d7759f19ca0124d8595866c99d598b1df2f12d56200c645f824986145ea6267f435912ddcb929447488bdb815d02a5597c2b8401b21031182c48869c30dc554e1e1709a5321133b65e1ec370db5c3db66630c174cbc08ed79176c139b4b0640412dc5f406f8910083643ccf4f713b2398abb09de09a6952ad2aa5965250be3c723d149c562266b46838925516908402571761437247e1e5192b0688ef195dc159455c3c0b2c802d720ca315b7f5615aff5fcfd71f9b5724c9645d48406cd22902f60e4ac17e0db6b8504c89391837b7a71356680b4b991832aaaa457401e3d43e5f1bc64463b641fa303755c8c45c05ca7b9024dc1fc17c082541854af3ecb20f89461edb7f2c14a2da0b873266986f607f9c82a3b6ac97fbbe41c4bec30cf2c66fcea097f3bceb34ee7925a3718fd917ff935cbc38456bca21f7a27a9308ae11bd1ccb02c0a20e006dfae7263a88c70e6b06f14b617cb71ae9c3d633d6cc91a77f154bd16b88a40cd0d28be3ec38cb5e1544e11b7e3bcce0a8e2af03b3e44b4309ca0ca330eb9cde5c2c6277db4a2d8fa18eb6eebeeeb1dc81aeaebe6dbf52decd51abd8ad7d5329d7f9024ff584220e69680b7ecaccff6dfdd2802af304a355d6527140704afaed74b7b7ce00c3a86f48558dc9dfa6e3914cfadc885c52e37b79960c671a6108703d3cc2e64651200ff801354190183000ee7bf012e28d003302cc2a1b9f7183efd9863ad2a32afb37e50f4dfa865a2a7ba61ca5cef0627974ac0fa63e0efd829b8fc68d543f1bfc00bff128b55222454b86b1286beab2777f5afa993cf74208dc9b6d1b5223a92379a157215d6f474ff70b16a8e38d8b96e478cd29cebf9d419a5a731dcf341e35ef639ffb82b6043eb8e5cf7f079adbfcb1676b50cd91d254315c6e1c60fae902d6528a1ddd1e016b489aeab400dba5f967a3f9b50edb9c1c5c94344d82397765c5353fb230f3cb3626c6408f96a6b3dc80767cd9d70593781e5c83cead813a7acf8c9ad75c9d78fb52eefd6e14b01ae6ca48a0cce8da3a6e47e3203ff90e9cc6c8f430da43500322f111ede4f8eabcd29fdf8d18748a43cae8cbb1e76375e8ac0592070f8e0b7b2f77abc3bd449a7a7ea867bd18b8ab7e189f154d85615f15a08627f50662c8a53e6fede6dbea77f01ebe746bdde51c273b65d454afb8fd0291fbe7c19e0c62e1c7fd2559c0c3d0353c323f31ac463cb39bf1873450a9e0a269799e8f3fa644d59b154af650c8e393f63991d5090f48b0a637f92ab97d553ea4d1e491e2bcd4627a8cdb4d5382adbcc8a64464e0357a8cd24cd74d21763f838ed371a32a6152e812d3392993f5ad142f41e4438ae1e406f2de4f92dd4173f4f5d2f554e98757c47559b2ef13141725e4275af9d9624ae5ea9db30d28b35d8ca326af6896cea6349a7b68139b94399dc0c377e0ad76fc455ec64a0d7d8aef9fe559a0d2f4640efb32aa3da91aba068c51ee32045d4c5abc95bc5baa5afd159b35433774419f78cd9282b8baebd2d33cc1135480ee381d78332ce271ecc600a46cbbb87b778feaa192d1f30969c8fdaedea506ca69134160c1b346ae9121547c0baebf1db615724959f47a6d4580d7872a75e8cb6c2486462a4c16066a1af9d3b9cb6b3df0b46baf261d5c2b8e3188bce981262ec488ec0f3a63d4afbe9949ea037a8751f38c0404f8b4ef7f58f5c9e73e7a015b178b7c23cabc665fa8d78e569c048857d55bb6837eeaffee3491bbfe9aeb5f0cf56de4d95dd8623252f451ac58c44e65b6fc4bc47062bfa49cedb2bf5e4961f16b389ece4cdbbe08eb5963a05e385f5b49571c812eaf0cb1e0904f0786960e6dd6bde5b00dcf967aaa723fcab1a6f79a5b3b792a0670670dc8016efb316cffb006e344b4ebc0da900df91bd372b24ab2834c117c4f145d73c981c8ba47ed78378f87ea92276dbc11d4e32e563523e3ae25a93c6f452f03b04c8c13631799328883a33ecb5191102d5799918273a6e2a6ab70c369be525a3db54ab52f878e289734b4cc4116559e5dc44ce8639616e79916aa5e16e80e31ea9e691afe6dccd8eb82c9b10b24a44dd0b2f45cd3945085cd066bc604279e14ce1b7a3dfe300acd05fba50b8a95bd870379189e756c1a31c68d80fedbfa3a3dc60108f878cbf0d7b8516463c29f8430944e795d0aa066afe6e5abc066d99e85fd553a701f1c49a5bb69f3bac3f3f11a1acf8fd42d569fd8606847923747a9ae869237e9afe526636016eefb23d8ec222ac03b77e20171d8646c817ee3ea69f04df82b5852f0e6362f7d5b1dd90f99a3ec2c31f33eb61a87d270cdb027f236a222b18955955fae4aab049997248d0f6a0d8e8197e303d42e4abd3e5366a709f589aaad8ee0a44721e8d13a40c55d97e12c1fcc7242550f395d81125c87941120b5c44981aa0c43bb2e9fce9a9bd3739341cf067597ccaf42b2ed939472d727dd42cd4cae846675e2f46c3488f4558f9c580396010426c4c913826c5f0c5410591d415aa1524b01362d55f3afee73c20906aca1107cdb2377100977ec615569b84fd60a65b7e31ec6c063f11a55ce9f937e9e3c8c9f61877deb09823669f693d7db373ff071dccf65103606af5783c6c04793e105aa593ac1945721a62894ee5d08bdb5278e2172accd1f4d8bef611801a88c32ef92ad3f1ca17a7993d1f128a494b04bd47b62cd01d85e0085b2b3ac5c45eb23d01864e320350a32185504e67408c729996fbab12797467b9da0b653fcdd3cb791b7a825766eb71f0d524c024334512eb6fb795563da1cc9b15dda9db5a48f3592cc7ad1cae479c2671f1c43cffd34eba7b5b9c1d8b88ebdb494bb3580e860eca0432bdf0cf487fa319ff5918cc9b2126d4e89c93d7c1ecfb51b5e7a5bbafdc413cfa68be9f1d11916f3ac990b5f283976629937c5e261e4d9cf1809d935b38c0dcc3d56cb37b62adb3405bf7c213c67921342cef43dd49fb264a42ec3e025f25fb593a082f0b6a0c8b73ed99eb54db2f5ce4a2818b4bbfa949ec7b5ebba2c6b677ced144ee5e5d22b81caa3fe7f6823eefedf648e94a11b06ce16308c9665834543f40f7628b43a58c8e1b5518a585eb09854f43054105bf52bb9fac711a5d67d4c4077eb698c8dc91d72f065ba8a5b4a7a7cc6a9cfddfa7539a5ccb2be034b380cdd75b068877b2fd5d2b9c5f0533a7e079dfade867d4bb19636bd1f56356443f824d45d8d4c4c75fb1b8f7bbd3953f609028e805d65d26bfa71d2077f8afe28c2239f0f5451c5b20c11582345e7fdf4d2c9691010d015019ee8907e8184065e0bb04aa958db53a52093d7b126f03cdfe14d32ad4bc5418f308b9806fb13f2fbb6d3cdbc2da00768fba8be9c102143b6dfdb3abca9733b0e6428b628c7804f6a4e8c4563ccc53636bb1401b61dc917ea0e3096cdbf9a2123ab2c4766fdcf74ebbf38a555465561e221a4ba43520078b5df57f875fb3b6e87817e3a1eebdfdc3c10e212af8c6577b5392e5bb4ce68d527b24055205a401284cea33288dd3d19a84144d56081ac0dd1d29a70f2c2acb01042dd64b4d1d64bae5e97daa98bfd104d577f3e186172554ef05f13f01e99edad40d6b849ce52ad3a22b3253f80b6ba2b18ac300f7ee3962491e5a09414b35351b196de28e93b4678db10a05024b2ed5823a9b2414111a586d4e6c158b21224ad48cdda061b6712b82327fef8892f9c3e4426f96b62df6b66ef398fc7b22fb4c19289f1e68da609e12d7e2224bab79a976a571a41ea9b4e7311e4e614034a49d9b3dcfa1039823fd5c14e78caf7aa09f31a94c5dc123bc2de7aeef398cb3a88122e79cc96a5400f5a1b99415b7fb0e7d3e143d31d2cfc5dc5ceb03058f2e914c8595a40e5966f8340427950cca06e9deee0ebf6148022b77e8614b624ca1ffcd676ba0129a4e164bcc915a604a32941cdca3503bd3c88d109490bdbba82d1ea1146d9891adb9d6f3a2c4576002ea2f2367d138271d639d29c826adbaf6f768a86142d6781bc342c2805bb1c2038320aa93bd6368a54093551cf222dbe9d36a8805a3087b4a1101d054531905c37817a2d19f4371a65df224c9c5e1fa2353574cd857e77352bfd68e76d01fafede642ba04e9c629df27aaf78220d89ccece153f2b9bf8a4cc88a592adb851a60749b43b8d452a72e11e3c8a8b7ceaad959aeefa1d24d5782f11cb5e1f3664785270ed3f405e5a6822937b1251489b456e1bbaf826607a746b17dc8cc9f889a7fada3cc45ae3517be106abc87e538aa4ad247ee8f838340f31905da3016f55f49465a4464224130bb00d384410c3c6d7f90fe77b14852272f1f53fd6858736f3ad7b89353c5dfb396f04042e78ead6e2dd1d07d5cb26c14653ea31085e62d48ab97aebde86657614d9182f906a0b8e968229ee63502dab613392d03e61c204a9dfc825e8bcf3a06ca36c9e60c7f438ac1d130952d35ced3393182a38b8825d72fd63e977e8a38c4e151f1c4c9fbf2b1f6755ef7e39090fbafe75361c445498c9ef179d05d4c717d24cec2fcdf46c0da5cae3a4ea303882df49177376d6d680032f52f6a48f59ebc6c4a8e2c29ae37d37cc9625b8cf9d1897632e5fcdeffe5fff0be54260b566c575a62875ce07b6e0cd223b01d348975133d39c222158f511c6cb362024c789237758dce8d7d0970ff9f430af2298fff1fc81b66d126660f1b5130b307793e2e9f0640f83e5448a487ad3c37915ce3f483d906180fa62b15994ff8c2333832dfee74a8dc8e9ffe923c4f33b5c6483e3784ec707dd18988e27e6a1ee43c79cbc5289ae10946cb89ad4ad42f131c2300ef9d90a9835ecee61af1f81c813e9ef85893f5456f8e9e97087dff673b141053e2345b6d1a7d2652469bcec002a68a8cd7acf6cc64d599c06030dfd96aea98612ecd7551874a4f6d1197ad3349190c7d9f77fd76c4d13fd64494af41f775ade3325519b1e33286f92f60511edf2c6c8cd3ca6956a103b21c3938bffaf69df11a3409698f3f03c828d23220ed4b6a76001c2d48ffe2272cfe8f8931c893969d3a77c0be2d8b0894ce4de1b38574984a246bc7c84924885099ca3876829a019be2195fd69e0fbca110e3ea4f5c5599db28b61be7d704b74adc9796f34a2c28e51b1e19f55b6c58bc7685b9fac0ef597f9006c17b72e5465950f40b5024c3a7e4e11a7f2aec8442b3f852808f0152bd0cfc420206b0fcd51085a4e4a3c1c81198981c5bbc12f8fec8e09894496a30075b6f0d4bb1998ceacfa8ccb8d75385fd5d5645057db8fef0b000617fa03477429e48880aabfbe49f3a6fe6ab21c1e3b2043ba19381903d6895e790fd02b7e9f073529c0ca7ea59891a56f60aa6f2b53e9e7320525e8be81253c4e44382945508c5d88f920579b04a514e763ea8d8a37f071dcfafc357924e6d9470d0fb5540504e17c1003680d105869fd1b1c16410d326dc9462942c58ac332fa960766eddd96a3a2b4dc32c8eb0dd0b9cb106b58d94429dc420ae79dc8dcf8f17851e2b754da63059bee8d8de1abc76727e6983160fb6c883c2bac4d3e9f2197b8fc34082b559ba3e7573495654c3d2e4fd06a2bf5eca2d88fb39e31fba5f57fd3b70d59167a5a299ca0b3e389214ca0c7a086d3aab301bfab333fa567bc91d39d43368f56b0c3155638ac9abbe2c912fad7cccb1f38d84996a66beda018bac03d04f08b3d5e871538b41a982a8ec1a9559e8e1e9f3e17920e320f9de5641471c96bb6ac8fee93c1c5062d95f3575cd0806146b49ffe7bdc767def4cb067359bf65944755fec71faa617ea8f450eafbafa72efe3ee0081331fedfe01f4adaf35b5955ada6d1a935499c82dbf9f2941c2f84765be05b9e60f38d94b346ccee5cc2af5d992360786a71679337cdd60796f1557033db8b6118cbbc17a83e47060d25326d8aab444fab61c36a3fd2f071436c484da2e83e49e04f81e762f83cf71f036e51fc9c50fdd1ce8e4055126bbe0ed9fddb8278ab5f61e9cb1499813e55e6409672277c803d3f88a97ec949d498fd4691edf5e2c9bc15cad2caecb4da3f08eeae378db367313249785b4576dda44d78a9e55584eef327a624ca557c738777a103fb5c4977e18e20a64de49ede3ef613e978e1bd619b67cd5de3792de51816cf6edbcab9245d1b407f32197c1543e76e06ee011365806fd0b6d7c02dc9a1fe60d76355635aacf7044b74254f8d22641ff0736f80220992e75afe2240cb40d3b96d9e19ea662d2c49e563f8f84c79ae90fc741f0fabd058641c0ef97d06e5f0aa654d5dd55fd65441e1956c817195395c321452df9f8d9c57c6724b1c6da0d21f97e614bbd4c5b3a3baf42ee8b8992bd34d46971621e18561a0b89c8d21e235fd2c1bd7f0abafa77591c3a4b01c0f25bca6cba892fe161ecd8ffb54c71341c0879faa78aa72504fbc59f4beeeae262d66d636e5e5b28933b3a6d7e37c3f242d877584e4fe36fdc1f1337b3bb4aa87e5702bd85ef3db7844a54624b55c3eea17daf860fcb8b703670652ff30f1fbc54b3550da83c903b9247f135ab4f54e7c42212ecbe87fc270a58e39ebf8802188cdf2d9631b3f32f218f20826e5aa9fa922c6a3779cf3cdcd741e5e2e6717bbcbb118d82faddcf3c7dcdbb6b5c17db60bd24499543077378a6c90d1b8e493185a74b281b6ffb46e18ac19ad7e5233e8aa19f498a72457185f6d6d04391148f0b70fc27c5b8f6b9f76c840631fc3116a3848836c96780642c122aa1d0fab7fe53fd15bcb9e020c1444d11f2456f8dc245d3469bb6eeeaea65d30e591e7dd32f1ab2d2a77d79cb966495c093fa0192ba8258494a06e9ef2c1931f88ce71280df3978d434c614178593151a066541970db32d8acfcf098207d2bf98380297765fb4febb41528a61f69985710cfe26617889ec710d0de1e63a063cfbde97fcac28a4336f1cc1d97398b5414af52809156def3405a2d20162676cc2274899583ec488fb022bbf11be3e093975cfdcbea48ba53be77d7085ec659798cbb1fe3f6cada0aefb96b30e1a1b36b9cb30869cd0efce34383657b76b72259acb7279c035c864decd0e0fab33f485f6e83cd6af05a738e37d76db87e3e8fb44a269195840bd42f03955a8ef5e7ba9001245f352c1470c61908140d66f70ddfa078f48abaa51d54f77e94960befe0adc731afbce19cccb1d2154ce583aff698c1f493ac32d90ca94874a5666934fd5d9b992a6757d8a57a80516c10a18ebeef54016f21fa82398ff199660ce7d937744c1972993e239a06909e490b8ccc692c271d4396a0f8b41111ed9b71e61336732468f958b6a128bbf1c9d5be33b895642c6b82a19ae6fe4138260e5cbe3515bdc3d7db81a796cfcfaea67661498af3024017081225aaf1909dbf6f3103857e1135b9d579e70042e32e2e198c04caa6c991e6091ea0ee019d371ad3f25cc96035858ab5fcec87f97d403e6ca6c7a46c1ab8596395cc539f44960a199c3990f1c09e1a5902caf8471b30367323e51ffb6d038986338d9233d5c510e29509fcc5bc309da9bf0e930f8cc0cbdf26202233ca23b9a5ce121798f853ed0e0639d8eff0f42e1d45a2b7754457e1c600d0b44cbe5c5eb9a5a92821925090b93078a93af51d6a0b81670da8ee213b08791821e57baef9d5c80c651cbb3783b500307d122dbdcfd589499fd3d9260bc5dc11f48777bba7bd3a05d5938a0c19e1381ea0297f0e5219555d1ba2afab62fcc8da7efb88a08a72679098eff84141c6a324fdb549004991da72e76ec1c29c25892abf0d77fd582e6aa00d34cb36c1b01d208f0c45e8355a58cc01aecd21c510965705fd00a5c3d6784f17480871f1f7d86c46afe5bf15c113d87d8e350869a429e8466017e657b7aeb457c8e2c574e75229f694c02059f9c6248c4356487a6cb20af2ab0282e762a9004bee0fd25f6f9c6904a4121f679542f1701ce19ae2036e7dc15475e7c96f2cd99ab7c9a191fb9b8a7a8bda243f18ec03cee5e84c8ee932cfdfa1ff5c8ba154b0e58d1da462b3010af99972cdd8e5e5a0c6cf23acc57c3788789b9a69cbd1b7ffbf3164ff4f3d80f7d3eeb6c1f0dfd98a3f1bb763a7a98a3ea7b049945ef3fbca387d81d37c296834455d24881101fe9b2885a395b926ed16e3dc2f38fc1ca68d24a1f5dad8e283f573982efb0003261126e5eeb0e589e47b00a160f1b9889b8d138aae94a9829553982cf48d3b762ba3426c51a3958275062626587230852b2159b0f82cf4ad926a4eef595cc0a2eccfa9ebd36f3c36befb1105e062c3739c4df080bc70ada1882e81500d44e99056c613226c5cd44288caa6ae34619d66635008123a827f37f7f69c447952b5a6d8808df07d4f45215d612e8a9964c1cad806988d8ab3357e253c6fd4f485747b701daf6968bdcbe2ceaaa88807d5aefa8ef2cfc85ac5302c919cab15d641f326a8c943f1038f74f255053ad983d0bb28d9c955417581375680da46b3b549464fea9a8f2d2d9207b4f03e0af8942dabe37d4a0aeceb75449632b805b0e1744cab2fb7a20e78a2f493dcaf596f3770296ffda523955bf54897980716208f57203e44817d3d19bd45fe57181bf5bee81413a5a0e87343a941c17853095040693ce5458246cac7f438f17e8e736d1d0de29abb891c7c1ae879d873df377bf3e7208b731a0d084bbed8bb711f6083ceb545d1373357b0e579d23a820da1aaec8442b8c29fa692294f8fe1bb6bf079b3497ffe4744050d8d58b936c901a058b22d98c13d2dd2aab96709abfc8c4f710b4a5fd36a33b009c10f381ffe2f0ef332267b13570b04421c22fc1ae95c680b34398ffe246f374a97299356d05fbda9da21dc24f0d03004d85076253c78f0029b1120d86c4a162e54e0530819cbe907266547c1597bf363ba0f518bb7bfa625333d1177ac28bac1f9008ea9cf85cb2b6ea74d1b7a9f42e2f55b6265d78167a49ac02a28a79c24c2390353201974ac50aae9fbf0eb967b92ba79e63c70ab11ad84104c5f50fd60f6ccbbe7bdd8055f2b06b4f459fb6876488c612574d681a687367d8a9cf2a9609ded3099452a28282f62f2806cbac49525f2fd6cfe66f2f61f8f21efb759e1193603b558525cacfdde58557ee3122fc6e0a9eaa584c091ed941538c6751e9ab8467fa7ecd8943c24c305ad20b00e0a30892564bfd0062232ad13b606a0ecb91f8600fbc8d6f039da5307ccc006956f420c2f9b7cf3322707c318628aa0477b5218a4b957910222f5f2e06fe371c16b405ecbd9201698a3e6c3557f32514ea17f883584d9921d8724cc3b882e76dab659ce6d73ca91b8897481134bdc7c1f889eab195c22caa3606d8802fd331cbfeac1de342cb614df61f4b8b1ac23c76a4dbbaa7e5466c29c18e2d67b5d2c39682c7cd921b3e0e89b5fd782c2bdc7527b0377990c628936bea5d223030285010e2896a9fa4cf5e287851bc1ac4e59300dda731c0ecedfbf2e496d9e69a760bb4fe5221dd16f267d542f57bca6374a1999b103419f3df6afad48693927420c49b2674327aa0d4597490f694cc4ccfc28fdd3409f4c3ed45577cf03250df1f6b8e18fa9b33148c203d58feeddf21004ec9fc2926e8ad41d85159e9b8054b7d30875c03c720aa6ad6cb52caf504092ce37c70f700716b9e7082726dc1306866a221b6ae4f443079e295115e63bd5666e8c56cb85e2df042c79255ff6a132967381dc10146f8a0c0226e73f3ccb7f56ec98e4a9134b7d751df20a6693e37f35bdac4c3b7ed617d47eb6b484c8f3783f2b88793cbc5b8fe3810505aedc2c3c1c3a698fda1b294e70244acfa312d2660524d4b81079d61a6440a4c19bb89f127cae1f47dadc4a712093a03d73b91869ecace1f3d657183b001e515cf1c2c059f439cf189eab1912b89a31a9ab1e99b0e56068ef00e46cc20c688f54aa70218e121bbc3dfce87463f96a6fd519bd5a5e0c92d7625451da14368f21fbeeab2d05f0f8da45538a38087ffe90fc0208e37f57fcad2caf31b19ea93633961b266d3a47fa1a8de716e079fccfbde9d6331268c69fe200ea1f0711d184fd00e4d652903db5e818565ee87052f47e154639e9de8fcd617925f4302a05d6ea8ea3419c1adcf0044b5dd9cc54cf7ccdcd9e1e27500b137da7f4096f2673f24ba7bcf5afc44bbb2e3944eb9bffe0db9ad11c205770b416c5825c54a5d156638d5a15ac57a8bbeb67aa6223c0401084afa16df5732092d5d4031e7f757f2c78b6f84fecdcc9735fdd968a5cb4d66ca8ed29b9fc0144ec6a701a39d0981d5f3217594b41dfa5b262f91c752e8322e021593072796ab9b9a90b686d8fde12d3f999cba0a9b620674b49dabb6fa493782f722b3686651d9394f616b3615118f25448d8f3fd84b82d1a45e4e55795cfd4ac4a194844fc933518bec52a7aabab5d61a8efd144ff6e2ca7420930ea91011abfee229d0a9d2c9da9f4ad737995a1e7532c9f8862caa587790ada0799fb1722a2f056590f98bdfb223437c910b97b82c0955ff2e1c44cb701e9907acd73ba11cf6714c99718f4784a696d108fff5382d5a4ba6eb7b779bd098ca45adf20f68a408ddb837c7d815762d306faed01ce711ea2f25fd962eae585d2bfed0938a36ca24280a9384555b770cac0584713f88932c474f1a2d59cc2dbf175df64c19cd40319d6c593f851a3e4532bfc5128242681077ef6d7f51cf0d60fa78bf4d94c7b05bf30ea3b86f6b60474f28eac7082bde85069cdb6a991342c7bebc19937af55bec6aa27ab77a30717a5487572ac520a17b4090244e7a1d73551a2eac03960ea15ee76f7aec814c401e4029652d5569b4e81ab13af5a500c537644532ee9190f6969db3df3f163cf0d76a041d8ff64ef64a60f1251b6065de8ac22c932fe6f99bbb6ac7f8b078837751c3f505b4fffc250616129b35bdb8f15fc4a3854d3ab577b4b6fe065c5da2c41e01d15debd9f2b69d1c8b6d49a0d516c401a48ddcaea32d34dd929e18632a06bbe45c958fbb67e0e802f6b026de2c7a19446153c2172a291659246484322abbd03d2fe8c7d51a123aa889f72628528ea1e0fc3c32191f121ecf4b177d78853a4570b822186005671798b001b150721ec8e53a91fb9504dff561d44dc385c2650fc1046e433d07cb3fbc8cb22ededb0750b2eea616a6fecbd59ef028415d1f0d3a9b0a40ce1d6e927b441690c22f5449844e64894b6e0be25e9107f5bfe38e6b44a766486afc5476762d8c1c233659e5c8d6f0f6686b8a38cc227bb1ba75e58ca3e90c2d3c5ed74816ee91dc9c102adbc467f2ed35828aca9412378689b21c9a51e303e888021c91aec928c61a8110af94ddfc94e20513e240bf1b9b56aff1ecb1007cd60ea2f61ed2192499ea5f4815543c8ab4324a278d6e9e9e4075abff196f2f8e7bd1ffd9243216fc12ce0505916879436707f258596b0001796f5314beac2f94d04cc45d5c319843af9b0f492e58d626d57860b50f07c2d1ed936b984f74848af87b9e6337148e55248360c5220d50a77594910712f1abac16cb4ef2599a727d29cac65a392cde6d0e51868ba02515fef0d953a5652f636ccc3a6a819435f57bf8cc7893a37cddaf5b1d284fb4d6c93359fa52cb8e80c66b9c392333011ac0a7cb6c3403da2ec59c57cab7428c5a2bfa9454d19f9cf10302be9d8898af0f5b34226106ebb7f3e4cecb44a75c656ad02200a6a4de08a9e53e5f511d2b2f756c0a25d0657b432f31323dcd51ecbc57b26445f091c53fcd4283335d0362f45d4250224a6e92656a291463a4a7eeb6888664acc992cb568f95edf835f4939ad17149f9b86cff1517a61f59033bb199c9bbfafc9e7cc97b1b2011ec42ef6fece58ad95d9be0803d2f741a15bff42b3aa07b3d095efecd6f4a1fe063d7e21df9373a96f50c700a659e3020b7e6525d68d1d6ecacc1ca201c554104f3e761c34190595fc44561c4dbf99ca906b4f52b48d5878d01f8305b40c00e0f1ca873f7a4eec0b5a77b10d24655cca6758766912b64fb348eb80e132828c3f877c77b925174069bf1569998c5df94e54a0f5f0b62318245bca6b37aa86aadfeec83d5d145b6c65b27a610bd910a1cadc5f47de650c01c92de2779c3db3fb24c02800907ae76d3c5110b481c5f32b3823956c1c204c09753925b9d8e72c0ab89aabea44ba4fab0cdc4f858b7a92165ad16371dfde1f7c0340121c0d2179bfe25c373d8b5b209bb15100477994bc74565bddcf2cd93153af854a689217e3a7a8fed41e74e109a466c31eb3193867d8f5f214d3dfffe50b4cd77a9dad016820ef6e7b798e42ff5f9f6bea7530c538c03d7afa75c0917713573c15eaf91b96c5092b0309f15c3d5fd3670aa766882c17e9223d27f80fb33468db26de7daeedf5b7ad3debd1a90208cd3b73c02be73ce84655a9e1a3d57d8077bbff3250ce4dd0049e572728e50c29f5bd211a86033f78681b42bbda761d95328c93957ae1f8d17a45f155f0623a65729beddd387232a7234a0e341165ea2ae91b3cf50ccfc9110cddf8aa284de5b34c3a4ba630deda973afdbce095e70a7ad7f26ba48064572e889612183a0a2f29e9e3bedd93245615e3af9f61ba308c90eeee870eaa20230a3407f956eaf271472225ccdf17f0e43f561edc59a55dbf96716af4e9c647995d330bf6b2bdad6b46d773036dc3cb36619f05d77b0d8ef37c973c17ec66cecf25041ea35f041b036bea002ddbeb58ab84e732dccf8a311b50b3f0c08f71c55d1a06c81544ebe0e058ccd1c27852eabbf212c33437b3de50cec9bd358b7f3634adad506e581a6bc8198802aac4961983e3ceb008b8d2a638cfc89d57ad2b1c20132570d42847bb0287766869cdff35390b4217e4a0014aae775c955f84e974c272a567c4e3d26132b1970de1bfb2e13202e8152874a1f40a6607c2cd5ca7ca47ed6d452264ed04f0b4a8139212ee0a2ccd8fdb02b8f5cf919422d55513e61a97f4faa112430c89d3e29820181a10cfa6a1e7844bf873bf4683ec6f1692f5ad7fbb9a9a40e4e8e813de2d3c0a915346c96f9d42d43ca310beb44f827db82eeef64887cf74b000f7fdb4ae12b7151eb11e3f053e2e4d6da2df25490bf04b74fd811b723550535e1f1f0f74be0569ee665d3c8a91f5e743bd7161fdbc6e374f0481d49fd4190d9342907d151033f50f26f8134851f7f072a77a0f63a4952b3e3c1cb2553c7778bd5c0771e6ee4a01e70440997992cd4861de6c3f6aac79717864551906997e98ba1be1e397976d17b087e48d9f14c8aee6491f83a58af8d1018e23dabdb8bd80b465bd2204a43162fd43482a2975fbefb4feed53838b897e4dce5617ae691720b3e8fb4c64cf0fc2eb5ffc158acbdeef4463becfc931edb770a2867fca6fdbb87aed47f634fabc6f0e07a8b888463ab8e5a2017f6cb5943fd1b297bc742650d04d4dda987a84c5c6dabe5f972c88f32b9f8520e4969076e60ea07bf1d1ea65cbb1e2d0ec069da718a6e0a8fe9ba739c0472a82b24cd37213ee45685760337d9591e8a0ff2bc9547e88dddc3a2bbe1deb2fd6b0b7dfb6155df0b3176054cfd5b71cb1c21727e4c8150c20c540de3284be710990fb3499e3d7795d4080e6121bdfdb3e5a88c72f914cd0e44eae54bda7e5215e679cbc9aa0a373c08dd1e50bab5a5011fa8c3d02df004493111b0cceb324b24a5f5186ed3161d32dea49d4412489255bcc39369fc8a6b25b0aa56110cf01fb0f495cd02ad577519cd635c0a20bdd592121c86f0f24ed9fadc82b4e6c1cb3c92540b681738e9a6985210739c0c52949c56c5b7738b70af12ba184a2b5798d071fd7152ea97b09053192e8993f847fddaa35e553eb17cbbb45a9f37c75d2cfea34e9d32e89b68b4ce34837b3f38954e72834acdf865fcf86569ee47a63d04f1e0a37d06a8198eb54d6e1dab6c1753cf85bc143e0405a78196e006be77847d97b7f8763645b638f4f467c60d01664fa0c41d26e6803d35ee73c3f278707eb6ff1bd0bf83bbd839296df0206e36becace2743e84757b801a3ad00474a358f7306a9528cfa33430cc02781b1df9171ea26a26657ca9922e1b285bd346f5db9454e37fa7c17fdc2bff9e7756836f0579ec07d8504836a6e6c3b4ffc1b149c1d058d045133818d385d03d4a8343f9fc88287e1ad81b677cfb7e41eccf3314bb0c43f96621542883aff75cb84510564616a4e31ff9106fcee6a405b9fae5d42258dad00bfb1b2c9ead2e757e28fbfb8f60117c992bbba9fbeed70333f5c071e71cbbfa66c75c6fd1bed8f6ecb8d32e7a5f4367ea761413ab3c58b756b135e543f150edd587ab51aafc1915813cea5e8681748db8400ad63a394fff6417bdcc27deb761d02445df258da7756fd68de413ce8217c8da50a26328b8601e63f4f90c1b03b77b760a87fb5572dfdc595fb2c09670fc030a81a57c8d579cd3d22f730f311baff082a919ff4f044390db2b245dd008e36c150932703788d0f5208737d291d6c8e8782edfc6eff322d12c3e7f53b1458e6cb623520069ae2bfe8825c30f9180f28832b5231bae8b0aaa457d4cac964a5656a669ce6ee7d5ca34b9a89003ff00e0f248035da0520e18bb862169bdbb1d61374b03fa950b6a6dda1e61843a94f8ec2cf0dde57dfd05d83d5b05b16e269fab2195da610297809afd4bcd8c3feb16f8be53689811568e1884e1dbfe25959241ee1235b58866bd31baf72289f404b589d1b7f1134ee42b1fa7db3376d24eb82c9326778e9216032df07b32b6cd1bf55de89bd5221d6fbd25ab8156176c9cdebb871706d4080c3693076bafed2660d32748582b917680a260892acbbf3d36f2e72e696aef797c4a8c66f38e7466b9e3a76cba1058b077a4f7dcb2b6c56c50d569d00cdcbf0611f043a36dedcdb1bda2677139162e805def9e20c3c537236075f0cd4b84b261c83f9f13d4fdf11a44fd8473daa55ab1611b4896bf93ddbb9ce372cb176ef2b8a0a134bc0752c54e37d3dc99090d31e8ac37415aa70fc2f771df8194531310638839b80f7d332b0d8992e4083363d19cb228a6506ad0d49b40c2ae9c20327107b31f4a736a03a24f23304bf8311f7ad0a72a8986a425c27e78553d34e0876b3efe7e66f50c3626005c0034a109b3dd79e8f6c44376996fdfc490054749893ba3fe754ea813467824f41b99563dc928eb3efd5e5e7330c27ac36b788bd3e7714746654a42a4b5493da15dc4da8a16906e16628f6e436ecc83342e90168efb8cf6fb7eaa8c6d97205f5005158fc8d2c3cbba755a1573096f33cc29d2d156882b8dc81c9238566738e2bf4ccb96a4b0b52444be426ef573f4d55a99fa3755c5d2e4b21c20184297d610f33d798b692390ad61f1dfb3ece508b7ac4790a8a9d6bc4774141ea1f61c0bda3d7fca895d04e5f62ff94f591df8a419e5437f77a0885bb3fcbe562b98c4725ef6d77d3fa376c3a737e672e852cb60efa148d0c14bb215682acd4f8d786d7eb12cf308ef5b520ffc8e271ec2df8dacf95fa7307f35be3e175413ed29a8858c80eb4102513433177c5cd9fcb03c32a872707c9a1401da076320ed89a350960a90276f295c70a28ee7d079fa555645c1ad49f11a9d00f5d9fdb3599dd51f19f8819147130bab63f4d14340ffadcaf24c805dd249ea50fc39530a5eee370a2fcdac6ca8db48b1fb017933051f656ceddbf75976687ca88814574e9daeff43b9010ab471ff68146c06091f693ce3da0c8f37b5118d5599acd0bc08d99d422aa0fa0d7522aedd315a9695ff22e2e6078785f503b0d9693881897da5a0401c6997e1fb2f88c002a5636efb476c6c682771ea97ed3f5ce3b66c90b5ac77b4000cd52c16cad794c4798edb1ab52b95b55250e267ab913ced15961d4a093e966cfd751f375a361cfac1e880d7ac7909c9a071ffea5b5d8b1d38d95dd27682f26a9d7e6a9b19778396b486ae48498cbaaa3a8ca1ab90fd149a517409a6748295fda8edc6792e2b203fd3aa15dbf735c42536e1746de9a6162b5c6049634892a5974f503d5f73be25360320075d4e44a8a14a4be70e622d29e069f8f8a2c583e6d11e5f67770ac9c2c0467d6b4eb8fb5924c26c091d4779fa0348bc378c57a75f34e2e2ef51d7aeb639769b244b596f5afd504b3d876280c1f88fcfa5a6145f3ade9854f725bca821570312d048a2ae9eba279a597be5dea906e3bbf823bac698ee464065f2f34e5e64272161cdac0ec30e435ace69b026a5dc580ae1e185f28a8423d61ad5c47b09c44af6988124c31fb96deab4af1be69a5032b2ad0c51d58dc4d4480a0a7fa09783a788b33df6125b4f9a8dec02e45f545ca952cc772ab7c1ceafdddf6e24af0fccbc6f6776a80719388801e89b3ddd67adb3ed40cdfb4b72673c9709088634e94652e0db8f442eed62769dc9a185ce883c1a1b9804009a974edcaf4933e01d36d51dc2d376b20dbc1b3958b8c258e334e4b4d0f92b12e649622ca023b3d44b4fe61a1b0d3165cb7ddd7e0dbb14cf6328848b5ef5eb1809c1f9bb8b8f8707d90deee5d67b6d315e95a60b15d4f5991f0138e230ced649a252b69602e85cca1bbb8d0e33c281e87893cf21726748ea88ab4374029471d8dc8a73aa4d2959d5fb18ee92db09b6edde065154b72c4d0f021f2589bede05ad1416355dee804d0f03ef5acb12e95b571a906e3b91b13ba5d23213f471b30c7cff5f110b60e72d204792d2c7b3b80f4f1ce01f5ce0dd621ad1e7300ce5a9b97f01f099e1e4a7d61e9de37c4e1370526206c8e748d2066445a59327fe1fd98120bc9bde874aeaee2a50b5fe228c553764a29e5f8e71dfc0b8bc92c0ff50ea89042511ac8296f059204fb2949fb16a787707bc80f468c042674f8577d94cb90fe4585a61071eeaf88bbd31e10ca49bae23cfa689f20c82afbc35e2864593a68f8c389aaeeff6fb96ee4a00e73c6472f16263caaa7605e4a13491288d8ec6819a2083beac9bc280a2dc8e2c03182139261a27810933ff8a099e0dc717c8dbaf0a041cfa77d525e89b21ec02f1ed8d97fb1fcde292094870093ec60c226803ec41493245ee0c92ad6dcfd45691efae18e2aba3bbc3f4c6d42dadf780c0bb26c77c9f17c3f7fb46d43f5dbe70c89e5c8be2721bab0ab6ab2df963cb7f0a617ffc1925ac263d31343a43599beda06a79b334edb01848153e16df3bdb77f09770d112d69fc43e3839839a93117f2b51764b7ec7b775689117e82c1d54ef9113afc94bc24a41d91358e7a4eb3579d8030939d875c92709dfbcba1ceef79665068006f4b508972aa34085ceb0b2b95c8cd151f6e14dcbeeeac49dec600d7b466ea38bb26daa0aa54f462f0a4171e30bbf6a184f9a38cbc86df9e6e603857fd77c1d7f5e8f979e2b837c5877d7d0c2f893f91a1da69165729e601870b338c14485a469fa2b7712b62896d4939aa35574016ffa140a17b7688bf739b52fbd1e9e8466da55ae78f6c563ffd22885b7744ee6b5f324537c22f033eba7a34b9ec0355ea47bf21670194d712951dfaa5e5392001b837a7e24215a36e77040000000af5865a11ca3f1324eb3be6a62674e5b6d7e910275485f1c8c0f2bbf60ced8277f4ff25f773f653cf80802e2b5e0c56f3aa395ba5b7f0a5f4af409996f23d9a0"

$sstring = ConvertTo-SecureString $lnlfd
$script = (New-Object system.Management.Automation.PSCredential("lnlfd", $sstring)).GetNetworkCredential().Password
Invoke-Expression $script
========= Ende vonCMD: =========


==== Ende von Fixlog 09:11:13 ====
         

Alt 03.08.2016, 08:31   #7
Warlord711
/// TB-Ausbilder
 
Windows 10: Trotux - Standard

Windows 10: Trotux



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
cmd: net user
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 03.08.2016, 08:33   #8
Crossfire_HD
 
Windows 10: Trotux - Standard

Windows 10: Trotux



Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-07-2016
durchgeführt von Crossfire_HD (2016-08-03 09:32:12) Run:2
Gestartet von C:\Users\Crossfire_HD\Downloads
Geladene Profile: Crossfire_HD &  (Verfügbare Profile: Crossfire_HD & DefaultAppPool)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
cmd: net user
*****************


========= net user =========


Benutzerkonten f�r \\CROSSFIRE_HD-PC

-------------------------------------------------------------------------------
Administrator            Crossfire_HD             DefaultAccount           
Gast                     
Der Befehl wurde erfolgreich ausgef�hrt.


========= Ende vonCMD: =========


==== Ende von Fixlog 09:32:12 ====
         

Alt 03.08.2016, 08:50   #9
Warlord711
/// TB-Ausbilder
 
Windows 10: Trotux - Standard

Windows 10: Trotux



Dein Malwarebytes Log fehlt noch.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 03.08.2016, 08:54   #10
Crossfire_HD
 
Windows 10: Trotux - Standard

Windows 10: Trotux



Code:
ATTFilter
<?xml version="1.0" encoding="UTF-8" ?>
<logs>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T00:13:25.492325+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="dfb9f4fb-d9c0-42da-94fd-3b6d9219af0c" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T00:13:25.571837+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="cd41b940-3caa-4c50-b6fb-7125453cd40d" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T00:13:25.602339+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="33baa593-0fd7-410d-9d40-6913a95992d8" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T00:13:27.474586+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="cce0067b-96bc-40d8-8432-49c5a857a114" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-08-03T00:14:05.459502+02:00" source="Manual" type="Update" username="SYSTEM" systemname="CROSSFIRE_HD-PC" fromVersion="2016.2.8.1" last_modified_tag="d924b3c9-dc21-49e7-850a-43851a8ab3bc" name="IP Database" toVersion="2016.8.2.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-08-03T00:14:06.452848+02:00" source="Manual" type="Update" username="SYSTEM" systemname="CROSSFIRE_HD-PC" fromVersion="2016.2.8.1" last_modified_tag="937ced0b-ee30-4934-acbd-960d2e3f6881" name="Rootkit Database" toVersion="2016.5.27.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-08-03T00:14:08.673188+02:00" source="Manual" type="Update" username="SYSTEM" systemname="CROSSFIRE_HD-PC" fromVersion="2016.2.16.8" last_modified_tag="9221dff3-5c43-4dbb-be9e-1544cea41d9d" name="Domain Database" toVersion="2016.8.2.7"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-08-03T00:14:18.966856+02:00" source="Manual" type="Update" username="SYSTEM" systemname="CROSSFIRE_HD-PC" fromVersion="2016.2.16.6" last_modified_tag="14f43ea3-1979-466a-a94e-70b9e151c132" name="Malware Database" toVersion="2016.8.2.12"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T00:14:19.064869+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="58c55182-2940-4055-80ed-3cac239532d0" result="Starting" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T00:14:19.074370+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="d7edb830-d102-4ac4-822e-f723070b2b4c" result="Stopping" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T00:14:19.448417+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="65bd7785-d362-4773-957a-7b6197382457" result="Stopped" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T00:14:26.417756+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="34e46b83-5fa9-4dfb-af7d-cd0a1fb08c71" result="Success" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T00:14:26.479763+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="63aa1889-4b07-4691-a3aa-eb232f0a7296" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T00:14:28.522978+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="82bc6683-e2ca-4090-9a55-04defb8213a4" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" message="Zugriff verweigert

" LoggingEventType="0" vendor="PUP.Optional.Elex.SHHKRST" datetime="2016-08-03T00:30:21.479738+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="f12862b5-e939-4b7e-85ac-73bbf97ee887" subtype="Malware Protection" action="Quarantine Failed" error="5" filename="C:\Users\Crossfire_HD\AppData\Local\Microsoft\Windows\INetCookies\zamock.dll" hash="32225cea0892d363ce186d4646beba46" malwaretype="File"></record>
   <record severity="debug" message="Zugriff verweigert

" LoggingEventType="0" vendor="PUP.Optional.Elex.SHHKRST" datetime="2016-08-03T00:45:47.573733+02:00" source="Protection" type="Detection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="86400243-f387-4ee9-95f6-6cbb231c9e51" subtype="Malware Protection" action="Quarantine Failed" error="5" filename="C:\Users\Crossfire_HD\AppData\Local\Microsoft\Windows\INetCookies\zamock.dll" hash="32225cea0892d363ce186d4646beba46" malwaretype="File"></record>
   <record severity="debug" scantype="threat" LoggingEventType="6" starttime="2016-08-03T00:14:21+02:00" datetime="2016-08-03T01:02:48.920232+02:00" source="Context" type="Scan" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="ad55c3ba-52b6-44b1-8d22-6913f97ee9f0" duration="2836" malwaredetections="1" nonmalwaredetections="220" scanresult="completed"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-08-03T01:08:47.741527+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="CROSSFIRE_HD-PC" fromVersion="2016.2.12.1" last_modified_tag="e8d8a9dd-1aae-45fe-a749-48dcda23a550" name="Remediation Database" toVersion="2016.8.2.1"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T01:08:48.039564+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="61618424-de98-4461-b4e4-c01b237c9a6c" result="Starting" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T01:08:48.048566+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="a6d649ae-2df0-4c3c-863d-f2f321b58501" result="Stopping" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T01:08:48.725652+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="400fd4ba-c23c-47ea-8311-6a1afe71c97c" result="Stopped" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T01:08:56.291615+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="4648fbc6-4415-4809-ab2b-b5437755aedd" result="Success" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T01:08:56.308117+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="c0f28bcc-53cd-4ebf-87c3-458913f94b6a" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T01:08:58.417384+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="cb256691-bcdc-4aa0-943d-51a75488755d" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T07:14:23.217751+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="4e37c184-6dc3-40fd-a08f-096799f47179" result="Starting" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T07:14:23.240827+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="7aaefb29-e9bf-49c8-ab7b-13a9090e2c10" result="Started" subtype="Malware Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T07:15:37.352283+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="032cd96a-ad67-4b09-9db6-4e9ad0b2f139" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-08-03T07:15:37.761835+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="CROSSFIRE_HD-PC" fromVersion="2016.8.2.1" last_modified_tag="003823f0-4082-4992-a43c-df2e4e227f06" name="IP Database" toVersion="2016.8.3.1"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-08-03T07:15:38.437421+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="CROSSFIRE_HD-PC" fromVersion="2016.8.2.7" last_modified_tag="30f469e0-8a47-4ce4-8977-34119c15f483" name="Domain Database" toVersion="2016.8.3.1"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T07:15:40.337677+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="38356e6f-db2c-4030-9abd-316da08a2337" result="Started" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="1" datetime="2016-08-03T07:15:43.462981+02:00" source="Scheduler" type="Update" username="SYSTEM" systemname="CROSSFIRE_HD-PC" fromVersion="2016.8.2.12" last_modified_tag="ed7aabd2-63b8-4530-bc60-d7315eb61e8f" name="Malware Database" toVersion="2016.8.3.2"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T07:15:43.507487+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="5ac3373b-6d1c-4b84-b4c9-e87ebe3f7611" result="Starting" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T07:15:43.515988+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="fe63bac4-10ed-4fbf-aba1-ddcbb3d72109" result="Stopping" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T07:15:44.107939+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="9d3bf06f-9ab1-45ac-bba4-7ccdb52747cb" result="Stopped" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T07:15:50.141062+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="f601b58a-06a8-4983-836f-ae788217f08b" result="Success" subtype="Refresh"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T07:15:50.417474+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="c4a1fabf-8c56-4974-8c13-1e9485e8989c" result="Starting" subtype="Malicious Website Protection"></record>
   <record severity="debug" LoggingEventType="2" datetime="2016-08-03T07:15:52.822708+02:00" source="Protection" type="Protection" username="SYSTEM" systemname="CROSSFIRE_HD-PC" last_modified_tag="cd47abdd-2e62-4717-bfc5-9ccdf87b1f0d" result="Started" subtype="Malicious Website Protection"></record>
</logs>
         
Hab nurnoch den Protecftion Log davon! Der Malwarebytes Log ist oben schon drinne!
Mehr hab ich nicht!
-Crossfire

Alt 03.08.2016, 09:40   #11
Warlord711
/// TB-Ausbilder
 
Windows 10: Trotux - Standard

Windows 10: Trotux



Ok, sehe den Malwarelog nicht im Code-Posting:

SO gehts erstmal weiter.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Und bitte neue FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 03.08.2016, 09:57   #12
Warlord711
/// TB-Ausbilder
 
Windows 10: Trotux - Standard

Windows 10: Trotux



Zudem empfehle ich dir, Spyhunter 4 zu deinstallieren.
Ich hoffe du hast es nicht gekauft ?

SpyHunter entfernen | SpyHunterCleaner - so geht's
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 03.08.2016, 16:29   #13
Crossfire_HD
 
Windows 10: Trotux - Standard

Windows 10: Trotux



hey,
musste leider weg bin jetzt wieder da!
Ich deinstalliere es gerade und habe nur eine Free Version womit man nur Viren finden kann und nicht beseitigen!
Da man sonst ja 41 Euro bezahlen muss! Das war mir dann aber doch zu unsicher und ich wollte nicht unbedingt Geld ausgeben für das!

-Crossfire

Code:
ATTFilter
# AdwCleaner v5.201 - Bericht erstellt am 03/08/2016 um 07:32:46
# Aktualisiert am 30/06/2016 von ToolsLib
# Datenbank : 2016-08-02.3 [Server]
# Betriebssystem : Windows 10 Pro  (X64)
# Benutzername : Crossfire_HD - CROSSFIRE_HD-PC
# Gestartet von : C:\Users\Crossfire_HD\Downloads\AdwCleaner_5.201.exe
# Option : Suchlauf
# Unterstützung : https://toolslib.net/forum

***** [ Dienste ] *****

Dienst gefunden : Amazon 1Button App Service
Dienst gefunden : a126ab78ac54359a4bca1f64a9cecc14

***** [ Ordner ] *****

Ordner gefunden : C:\Program Files (x86)\Amazon\Amazon1ButtonApp
Ordner gefunden : C:\Users\Crossfire_HD\AppData\Roaming\FLV and Media Player

***** [ Dateien ] *****

Datei gefunden : C:\WINDOWS\SysNative\drivers\a126ab78ac54359a4bca1f64a9cecc14.sys

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel gefunden : HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Schlüssel gefunden : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Schlüssel gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Schlüssel gefunden : HKCU\Software\distromatic
Schlüssel gefunden : HKCU\Software\IM
Schlüssel gefunden : HKCU\Software\OCS
Schlüssel gefunden : HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV and Media Player
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}
Schlüssel gefunden : HKU\S-1-5-21-288855440-1587857584-130986015-1000\Software\distromatic
Schlüssel gefunden : HKU\S-1-5-21-288855440-1587857584-130986015-1000\Software\IM
Schlüssel gefunden : HKU\S-1-5-21-288855440-1587857584-130986015-1000\Software\OCS
Schlüssel gefunden : HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\distromatic
Schlüssel gefunden : HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\IM
Schlüssel gefunden : HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\OCS
Schlüssel gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E69617BF-CA64-44B1-8348-63B4F07C694F}
Schlüssel gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E69617BF-CA64-44B1-8348-63B4F07C694F}
Daten gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {E69617BF-CA64-44B1-8348-63B4F07C694F}
Schlüssel gefunden : HKU\S-1-5-21-288855440-1587857584-130986015-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E69617BF-CA64-44B1-8348-63B4F07C694F}
Schlüssel gefunden : HKU\S-1-5-21-288855440-1587857584-130986015-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{E69617BF-CA64-44B1-8348-63B4F07C694F}
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
Schlüssel gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com

***** [ Internetbrowser ] *****

[C:\Users\Crossfire_HD\AppData\Roaming\Mozilla\Firefox\Profiles\et8nOPA3.default\prefs.js] gefunden : user_pref("browser.startup.homepage", "hxxp://www.startseite24.net");
[C:\Users\Crossfire_HD\AppData\Roaming\Profiles\s1g2xtcs.default\prefs.js] gefunden : user_pref("browser.search.defaultenginename", "trotux");
[C:\Users\Crossfire_HD\AppData\Roaming\Profiles\s1g2xtcs.default\prefs.js] gefunden : user_pref("browser.search.searchengine.hp", "hxxp://www.trotux.com/?z=2d8cd755c3fd6c8cdb627fdg6zem8e3g5w9m0meg4q&from=isr&uid=ST1000DM003_Z9A0176KXXXXZ9A0176K&type=hp");
[C:\Users\Crossfire_HD\AppData\Roaming\Profiles\s1g2xtcs.default\prefs.js] gefunden : user_pref("browser.search.searchengine.sp", "hxxp://www.trotux.com/search/?from=isr&q={searchTerms}&type=sp&uid=ST1000DM003_Z9A0176KXXXXZ9A0176K&z=2d8cd755c3fd6c8cdb627fdg6zem8e3g5w9m0meg4q");
[C:\Users\Crossfire_HD\AppData\Roaming\Profiles\s1g2xtcs.default\prefs.js] gefunden : user_pref("browser.search.searchengine.uid", "ST1000DM003_Z9A0176KXXXXZ9A0176K");
[C:\Users\Crossfire_HD\AppData\Roaming\Profiles\s1g2xtcs.default\prefs.js] gefunden : user_pref("browser.search.searchengine.url", "hxxp://www.trotux.com/search/?from=isr&q={searchTerms}&type=sp&uid=ST1000DM003_Z9A0176KXXXXZ9A0176K&z=2d8cd755c3fd6c8cdb627fdg6zem8e3g5w9m0meg4q");
[C:\Users\Crossfire_HD\AppData\Roaming\Profiles\s1g2xtcs.default\prefs.js] gefunden : user_pref("browser.search.selectedEngine", "trotux");
[C:\Users\Crossfire_HD\AppData\Roaming\Profiles\s1g2xtcs.default\prefs.js] gefunden : user_pref("browser.startup.homepage", "hxxp://www.trotux.com/?z=2d8cd755c3fd6c8cdb627fdg6zem8e3g5w9m0meg4q&from=isr&uid=ST1000DM003_Z9A0176KXXXXZ9A0176K&type=hp");

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [5497 Bytes] - [03/08/2016 07:32:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5570 Bytes] ##########
         
Hab noch was von ADW gefunden!

-Crossfire

Ach und dieses Spyware remove Tool wird immer gelöscht wenn ichs runterlade!

-Crossfire

Alt 03.08.2016, 17:00   #14
Warlord711
/// TB-Ausbilder
 
Windows 10: Trotux - Standard

Windows 10: Trotux



Zitat:
Zitat von Crossfire_HD Beitrag anzeigen
Ach und dieses Spyware remove Tool wird immer gelöscht wenn ichs runterlade!

-Crossfire
Deaktiviere bitte deinen Echtzeitschutz von Avira.


Zitat:
Deaktivieren Sie bitte den Echtzeitschutz Ihres Antiviren- oder Antimalwareprogramms, da es die Entfernung von SpyHunter blockieren kann. Schließen Sie zudem alle offenen Programme und Browser.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 03.08.2016, 17:31   #15
Crossfire_HD
 
Windows 10: Trotux - Standard

Windows 10: Trotux



Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Pro x64 
Ran by Crossfire_HD (Administrator) on 03.08.2016 at 18:19:05,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4 

Failed to delete: C:\ProgramData\pdfforge (Folder) 
Successfully deleted: C:\ProgramData\1470201258.bdinstall.bin (File) 
Successfully deleted: C:\Users\Crossfire_HD\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\WINDOWS\system32\Tasks\Avira System Speedup Tray (Task)



Registry: 2 

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_E5480AB2FC0B1D04F5B79263E5033BD0 (Registry Value) 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} (Registry Value) 




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.08.2016 at 18:29:49,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Soweit klappt alles!

-Crossfire

Antwort

Themen zu Windows 10: Trotux
anhang, anti, befindet, browser, dateien, defender, eigenschaften, einfach, fenster, forum, konnte, malwarebytes, neues, nicht mehr, nichts, probiert, quarantäne, richtig, starte, starten, thread, verschwindet, warum, windows, zuviel, öffnet




Zum Thema Windows 10: Trotux - Hey, das ist mein erster Thread in den Forum also nicht zuviel erhoffen ! Schilderung des Problems: Ganz einfach Trotux hat sich bei mir im Chrome Browser festgesetzt. Hab schon - Windows 10: Trotux...
Archiv
Du betrachtest: Windows 10: Trotux auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.