Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
UCGuard nicht entfernbar und andere Malware

UCGuard nicht entfernbar und andere Malware


Log-Analyse und Auswertung: UCGuard nicht entfernbar und andere Malware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 3 1 2 3
Alt 07.11.2016, 18:28   #16
kakuzu
 
UCGuard nicht entfernbar und andere Malware - Standard

UCGuard nicht entfernbar und andere Malware


Ich scheine ja mal richtig was eingefangen zu haben. Mache dir damit mal so richtig Arbeit. Aber schön zu sehen das es so eine Hilfsbereite Community gibt.

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-11-2016
durchgeführt von Benjamin (07-11-2016 18:11:54) Run:4
Gestartet von C:\Users\Benjamin\Desktop
Geladene Profile: Benjamin (Verfügbare Profile: Benjamin)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
C:\Users\Benjamin\AppData\Roaming\2.txt
Task: {75196BBE-3737-4678-AE57-464270E71418} - \090814979df9a1cbff315bc3871a6032 -> Keine Datei <==== ACHTUNG
Shortcut: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\iexplore.bat (Keine Datei)
Shortcut: C:\Users\Benjamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\iexplore.bat (Keine Datei)
Shortcut: C:\Users\Benjamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\chrome.bat (Keine Datei)
Shortcut: C:\Users\Benjamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\iexplore.bat (Keine Datei)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [37416 2015-08-29] (Wellbia.com Co., Ltd.)
U0 aswVmm; kein ImagePath
C:\Users\Benjamin\AppData\Roaming\1.zip
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: type "C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\profiles.ini"
Reboot:
end
*****************

Prozess erfolgreich geschlossen.
C:\Users\Benjamin\AppData\Roaming\2.txt => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75196BBE-3737-4678-AE57-464270E71418}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75196BBE-3737-4678-AE57-464270E71418}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\090814979df9a1cbff315bc3871a6032" => Schlüssel erfolgreich entfernt
C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk => erfolgreich verschoben
C:\Users\Benjamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk => erfolgreich verschoben
C:\Users\Benjamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk => erfolgreich verschoben
C:\Users\Benjamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk => erfolgreich verschoben
xhunter1 => Dienst erfolgreich entfernt
aswVmm => Dienst erfolgreich entfernt
C:\Users\Benjamin\AppData\Roaming\1.zip => erfolgreich verschoben
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk => erfolgreich verschoben
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器 => erfolgreich verschoben

========= dir "%ProgramFiles%" =========

 Datentr„ger in Laufwerk C: ist Windows8_OS
 Volumeseriennummer: 9028-DEDB

 Verzeichnis von C:\Program Files

07.11.2016  16:55    <DIR>          .
07.11.2016  16:55    <DIR>          ..
15.01.2015  16:41    <DIR>          4K Video Downloader
01.03.2016  20:17    <DIR>          7-Zip
14.05.2015  19:57    <DIR>          Adobe
29.07.2015  15:38    <DIR>          Andy
12.12.2014  03:05    <DIR>          Bonjour
17.08.2016  17:00    <DIR>          Common Files
26.11.2014  02:02    <DIR>          CyberLink
10.04.2016  00:04    <DIR>          DIFX
17.08.2016  17:07    <DIR>          Dolby Digital Plus
01.11.2016  18:21    <DIR>          FileZilla FTP Client
29.07.2015  15:39    <DIR>          Genymobile
02.11.2016  15:36    <DIR>          GIANTS Software
06.03.2016  19:10    <DIR>          GIMP 2
23.10.2015  11:54    <DIR>          HP
16.11.2015  21:56    <DIR>          HWiNFO64
09.08.2015  17:02    <DIR>          IDT
17.08.2016  17:00    <DIR>          Intel
30.09.2016  17:55    <DIR>          Internet Explorer
30.04.2016  20:13    <DIR>          Java
11.03.2015  22:08    <DIR>          Lenovo
28.12.2015  18:30    <DIR>          Logitech
31.12.2015  11:41    <DIR>          Logitech Gaming Software
12.10.2016  00:15    <DIR>          Microsoft Silverlight
24.11.2015  15:33    <DIR>          Microsoft Xbox 360 Accessories
17.08.2016  17:20    <DIR>          MSBuild
19.04.2016  15:58    <DIR>          MultiBit HD
04.06.2015  06:20    <DIR>          MySQL
05.11.2016  23:59    <DIR>          NetStat4Win
29.10.2016  14:43    <DIR>          Nexus Mod Manager
31.12.2015  13:27    <DIR>          Nuance
06.11.2016  02:26    <DIR>          NVIDIA Corporation
14.08.2016  12:26    <DIR>          OBS
26.05.2016  10:39    <DIR>          Oracle
17.08.2016  17:20    <DIR>          Reference Assemblies
28.04.2016  11:16    <DIR>          Samsung
21.10.2015  22:27    <DIR>          SketchUp
13.10.2016  15:24    <DIR>          Sublime Text 3
17.08.2016  16:52    <DIR>          Synaptics
03.08.2016  16:36    <DIR>          TeamSpeak 3 Client
03.05.2015  15:46    <DIR>          TortoiseHg
04.11.2016  06:02    <DIR>          TruckersMP
29.10.2016  23:51    <DIR>          Twitch Leecher
05.11.2016  03:15    <DIR>          VS Revo Group
16.09.2016  05:15    <DIR>          Windows Defender
12.10.2016  00:13    <DIR>          Windows Mail
29.10.2016  04:13    <DIR>          Windows Media Player
16.07.2016  12:47    <DIR>          Windows Multimedia Platform
17.08.2016  17:32    <DIR>          Windows NT
12.10.2016  00:13    <DIR>          Windows Photo Viewer
16.07.2016  12:47    <DIR>          Windows Portable Devices
16.07.2016  12:47    <DIR>          WindowsPowerShell
06.07.2016  17:07    <DIR>          WinRAR
               0 Datei(en),              0 Bytes
              54 Verzeichnis(se), 229.996.699.648 Bytes frei

========= Ende von CMD: =========


========= dir "%ProgramFiles(x86)%" =========

 Datentr„ger in Laufwerk C: ist Windows8_OS
 Volumeseriennummer: 9028-DEDB

 Verzeichnis von C:\Program Files (x86)

07.11.2016  16:54    <DIR>          .
07.11.2016  16:54    <DIR>          ..
04.11.2016  18:26    <DIR>          4KDownload
04.11.2016  18:26    <DIR>          7777
05.11.2016  03:14    <DIR>          Adobe
04.11.2016  18:26    <DIR>          AmIcoSingLun
04.11.2016  18:26    <DIR>          AnyBurn
04.11.2016  18:26    <DIR>          Atlassian
04.11.2016  18:26    <DIR>          Bethesda.net Launcher
04.11.2016  18:26    <DIR>          Bluetooth Suite
04.11.2016  18:26    <DIR>          Bonjour
04.11.2016  18:26    <DIR>          Breaktru Software
04.11.2016  18:26    <DIR>          Brother
04.11.2016  18:26    <DIR>          Browny02
04.11.2016  18:26    <DIR>          Common Files
04.11.2016  18:26    <DIR>          ComposerSetup
04.11.2016  18:26    <DIR>          ControlCenter4
04.11.2016  18:26    <DIR>          CyberLink
04.11.2016  18:26    <DIR>          eBlendr
04.11.2016  18:26    <DIR>          Eltima Software
04.11.2016  18:26    <DIR>          eMule
04.11.2016  18:26    <DIR>          Euro Truck Simulator 2
04.11.2016  18:26    <DIR>          ExKode
04.11.2016  18:26    <DIR>          FlashDevelop
04.11.2016  18:26    <DIR>          FlashFXP 5
04.11.2016  18:26    <DIR>          GameforgeLive
04.11.2016  18:26    <DIR>          Git
04.11.2016  18:26    <DIR>          Google
06.11.2016  02:26    <DIR>          GPU-Z
04.11.2016  18:27    <DIR>          Guild Wars 2
04.11.2016  18:26    <DIR>          HeidiSQL
04.11.2016  18:26    <DIR>          HP
04.11.2016  18:27    <DIR>          Intel
04.11.2016  18:26    <DIR>          Internet Explorer
04.11.2016  18:26    <DIR>          Java
04.11.2016  18:26    <DIR>          JetBrains
04.11.2016  18:26    <DIR>          Lavalys
04.11.2016  18:26    <DIR>          Lenovo
04.11.2016  18:26    <DIR>          LibreOffice 5
04.11.2016  18:26    <DIR>          Lioncast LK15 Keyboard
04.11.2016  18:26    <DIR>          Lioncast LM30 Gaming Mouse
04.11.2016  18:26    <DIR>          Livestreamer
04.11.2016  18:26    <DIR>          Logitech
04.11.2016  19:20    <DIR>           Malwarebytes Anti-Malware 
04.11.2016  18:26    <DIR>          Microsoft ASP.NET
04.11.2016  18:26    <DIR>          Microsoft Games for Windows - LIVE
04.11.2016  18:26    <DIR>          Microsoft Office
04.11.2016  18:26    <DIR>          Microsoft Silverlight
04.11.2016  18:26    <DIR>          Microsoft.NET
04.11.2016  18:26    <DIR>          MMTaskbar
04.11.2016  18:26    <DIR>          Mozilla Firefox
04.11.2016  18:26    <DIR>          Mozilla Maintenance Service
04.11.2016  18:26    <DIR>          MSBuild
04.11.2016  18:26    <DIR>          MSECache
04.11.2016  18:26    <DIR>          MSXML 4.0
04.11.2016  18:26    <DIR>          NetBeans 8.0.2
04.11.2016  18:26    <DIR>          New Folder
04.11.2016  18:26    <DIR>          NifTools
04.11.2016  18:26    <DIR>          Nitro
04.11.2016  18:26    <DIR>          NSIS Uninstall Information
04.11.2016  18:26    <DIR>          Nuance
06.11.2016  02:26    <DIR>          NVIDIA Corporation
04.11.2016  18:26    <DIR>          OBS
04.11.2016  18:27    <DIR>          obs-studio
04.11.2016  18:26    <DIR>          Origin
04.11.2016  18:26    <DIR>          Origin Games
06.11.2016  22:34    <DIR>          Overwolf
04.11.2016  22:26    <DIR>          PDF24
04.11.2016  18:26    <DIR>          PhotoScape
04.11.2016  18:26    <DIR>          Pinegrow Web Designer
04.11.2016  18:26    <DIR>          PlayClaw 5 Plus
04.11.2016  18:26    <DIR>          Plex
04.11.2016  18:26    <DIR>          Poedit
04.11.2016  18:26    <DIR>          PosteRazor
06.11.2016  01:29    <DIR>          PydioSync
04.11.2016  18:26    <DIR>          Qualcomm Atheros
04.11.2016  18:26    <DIR>          Razer
04.11.2016  18:26    <DIR>          Realtek
06.11.2016  01:12    <DIR>          Reason
04.11.2016  18:26    <DIR>          Reference Assemblies
04.11.2016  18:26    <DIR>          Samsung
04.11.2016  18:26    <DIR>          Seagate
04.11.2016  18:26    <DIR>          SF
04.11.2016  18:26    <DIR>          Skype
04.11.2016  18:26    <DIR>          Smart Projects
04.11.2016  18:26    <DIR>          SourceTec
07.11.2016  18:10    <DIR>          Steam
04.11.2016  18:26    <DIR>          Strato
05.11.2016  20:57    <DIR>          TeamViewer
04.11.2016  18:26    <DIR>          Trust
04.11.2016  18:26    <DIR>          Tukui
04.11.2016  18:26    <DIR>          Twitch Launcher
04.11.2016  18:27    <DIR>          Ubisoft
04.11.2016  18:26    <DIR>          UnderCover10
04.11.2016  18:26    <DIR>          VanillaDayZmodLauncher
04.11.2016  18:26    <DIR>          VideoLAN
04.11.2016  18:26    <DIR>          VS Revo Group
06.11.2016  02:34    <DIR>          VulkanRT
06.11.2016  23:54    <DIR>          WEBZEN
04.11.2016  18:26    <DIR>          WestwoodOnline
16.09.2016  05:15    <DIR>          Windows Defender
04.11.2016  18:26    <DIR>          Windows Mail
04.11.2016  18:26    <DIR>          Windows Media Player
04.11.2016  18:26    <DIR>          Windows Multimedia Platform
04.11.2016  18:26    <DIR>          Windows NT
04.11.2016  18:26    <DIR>          Windows Photo Viewer
04.11.2016  18:26    <DIR>          Windows Portable Devices
04.11.2016  18:26    <DIR>          WindowsPowerShell
04.11.2016  18:26    <DIR>          WYSIWYG Web Builder 10
04.11.2016  18:26    <DIR>          YaTQA
               0 Datei(en),              0 Bytes
             110 Verzeichnis(se), 229.996.691.456 Bytes frei

========= Ende von CMD: =========


========= dir "%ProgramData%" =========

 Datentr„ger in Laufwerk C: ist Windows8_OS
 Volumeseriennummer: 9028-DEDB

 Verzeichnis von C:\ProgramData

26.03.2016  16:58    <DIR>          .mono
14.05.2015  19:57    <DIR>          Adobe
26.11.2014  01:20    <DIR>          AmUStor
12.12.2014  03:05    <DIR>          Apple
11.12.2014  22:04    <DIR>          Atheros
03.05.2015  16:20    <DIR>          Atlassian
09.07.2016  21:34    <DIR>          AutoUpdate
17.02.2016  22:59    <DIR>          Battle.net
20.07.2015  16:29    <DIR>          Blizzard Entertainment
03.10.2015  17:26    <DIR>          boost_interprocess
31.12.2015  13:32    <DIR>          Brother
07.06.2015  18:47    <DIR>          Canneverbe Limited
03.05.2015  16:14    <DIR>          Caphyon
16.07.2016  12:47    <DIR>          Comms
21.05.2016  20:18    <DIR>          ComposerSetup
31.12.2015  13:31    <DIR>          ControlCenter4
04.04.2015  12:13    <DIR>          Curse Client
13.09.2016  15:05    <DIR>          CyberLink
25.04.2015  22:46    <DIR>          DesktopServer
26.11.2014  02:06    <DIR>          Downloaded Installations
26.11.2014  01:23                 0 DP45977C.lfl
11.12.2014  22:03    <DIR>          eBay
02.09.2015  16:38    <DIR>          Electronic Arts
25.03.2015  20:00    <DIR>          eMule
05.05.2016  20:07    <DIR>          Energy Manager
06.01.2015  23:47    <DIR>          FlashFXP
31.12.2015  13:26    <DIR>          FLEXnet
16.03.2015  14:48    <DIR>          HP
13.09.2016  15:04    <DIR>          install_clap
26.11.2014  01:20    <DIR>          Intel
31.12.2015  13:29                 0 LauncherAccess.dt
13.06.2015  17:05    <DIR>          Lenovo
09.07.2016  21:34    <DIR>          Licenses
16.02.2015  23:24    <DIR>          LogiShrd
19.11.2015  18:06    <DIR>          Logitech
11.12.2014  23:04    <DIR>          Malwarebytes
05.11.2016  12:17    <DIR>          Malwarebytes' Anti-Malware (portable)
11.12.2014  23:10    <DIR>          McAfee
18.08.2016  01:59    <DIR>          Microsoft OneDrive
09.04.2015  23:31    <DIR>          Mozilla
30.08.2015  12:10    <DIR>          Nexon
26.11.2014  01:55    <DIR>          Nitro
31.12.2015  13:42    <DIR>          Nuance
07.11.2016  17:21    <DIR>          NVIDIA
06.11.2016  02:35    <DIR>          NVIDIA Corporation
11.12.2014  23:16    <DIR>          Office2013
26.11.2014  02:06    <DIR>          OneKey Recovery
19.04.2016  15:56    <DIR>          Oracle
27.08.2016  22:11    <DIR>          Origin
13.11.2015  04:34    <DIR>          Overwolf
29.10.2016  23:51    <DIR>          Package Cache
31.12.2015  13:31    <DIR>          PCFaxTx
08.08.2016  19:22    <DIR>          PlayClaw5plus
26.11.2014  01:24    <DIR>          Qualcomm Atheros
29.08.2015  15:36    <DIR>          Razer
17.08.2016  17:08    <DIR>          regid.1986-12.com.adobe
17.08.2016  17:06    <DIR>          regid.1991-06.com.microsoft
17.08.2016  17:08    <DIR>          regid.2000-02.com.flashfxp
13.09.2015  14:54    <DIR>          Riot Games
13.09.2015  15:01    <DIR>          RogueKiller
18.06.2015  07:49    <DIR>          Samsung
31.12.2015  13:26    <DIR>          ScanSoft
29.02.2016  17:13    <DIR>          SF
21.10.2015  22:27    <DIR>          SketchUp
27.07.2016  18:39    <DIR>          Skype
16.07.2016  12:47    <DIR>          SoftwareDistribution
12.06.2015  20:52    <DIR>          SP_FT_Logs
17.05.2015  22:58    <DIR>          Sun
13.09.2016  15:00    <DIR>          SUPPORTDIR
21.10.2016  16:58    <DIR>          Twitch
17.08.2016  17:33    <DIR>          USOPrivate
17.08.2016  17:33    <DIR>          USOShared
05.05.2016  20:12    <DIR>          VMware
06.11.2016  23:54    <DIR>          WEBZEN
31.12.2015  13:27    <DIR>          zeon
               2 Datei(en),              0 Bytes
              73 Verzeichnis(se), 229.996.691.456 Bytes frei

========= Ende von CMD: =========


========= dir "%Appdata%" =========

 Datentr„ger in Laufwerk C: ist Windows8_OS
 Volumeseriennummer: 9028-DEDB

 Verzeichnis von C:\Users\Benjamin\AppData\Roaming

07.11.2016  18:11    <DIR>          .
07.11.2016  18:11    <DIR>          ..
26.03.2016  16:58    <DIR>          .mono
31.10.2015  22:56    <DIR>          7DaysToDie
14.05.2015  20:08    <DIR>          Adobe
03.03.2016  14:59    <DIR>          Amazon Cloud Drive
29.07.2015  15:38    <DIR>          Andy
02.08.2015  19:09    <DIR>          Andy_44_Online
07.06.2015  18:46    <DIR>          anyburn
13.07.2015  11:27    <DIR>          Atheros
17.02.2016  22:59    <DIR>          Battle.net
19.04.2016  16:08    <DIR>          Bitcoin
19.05.2016  14:57    <DIR>          Brother
08.02.2016  13:26               464 burnaware.ini
04.04.2016  13:19    <DIR>          CAD-KAS
07.06.2015  18:47    <DIR>          Canneverbe Limited
12.06.2016  17:11    <DIR>          CasaPortale.de
21.05.2016  20:18    <DIR>          Composer
31.12.2015  13:39    <DIR>          ControlCenter4
28.08.2016  15:35    <DIR>          Curse
12.12.2014  03:06    <DIR>          Curse Advertising
05.11.2016  23:43    <DIR>          Curse Client
13.06.2015  17:05    <DIR>          CyberLink
23.02.2015  12:38    <DIR>          deskPDF Editor
15.11.2015  22:33    <DIR>          dlg
10.05.2016  18:21    <DIR>          dvdcss
05.05.2016  19:55    <DIR>          ECigStats
01.08.2016  23:39    <DIR>          Elric
09.07.2016  21:37    <DIR>          Eltima Software
31.10.2015  18:38    <DIR>          EpicPen
29.04.2016  20:55    <DIR>          Evolv
06.11.2016  22:26    <DIR>          FileZilla
31.12.2015  13:38    <DIR>          FLEXnet
21.05.2016  08:56    <DIR>          GitHub
20.09.2015  16:50    <DIR>          globalip
11.06.2016  14:15    <DIR>          Guild Wars 2
25.02.2016  17:15    <DIR>          H. Brinkhaus Onlineservices UG
14.08.2016  17:13    <DIR>          HearthstoneDeckTracker
20.05.2016  22:36    <DIR>          HeidiSQL
15.12.2014  09:25    <DIR>          Identities
04.01.2015  22:49    <DIR>          IDT
05.02.2015  12:01    <DIR>          InstallShield
11.12.2014  22:05    <DIR>          Intel Corporation
05.04.2016  19:07    <DIR>          JetBrains
19.11.2015  18:06    <DIR>          Leadertech
13.06.2015  17:05    <DIR>          Lenovo
01.04.2015  18:07    <DIR>          LibreOffice
02.08.2016  23:44    <DIR>          livestreamer
16.02.2015  23:21    <DIR>          Logishrd
16.02.2015  23:24    <DIR>          Logitech
11.12.2014  22:03    <DIR>          Macromedia
09.04.2015  23:36    <DIR>          Mozilla
19.04.2016  16:01    <DIR>          MultiBitHD
04.06.2015  06:21    <DIR>          MySQL
17.05.2015  23:03    <DIR>          NetBeans
05.11.2016  23:59    <DIR>          NetStat4Win
11.12.2014  22:51    <DIR>          Nitro
02.09.2016  19:38    <DIR>          Nitro PDF
18.04.2015  21:04    <DIR>          npm
19.04.2015  14:18    <DIR>          npm-cache
31.12.2015  13:26    <DIR>          Nuance
30.08.2015  12:10    <DIR>          NVIDIA
21.02.2016  14:05    <DIR>          Nylas N1
02.11.2016  20:02    <DIR>          OBS
03.11.2016  00:00    <DIR>          obs-studio
10.02.2016  21:20    <DIR>          Origin
01.01.2016  15:44    <DIR>          PC-FAX TX
04.02.2015  16:52    <DIR>          PDAppFlex
10.05.2015  17:30    <DIR>          PhotoScape
13.03.2016  10:21    <DIR>          Poedit
04.11.2016  18:25    <DIR>          Profiles
06.11.2016  01:29    <DIR>          Pydio
13.09.2015  14:50    <DIR>          Riot Games
13.09.2015  17:39    <DIR>          Samsung
13.10.2016  19:29    <DIR>          SimulationCraft
21.10.2015  23:36    <DIR>          SketchUp
27.07.2016  18:40    <DIR>          Skype
16.10.2016  17:37    <DIR>          STRATO
09.02.2015  23:12    <DIR>          Sublime Text 3
01.03.2016  20:19    <DIR>          Sun
12.12.2014  14:33    <DIR>          TeamViewer
07.02.2015  21:10    <DIR>          Telegram Desktop
02.08.2015  19:13    <DIR>          TortoiseHg
06.11.2016  23:01    <DIR>          TS3Client
21.10.2016  18:03    <DIR>          Twitch
29.10.2016  23:57    <DIR>          Twitch Leecher
04.11.2016  09:09    <DIR>          vlc
05.05.2016  20:09    <DIR>          VMware
26.03.2015  20:14             5.542 VWHL
12.12.2014  14:46    <DIR>          Wargaming.net
13.06.2015  18:22    <DIR>          WebApp
06.07.2016  17:07    <DIR>          WinRAR
29.04.2016  21:02               600 winscp.rnd
04.06.2016  23:19    <DIR>          YaTQA
               3 Datei(en),          6.606 Bytes
              91 Verzeichnis(se), 229.996.138.496 Bytes frei

========= Ende von CMD: =========


========= dir "%LocalAppdata%" =========

 Datentr„ger in Laufwerk C: ist Windows8_OS
 Volumeseriennummer: 9028-DEDB

 Verzeichnis von C:\Users\Benjamin\AppData\Local

07.11.2016  17:19    <DIR>          .
07.11.2016  17:19    <DIR>          ..
15.01.2015  16:36    <DIR>          4kdownload.com
14.11.2015  10:29    <DIR>          ActiveSync
07.11.2016  15:42    <DIR>          Adobe
22.06.2016  16:08             1.456 Adobe Fr Web speichern 13.0 Prefs
24.02.2016  18:42    <DIR>          Amazon Cloud Drive
11.12.2014  22:12    <DIR>          Apps
01.11.2016  19:06    <DIR>          assembly
03.05.2015  16:14    <DIR>          Atlassian
13.02.2015  00:00    <DIR>          AutoIt v3
01.11.2016  15:32    <DIR>          Battle.net
07.07.2016  14:38    <DIR>          Bethesda.net Launcher
18.12.2015  19:41    <DIR>          Bilago
17.11.2015  20:22    <DIR>          Black_Tree_Gaming
17.01.2015  09:45    <DIR>          Blizzard
11.12.2014  22:30    <DIR>          Blizzard Entertainment
11.12.2014  22:04    <DIR>          BMExplorer
23.03.2016  18:24    <DIR>          BS-Soft.net
29.08.2015  18:34    <DIR>          CEF
24.05.2015  21:26    <DIR>          Chromium
09.01.2016  14:50    <DIR>          Comms
25.05.2015  14:01    <DIR>          Composer
18.08.2016  20:40    <DIR>          ConnectedDevicesPlatform
07.11.2016  17:28    <DIR>          CrashDumps
30.08.2015  12:10    <DIR>          CSO
13.09.2016  15:06    <DIR>          CyberLink
18.10.2015  16:08    <DIR>          Daybreak Game Company
25.03.2016  20:58    <DIR>          DayZ
01.07.2016  14:07    <DIR>          DeadByDaylight
03.11.2016  03:10    <DIR>          Deployment
01.11.2016  16:39    <DIR>          Diagnostics
19.11.2015  18:05    <DIR>          Downloaded Installations
08.08.2016  20:05    <DIR>          Dxtory Software
04.11.2016  19:04    <DIR>          ElevatedDiagnostics
25.03.2015  20:02    <DIR>          eMule
28.11.2015  00:37    <DIR>          Fallout3
12.06.2016  16:14    <DIR>          Fallout4
24.07.2016  22:01    <DIR>          Fallout4ModManager
28.11.2015  08:35    <DIR>          FalloutNV
20.12.2015  08:55    <DIR>          FalloutSnip
09.07.2016  21:31    <DIR>          FlashDevelop
06.03.2016  19:12    <DIR>          fontconfig
30.01.2015  19:04    <DIR>          Gameforge4d
08.10.2015  10:19            61.472 GDIPFONTCACHEV1.DAT
06.03.2016  19:12    <DIR>          gegl-0.2
13.08.2015  21:18    <DIR>          Genymobile
02.11.2016  15:38    <DIR>          GIANTS Editor 64bit 7.0.2
02.11.2016  15:37    <DIR>          GIANTSPackageRegistry
21.05.2016  08:56    <DIR>          GitHub
28.10.2016  15:59    <DIR>          Google
21.04.2016  16:40    <DIR>          gtk-2.0
04.06.2015  08:09    <DIR>          GWX
25.02.2016  17:15    <DIR>          H._Brinkhaus_Onlineservic
14.08.2016  19:05    <DIR>          HearthstoneDeckTracker
27.10.2016  18:03    <DIR>          HideandShriek
16.10.2016  17:39    <DIR>          HiDrive
21.10.2016  18:02    <DIR>          hns
23.10.2015  11:55    <DIR>          HP
09.01.2016  19:24    <DIR>          InfiniteCrisis
02.08.2016  00:25    <DIR>          Intel
25.02.2016  17:23    <DIR>          IsolatedStorage
26.03.2016  16:39    <DIR>          LiquidMixer
16.02.2015  23:24    <DIR>          Logishrd
30.12.2015  00:11    <DIR>          Logitech
14.02.2016  16:04    <DIR>          LOOT
04.11.2016  18:45    <DIR>          Microsoft
29.07.2015  19:38    <DIR>          MicrosoftEdge
09.04.2015  23:36    <DIR>          Mozilla
17.05.2015  23:03    <DIR>          NetBeans
29.07.2015  19:36    <DIR>          NetworkTiles
08.09.2016  19:28    <DIR>          NVIDIA
23.10.2016  00:42    <DIR>          NVIDIA Corporation
04.08.2016  11:28    <DIR>          nw-demo
21.02.2016  14:05    <DIR>          nylas
02.09.2015  16:38    <DIR>          Origin
19.11.2015  18:10    <DIR>          Overwolf
19.10.2016  13:21    <DIR>          Packages
11.12.2014  22:04    <DIR>          PackageStaging
22.03.2015  15:26    <DIR>          PDF24
25.04.2015  22:25    <DIR>          Pinegrow Web Designer
28.02.2016  13:02    <DIR>          Plex Media Server
11.12.2014  23:03    <DIR>          Programs
29.07.2015  19:25    <DIR>          Publishers
11.06.2016  12:21               600 PUTTY.RND
29.08.2015  15:28    <DIR>          Razer
26.05.2016  13:58               862 recently-used.xbel
05.11.2016  04:22                17 resmon.resmoncfg
18.10.2015  16:09    <DIR>          SCE
29.02.2016  17:23    <DIR>          SF-Software
13.10.2016  19:24    <DIR>          SimulationCraft
01.03.2016  20:25    <DIR>          Skype
14.08.2016  17:07    <DIR>          SquirrelTemp
29.08.2015  18:34    <DIR>          Steam
13.10.2016  15:24    <DIR>          Sublime Text 3
12.12.2014  14:41    <DIR>          TeamViewer
07.11.2016  18:11    <DIR>          Temp
01.04.2015  18:20    <DIR>          Tempee0f8ad2bf5b73df741abb43230a81e6
29.07.2015  19:25    <DIR>          TileDataLayer
04.01.2015  22:49    <DIR>          Tukui
24.08.2016  18:20    <DIR>          Ubisoft
28.08.2016  16:18    <DIR>          Ubisoft Game Launcher
27.10.2016  18:03    <DIR>          UnrealEngine
29.05.2015  16:56    <DIR>          VirtualStore
24.05.2015  22:38    <DIR>          VMware
               5 Datei(en),         64.407 Bytes
             100 Verzeichnis(se), 229.996.130.304 Bytes frei

========= Ende von CMD: =========


========= type "C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\profiles.ini" =========

[General]
StartWithLastProfile=1

[Profile0]
Name=default
IsRelative=1
Path=Profiles/wc7b0vga.default
Default=1


========= Ende von CMD: =========



Das System musste neu gestartet werden.

==== Ende von Fixlog 18:11:57 ====
Code:
ATTFilter
Shortcut Cleaner 1.4.6 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 10 Home 
Program started at: 11/07/2016 06:27:20 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Benjamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Benjamin\Desktop\

Searching C:\Users\Public\Desktop\


0 bad shortcuts found.

Program finished at: 11/07/2016 06:27:25 PM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)
Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 18:28 on 07/11/2016 by Benjamin
Administrator - Elevation successful

========== filefind ==========

Searching for "*UCBrowser*"
C:\FRST\Quarantine\C\Program Files (x86)\UCBrowser\Application\UCBrowser.exe	--a---- 1121064 bytes	[17:28 04/11/2016]	[10:10 31/10/2016] 9DEC7C56243397847217D106BCFAD83C
C:\FRST\Quarantine\C\Program Files (x86)\UCBrowser\Application\5.7.16400.12\Backup\UCBrowser.exe	--a---- 1121064 bytes	[19:46 04/11/2016]	[10:18 31/10/2016] 4783A8CC79AFBDB0965483448FF690E5
C:\FRST\Quarantine\C\Program Files (x86)\UCBrowser\Application\new\new_UCBrowser.exe	--a---- 1121064 bytes	[19:46 04/11/2016]	[10:10 31/10/2016] 9DEC7C56243397847217D106BCFAD83C
C:\FRST\Quarantine\C\WINDOWS\System32\Tasks\UCBrowserUpdater.xBAD	--a---- 3502 bytes	[17:31 04/11/2016]	[17:31 04/11/2016] 6C0D8A4470AAA2CC6E8AF4349B5D5D9E
C:\FRST\Quarantine\C\WINDOWS\System32\Tasks\UCBrowserUpdaterCore.xBAD	--a---- 2652 bytes	[17:31 04/11/2016]	[18:18 06/11/2016] F754C97C4271159BFFD83E233CC37F09
C:\FRST\Quarantine\C\WINDOWS\Tasks\UCBrowserUpdater.job.xBAD	--a---- 478 bytes	[17:31 04/11/2016]	[01:46 05/11/2016] D0F6BEB02C8E579F87161A2886F937E8
C:\FRST\Quarantine\C\WINDOWS\Tasks\UCBrowserUpdaterCore.job.xBAD	--a---- 314 bytes	[17:31 04/11/2016]	[22:14 06/11/2016] F9BAAD25329BB67DA8828ED51157E992
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\Browsers\ucbrowser.browser	--a---- 1725 bytes	[15:36 22/08/2013]	[15:34 22/08/2013] 1E425B083B4DCB4A35903D6718E5FA6C
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\Browsers\ucbrowser.browser	--a---- 1725 bytes	[15:36 22/08/2013]	[15:34 22/08/2013] 1E425B083B4DCB4A35903D6718E5FA6C
C:\Windows\Prefetch\UCBROWSER.EXE-0BAB68C0.pf	--a---- 19487 bytes	[14:40 07/11/2016]	[14:40 07/11/2016] 06960A47A095D6790EC1A6ECCB7F68FB
C:\Windows\Prefetch\UCBROWSER.EXE-0BAB68C2.pf	--a---- 9116 bytes	[14:40 07/11/2016]	[14:40 07/11/2016] 1F63BBEAF20F5178B4731499ABACE59B
C:\Windows\WinSxS\amd64_netfx4-browser_files_b03f5f7f11d50a3a_4.0.14305.0_none_ca91f5e702314acf\ucbrowser.browser	--a---- 1725 bytes	[11:43 16/07/2016]	[11:43 16/07/2016] 1E425B083B4DCB4A35903D6718E5FA6C
C:\Windows\WinSxS\x86_netfx4-browser_files_b03f5f7f11d50a3a_4.0.14305.0_none_123f2cbe16ad73d5\ucbrowser.browser	--a---- 1725 bytes	[11:44 16/07/2016]	[11:44 16/07/2016] 1E425B083B4DCB4A35903D6718E5FA6C

Searching for "*ucguard*"
C:\FRST\Quarantine\C\Program Files (x86)\UCBrowser\Application\5.7.16400.12\libucguard.dll	--a---- 179168 bytes	[19:44 04/11/2016]	[10:46 29/08/2016] ED96F14E32BB351CA7070C217A781F2D
C:\FRST\Quarantine\C\Program Files (x86)\UCBrowser\Application\5.7.16400.12\Drivers\ucguard-x64.sys	--a---- 81792 bytes	[19:44 04/11/2016]	[10:46 29/08/2016] EB482DBC9786F1A9E3ED5AB6864794FA
C:\FRST\Quarantine\C\Program Files (x86)\UCBrowser\Application\5.7.16400.12\Drivers\ucguard.sys	--a---- 72064 bytes	[19:44 04/11/2016]	[10:46 29/08/2016] BEC272775DC50A7464A8AB2BF61595E0

Searching for "*ucdrv-x64*"
C:\FRST\Quarantine\C\Program Files (x86)\UCBrowser\Application\5.7.16400.12\Drivers\ucdrv-x64.sys	--a---- 40424 bytes	[19:46 04/11/2016]	[19:44 04/11/2016] 209F5CEAAAFE601851E7B40902FC230D

========== folderfind ==========

Searching for "*UCBrowser*"
C:\FRST\Quarantine\C\Program Files (x86)\UCBrowser	d------	[17:27 04/11/2016]
C:\FRST\Quarantine\C\Users\Benjamin\AppData\Local\UCBrowser	d------	[17:29 04/11/2016]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\UCBrowser	d------	[00:14 06/11/2016]

Searching for "*ucguard*"
No folders found.

Searching for "*ucdrv-x64*"
No folders found.

========== regfind ==========

Searching for "UCBrowser"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe]
"Path"="C:\Program Files (x86)\UCBrowser\Application"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Search]
"JumpListChangedAppIds"="Chrome.UserData.ChromeDefaultData {6D809377-6AF0-444B-8957-A3773F02200E}\7-Zip\7z.exe Microsoft.Windows.ControlPanel {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Steam\Steam.exe Curse {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\WindowsPowerShell\v1.0\powershell.exe {D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\WindowsPowerShell\v1.0\powershell.exe {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel TheDocumentFoundation.LibreOffice.Calc UCBrowser {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\StreamTransport\StreamTransport.exe {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\TradeSkillMaster Application\app\TSMApplication.exe {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\SRWare Iron\chrome.exe {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\SRWare Iron\ActivateSync.exe {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\SRWare Iron\DefaultBrowser.exe C:\Simulationcraft(x64)\703-03\SimulationCraft.
[HKEY_CURRENT_USER\SOFTWARE\UCBrowser]
[HKEY_CURRENT_USER\SOFTWARE\Classes\ftp\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Classes\ftp\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\http\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Classes\http\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\https\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Classes\https\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe.FriendlyAppName"="UC浏览器"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe.ApplicationCompany"="UCWeb Inc."
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML]
"AppUserModelId"="UCBrowser"
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML\Application]
"AppUserModelId"="UCBrowser"
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML\Application]
"ApplicationIcon"="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,1"
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.CRX\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,4"
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.CRX\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.HTM\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.HTM\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.HTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.HTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.MHT\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.MHT\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.SHTM\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.SHTM\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.SHTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.SHTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.WEBP\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.WEBP\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.XHT\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.XHT\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.XHTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.XHTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}]
"StubPath"=""C:\Program Files (x86)\UCBrowser\Application\5.7.15319.5\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --wow-install-target-path="C:\Program Files (x86)\UCBrowser""
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\UCBrowser]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\UCBrowserPID]
[HKEY_USERS\.DEFAULT\Software\Classes\ftp\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_USERS\.DEFAULT\Software\Classes\ftp\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\.DEFAULT\Software\Classes\http\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_USERS\.DEFAULT\Software\Classes\http\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\.DEFAULT\Software\Classes\https\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_USERS\.DEFAULT\Software\Classes\https\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML]
"AppUserModelId"="UCBrowser"
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML\Application]
"AppUserModelId"="UCBrowser"
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML\Application]
"ApplicationIcon"="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,1"
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML.AssocFile.CRX\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,4"
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML.AssocFile.CRX\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML.AssocFile.HTM\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML.AssocFile.HTM\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML.AssocFile.HTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML.AssocFile.HTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML.AssocFile.MHT\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML.AssocFile.MHT\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML.AssocFile.SHTM\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML.AssocFile.SHTM\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML.AssocFile.SHTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML.AssocFile.SHTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML.AssocFile.WEBP\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML.AssocFile.WEBP\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML.AssocFile.XHT\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML.AssocFile.XHT\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML.AssocFile.XHTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\.DEFAULT\Software\Classes\UCHTML.AssocFile.XHTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet]
@="UCBrowser"
[HKEY_USERS\.DEFAULT\Software\UCBrowser]
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe]
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe]
"Path"="C:\Program Files (x86)\UCBrowser\Application"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Search]
"JumpListChangedAppIds"="Chrome.UserData.ChromeDefaultData {6D809377-6AF0-444B-8957-A3773F02200E}\7-Zip\7z.exe Microsoft.Windows.ControlPanel {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Steam\Steam.exe Curse {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\WindowsPowerShell\v1.0\powershell.exe {D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\WindowsPowerShell\v1.0\powershell.exe {1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\notepad.exe windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel TheDocumentFoundation.LibreOffice.Calc UCBrowser {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\StreamTransport\StreamTransport.exe {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\TradeSkillMaster Application\app\TSMApplication.exe {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\SRWare Iron\chrome.exe {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\SRWare Iron\ActivateSync.exe {7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\SRWare Iron\DefaultBrowser.exe C:\Simula
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\UCBrowser]
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\ftp\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\ftp\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\http\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\http\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\https\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\https\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe.FriendlyAppName"="UC浏览器"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe.ApplicationCompany"="UCWeb Inc."
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML]
"AppUserModelId"="UCBrowser"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML\Application]
"AppUserModelId"="UCBrowser"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML\Application]
"ApplicationIcon"="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,1"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML.AssocFile.CRX\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,4"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML.AssocFile.CRX\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML.AssocFile.HTM\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML.AssocFile.HTM\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML.AssocFile.HTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML.AssocFile.HTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML.AssocFile.MHT\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML.AssocFile.MHT\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML.AssocFile.SHTM\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML.AssocFile.SHTM\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML.AssocFile.SHTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML.AssocFile.SHTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML.AssocFile.WEBP\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML.AssocFile.WEBP\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML.AssocFile.XHT\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML.AssocFile.XHT\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML.AssocFile.XHTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001\SOFTWARE\Classes\UCHTML.AssocFile.XHTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\ftp\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\ftp\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\http\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\http\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\https\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\https\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe.FriendlyAppName"="UC浏览器"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe.ApplicationCompany"="UCWeb Inc."
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML]
"AppUserModelId"="UCBrowser"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML\Application]
"AppUserModelId"="UCBrowser"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML\Application]
"ApplicationIcon"="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,1"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML.AssocFile.CRX\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,4"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML.AssocFile.CRX\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML.AssocFile.HTM\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML.AssocFile.HTM\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML.AssocFile.HTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML.AssocFile.HTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML.AssocFile.MHT\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML.AssocFile.MHT\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML.AssocFile.SHTM\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML.AssocFile.SHTM\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML.AssocFile.SHTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML.AssocFile.SHTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML.AssocFile.WEBP\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML.AssocFile.WEBP\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML.AssocFile.XHT\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML.AssocFile.XHT\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML.AssocFile.XHTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-21-3046321304-749213656-246317510-1001_Classes\UCHTML.AssocFile.XHTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-18\Software\Classes\ftp\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_USERS\S-1-5-18\Software\Classes\ftp\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-18\Software\Classes\http\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_USERS\S-1-5-18\Software\Classes\http\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-18\Software\Classes\https\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_USERS\S-1-5-18\Software\Classes\https\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML]
"AppUserModelId"="UCBrowser"
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML\Application]
"AppUserModelId"="UCBrowser"
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML\Application]
"ApplicationIcon"="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,0"
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,1"
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML.AssocFile.CRX\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,4"
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML.AssocFile.CRX\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML.AssocFile.HTM\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML.AssocFile.HTM\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML.AssocFile.HTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML.AssocFile.HTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML.AssocFile.MHT\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML.AssocFile.MHT\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML.AssocFile.SHTM\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML.AssocFile.SHTM\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML.AssocFile.SHTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML.AssocFile.SHTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML.AssocFile.WEBP\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML.AssocFile.WEBP\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML.AssocFile.XHT\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML.AssocFile.XHT\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML.AssocFile.XHTML\DefaultIcon]
@="C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe,3"
[HKEY_USERS\S-1-5-18\Software\Classes\UCHTML.AssocFile.XHTML\shell\open\command]
@=""C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1""
[HKEY_USERS\S-1-5-18\Software\Clients\StartMenuInternet]
@="UCBrowser"
[HKEY_USERS\S-1-5-18\Software\UCBrowser]

Searching for "ucguard"
No data found.

Searching for "ucdrv-x64"
No data found.

Searching for "         "
[HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 5\Target Id 0\Logical Unit Id 0]
"SerialNumber"="            W770HWX7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{0B164737-8A0B-41F8-8C94-DAF0140A0869}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{30d34abd-c6b3-4802-924e-f0c9fc65022b}" ratingID="{4F40F8FD-D79B-45a9-ABCD-6E556EA2EC6B}"/>
            <Rating ratingSystemID="{B305AB16-9FF2-40f5-A658-C014566500DE}" ratingID="{2145DD91-3AF5-495b-8F99-D48377BA1821}"/>
            <Rating ratingSystemID="{EC290BBB-D618-4cb9-9963-1CAAE515443E}" ratingID="{068D40C4-7809-4c67-8FEA-DA457CF990B4}"/>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{CEC5DB5A-B4C9-4809-96C6-39CE715E4790}"/>
            <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{18CD34B7-7AA3-42b9-A303-5A729B2FF228}"/>
            <Rating ratingSystemID="{0933BE9E-EEA2-404c-8754-F766905FF34D}" ratingID="{00C78B30-623D-4a08-BFA6-9123527C4F63}"/>
            <Rating ratingSystemID="{9AAFBACD-EAB9-4946
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{4C7C2570-2FD9-4188-853E-B6FC6A57A6BC}]
"RatingsInfo"="<Ratings xmlns="urn:schemas-microsoft-com:GameDescription.v1">
            <Rating ratingSystemID="{768BD93D-63BE-46A9-8994-0B53C4B5248F}" ratingID="{78D8CC82-372F-44e4-B70C-8944DB7BCC24}">
                <Descriptor descriptorID="{ABE23B46-7F9F-495b-B4A9-87F41743727F}"/>
                <Descriptor descriptorID="{4BDB9E0D-53CF-4a28-865F-B315818E7627}"/>
                <Descriptor descriptorID="{27202CE3-EB93-49bc-A570-23AEBCC2A742}"/>
                <Descriptor descriptorID="{D49A8F0C-B183-4a34-8D86-33F2DC0E2D6C}"/>
                <Descriptor descriptorID="{E8930D9B-3E94-407c-B890-FDB5025DBCA3}"/>
            </Rating>
            <Rating ratingSystemID="{36798944-B235-48ac-BF21-E25671F597EE}" ratingID="{E2681CD6-318A-4935-8275-AF657045C333}">
                <Descriptor descriptorID="{F110F831-9412-40c9-860A-B489407ED374}"/>
                <Descriptor descriptorID
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Enabled="true" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="5.1"/>                 </InitializationParameters>                 <Resources>                     <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                         <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                         <Capability Type="Shell"/>               
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell.Workflow]
"ConfigXML"="             <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell.workflow" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" UseSharedProcess="true" ProcessIdleTimeoutSec="1209600" RunAsUser="" RunAsPassword="" AutoRestart="false"     Enabled="true" >                 <InitializationParameters>                     <Param Name="PSVersion" Value="5.1"/>                     <Param Name="AssemblyName" Value="Microsoft.PowerShell.Workflow.ServiceCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"/>                     <Param Name="PSSessionConfigurationTypeName" Value="Microsoft.PowerShell.Workflow.PSWorkflowSessionConfiguration"/>                     <Param Name="SessionConfigurationData"                          Value="                       
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Architecture="32" Enabled="true" >                         <InitializationParameters>                             <Param Name="PSVersion" Value="5.1"/>                         </InitializationParameters>                         <Resources>                             <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                 <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;IU)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>     

-= EOF =-
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-11-2016
durchgeführt von Benjamin (07-11-2016 18:44:17)
Gestartet von C:\Users\Benjamin\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-17 16:33:15)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3046321304-749213656-246317510-500 - Administrator - Disabled)
Benjamin (S-1-5-21-3046321304-749213656-246317510-1001 - Administrator - Enabled) => C:\Users\Benjamin
DefaultAccount (S-1-5-21-3046321304-749213656-246317510-503 - Limited - Disabled)
Gast (S-1-5-21-3046321304-749213656-246317510-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3046321304-749213656-246317510-1003 - Limited - Enabled)
priva (S-1-5-21-3046321304-749213656-246317510-1006 - Administrator - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4K Video Downloader 4.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.0.1.88 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
Amazon Cloud Drive (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\Amazon Cloud Drive) (Version: 3.2.1.29 - Amazon.com, Inc.)
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
AnyBurn (HKLM-x32\...\AnyBurn) (Version: 3.0 - Power Software Ltd)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
Bitnami WAMP Stack (HKLM-x32\...\Bitnami WAMP Stack 7.0.0beta2-1) (Version: 7.0.0beta2-1 - Bitnami)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J5620DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Brother P-touch Editor 5.1 (HKLM-x32\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0610 - Brother Industries, Ltd.)
C9 (HKLM-x32\...\C9(Continent of the Ninth Seal)_is1) (Version:  - WEBZEN)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version:  - getcomposer.org)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Creation Kit: Fallout 4 (HKLM-x32\...\Creation Kit: Fallout 4) (Version:  - Bethesda Softworks)
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead by Daylight (HKLM\...\Steam App 381210) (Version:  - Behaviour Digital Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dragon's Prophet (HKLM-x32\...\{C31556D7-F2B9-4787-B223-F7A035067E89}_is1) (Version: 2.1.1434.29 - Infernum Productions AG)
Dxtory version 2.0.135 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.135 - ExKode Co. Ltd.)
eBlendr Version 2.0.2.60 (HKLM-x32\...\eBlendr_is1) (Version: 2.0.2.60 - H. Brinkhaus Onlineservices)
eMule (HKLM-x32\...\eMule) (Version:  - )
Euro Truck Simulator 2 (HKLM\...\Steam App 227300) (Version:  - SCS Software)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.25.2.5 - SCS Software)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Fallout Mod Manager 0.12.6 (HKLM-x32\...\Fallout Mod Manager_is1) (Version:  - Timeslip, Q)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Farming Simulator 17 (HKLM\...\Steam App 447020) (Version:  - Giants Software)
FileZilla Client 3.22.1 (HKLM-x32\...\FileZilla Client) (Version: 3.22.1 - Tim Kosse)
Flash Decompiler Trillix (HKLM-x32\...\Flash Decompiler Trillix_is1) (Version: 5.3 - Eltima Software)
FlashDevelop (HKLM-x32\...\FlashDevelop) (Version: 5.1.1 - FlashDevelop.org)
FlashFXP 5 (HKLM-x32\...\FlashFXP 5) (Version: 5.0.0.3791 - OpenSight Software LLC)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Gameforge Live 2.0.6 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.6 - Gameforge)
Genymotion version 2.5.2 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.5.2 - Genymobile)
GIANTS Editor 7.0.2 64-bit (HKLM-x32\...\giants_editor_7.0.2_win64_is1) (Version: 7.0.2 - GIANTS Software GmbH)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Git version 1.9.5-preview20150319 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20150319 - The Git Development Community)
GitHub (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\5f7eb300e2ea4ebf) (Version: 3.1.1.4 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Daybreak Games)
H1Z1: King of the Kill (HKLM-x32\...\Steam App 433850) (Version:  - Daybreak Game Company)
Hearthstone Deck Tracker (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\HearthstoneDeckTracker) (Version: 1.0.5 - HearthSim)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hide and Shriek (HKLM\...\Steam App 480430) (Version:  - Funcom)
HiDrive (HKLM-x32\...\{88D57A8B-DF01-4C4D-8EF4-289C08BD2F96}) (Version: 4.2.1.0 - STRATO AG)
HP ePrint (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version: 14.0.14176.1823 - Hewlett-Packard)
HP ePrint (HKLM-x32\...\{2dbf7d69-d76e-4907-8ee6-ad90bf62aab7}) (Version: 1.0.7.31082 - HP)
HWiNFO64 Version 5.06 (HKLM\...\HWiNFO64_is1) (Version: 5.06 - Martin Malík - REALiX)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6503.0 - IDT)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation)
Intel WiDi Media Share (x32 Version: 1.1.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation)
Intel® WiDi Media Share (HKLM-x32\...\{32d14b1d-18fa-48e7-867d-93b7a72c816a}) (Version: 1.1.0.0 - Intel Corporation)
IsoBuster 3.7 (HKLM-x32\...\IsoBuster_is1) (Version: 3.7 - Smart Projects)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 92 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Java SE Development Kit 8 Update 92 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180920}) (Version: 8.0.920.14 - Oracle Corporation)
JetBrains PhpStorm 2016.1 (HKLM-x32\...\PhpStorm 2016.1) (Version: 145.258.2 - JetBrains s.r.o.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10245 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photo Master Trial (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.2.3317.01 Trial - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
LibreOffice 5.0.5.2 (HKLM-x32\...\{43D862C3-739D-4FF6-91C0-25612368CC81}) (Version: 5.0.5.2 - The Document Foundation)
Lioncast LK15 Keyboard Driver (HKLM-x32\...\{54C8FBB3-B992-43CB-8F0A-E26228013F88}) (Version: 1.0 - )
Lioncast LM30 Gaming Mouse Version 1.1 (HKLM-x32\...\{BF8BC0AC-979B-4085-8F94-7933AF19CBD2}_is1) (Version: 1.1 - LIONCAST)
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version:  - )
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
LS Mod Manager (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\fee48a2c9be21a28) (Version: 3.0.1.5 - Thomas Müller)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MultiBit HD 0.3.0 (HKLM\...\6925-4794-5772-4956) (Version: 0.3.0 - Bitcoin Solutions Ltd)
MySQL Workbench 6.2 CE (HKLM\...\{82D50D82-CAF2-4ABA-8BB7-090668162290}) (Version: 6.2.5 - Oracle Corporation)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.4.0.0 - Electronic Arts)
NetBeans IDE 8.0.2 (HKLM-x32\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.3 - Black Tree Gaming)
NifSkope (remove only) (HKLM-x32\...\NifSkope) (Version:  - )
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
Node.js (HKLM\...\{40435563-20B0-4DA3-8E52-E5BF28ABE5C3}) (Version: 0.12.2 - Joyent, Inc. and other Node contributors)
Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Treiber 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Nylas N1 (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\nylas) (Version: 0.4.5 - Nylas Inc.)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.2 - OBS Project)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Oracle VM VirtualBox 5.0.20 (HKLM\...\{8209969B-9A31-4021-B0D8-E6F719F7F995}) (Version: 5.0.20 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.8.3.59237 - Electronic Arts, Inc.)
Outlast (HKLM-x32\...\Steam App 238320) (Version:  - Red Barrels)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.99.11.0 - Overwolf Ltd.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Pinegrow Web Designer version 2.01 (HKLM-x32\...\Pinegrow Web Designer_is1) (Version: 2.01 - )
PlayClaw 5 fast codec (HKLM-x32\...\PlayClaw 5 fast codec_is1) (Version: 5.5 - )
PlayClaw 5 Plus (HKLM-x32\...\PlayClaw 5 Plus_is1) (Version: 5 - )
Plex Media Server (HKLM-x32\...\{06f702c0-12c1-4d02-a753-2c00d9f1d01e}) (Version: 0.9.1506 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1506 - Plex, Inc.) Hidden
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.8.7 - Vaclav Slavik)
PosteRazor (HKLM-x32\...\PosteRazor_is1) (Version: 1.5.2 - Alessandro Portale)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27343 - Razer Inc.)
Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16035.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.16035.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 (HKLM-x32\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.2.80601 - Samsung Electronics Co., Ltd.)
Samsung PC Studio 3 (x32 Version: 3.0.0.80601 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
SF-Etikett 13 (HKLM-x32\...\{B3966C9F-E4EC-4AB7-BFF3-8ACFAC844EAC}) (Version: 13.00.000 - Frank Stolzer)
SHIELD Streaming (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Sothink SWF Decompiler (HKLM-x32\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.4 - SourceTec Software Co., LTD)
Sothink SWF Editor (HKLM-x32\...\{0BF1DE3D-31B9-417F-A915-4BCC5AAEE3CD}_is1) (Version: 1.3 - SourceTec Software Co., LTD)
SourceTree (HKLM-x32\...\SourceTree 1.6.14) (Version: 1.6.14 - Atlassian)
SourceTree (x32 Version: 1.6.14 - Atlassian) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamline (HKLM-x32\...\d229a310-2468-4f0c-b49b-4a6dcdd47809) (Version:  - PS363)
Sublime Text Build 3065 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Telegram Desktop Version 0.7.10 (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.10 - Telegram Messenger LLP)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version:  - Ubisoft)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
TortoiseHg 3.3.3 (x64) (HKLM\...\{2A25209F-23B5-4F5F-A484-E7A0C30B5975}) (Version: 3.3.3 - Steve Borho and others)
TruckersMP 0.2.1.2.5 Alpha (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.2.1.2.5 Alpha - TruckersMP Team)
Trust 100K Series Webcam (HKLM-x32\...\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}) (Version: 1.0.4.15 - Trust)
Tukui Client (HKLM-x32\...\{BAD6EBBD-A6A9-41C9-898A-8C868A552E4C}) (Version: 2.4.6 - Tukui)
Twitch Launcher (HKLM-x32\...\Twitch Launcher 1.0.0) (Version: 1.0.0 - Twitch)
UnderCover10 2.03 (HKLM-x32\...\UnderCover10_is1) (Version:  - Wicked & Wild Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 21.1 - Ubisoft)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Vagrant (HKLM-x32\...\{DBD58741-B374-4518-B0F7-8F33D09E3164}) (Version: 1.8.1 - HashiCorp)
Vanilla DayZmod Launcher (HKLM-x32\...\{2F318942-6CAC-4D3C-AA18-259B8C5600EE}_is1) (Version: 1.0.4 - AmberHelios)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Windows-Treiberpaket - Dimension Engineering USB Serial Converter (11/12/2015 1.0.3.13) (HKLM\...\32A12E2F88EE40BDBADBB41ECCB8559DEE67F7A3) (Version: 11/12/2015 1.0.3.13 - Dimension Engineering)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
WYSIWYG Web Builder 10  (HKLM-x32\...\WYSIWYG_Web_Builder_10) (Version:  - )
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.21-0 - Bitnami)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3046321304-749213656-246317510-1001_Classes\CLSID\{33C169DA-833A-456A-9059-F3D6D429ED42}\InprocServer32 -> C:\WINDOWS\system32\timedate.cpl (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3046321304-749213656-246317510-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3046321304-749213656-246317510-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-3046321304-749213656-246317510-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-3046321304-749213656-246317510-1001_Classes\CLSID\{ecfae962-f1ac-499d-a4e9-3eec574033d8}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {09C19643-230A-4D8C-A476-C9748F3E0760} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {239108FA-ADB7-43A4-9BF6-8674581B4641} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3CF2BC52-14B3-48EF-AF3A-CB967383B7BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-07] (Google Inc.)
Task: {41CECE4F-3BE9-4752-8C1E-BF27E58428A8} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {548B1208-8B1A-4755-BA2F-F879AF00D78C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {67265F0E-F9EA-4783-A6DC-099E6F1CDE42} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {6E4FA571-8BCF-4512-89EE-E03C92BD34A1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-10-11] (Microsoft Corporation)
Task: {83DB1462-D709-4D90-AF96-587D1CC5676A} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-10-30] (Overwolf LTD)
Task: {8B599AAE-2D21-421A-824F-D21139601E27} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [2015-09-17] (CyberLink Corp.)
Task: {8EE9593D-A158-457B-AECD-8DB785316ED5} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
Task: {A1C858F2-D3C0-4A7D-86C0-B8524A5EFD60} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-pandory@outlook.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-03-30] (Adobe Systems Incorporated)
Task: {A71A91F7-F713-455E-8C89-857AF9816B51} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25] (NVIDIA Corporation)
Task: {B1D197F1-E01F-4E05-8BC9-12E9CCA28EEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-07] (Google Inc.)
Task: {B24FF775-0247-4A53-8D67-9BB4BA20F0E4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {DCD3F4CA-2722-41AE-8AF5-4061C951D0D8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {DEE81BB9-0E5F-4A5E-9A82-18C6FF7F3472} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {F5486DC8-52DD-4D86-AA31-237997D44139} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-29 22:11 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-02-23 12:36 - 2013-06-17 17:40 - 00035944 _____ () C:\WINDOWS\system32\ddmon4-64x.dll
2016-05-28 23:29 - 2016-03-24 04:20 - 11583304 _____ () C:\xampp\mysql\bin\mysqld.exe
2016-09-08 19:25 - 2016-10-25 21:21 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-08 19:25 - 2016-10-25 21:21 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-08 19:25 - 2016-10-25 21:21 - 00420408 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2014-11-26 02:03 - 2012-04-25 03:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-06-23 20:11 - 2015-06-23 20:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-12-31 13:31 - 2005-04-22 05:36 - 00143360 ____R () C:\WINDOWS\system32\BrSNMP64.dll
2015-08-02 10:53 - 2015-05-05 12:35 - 11048960 _____ () C:\Bitnami\wampstack-7.0.0beta2-1\mysql\bin\mysqld.exe
2016-08-17 16:53 - 2016-10-25 21:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-29 22:11 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2015-04-16 16:42 - 2015-04-16 16:42 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-08-18 02:00 - 2016-08-18 02:00 - 00959168 _____ () C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-03-12 19:23 - 2015-03-12 19:23 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-03-12 19:23 - 2015-03-12 19:23 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-10-13 15:31 - 2016-10-13 15:31 - 06673568 _____ () C:\Users\Benjamin\AppData\Roaming\STRATO\HiDrive\HiDrive.App.exe
2016-11-07 18:24 - 2016-10-31 08:11 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\libglesv2.dll
2016-11-07 18:24 - 2016-10-31 08:11 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\libegl.dll
2015-08-02 10:53 - 2015-07-21 14:17 - 00409600 _____ () C:\Bitnami\WAMPST~1.0BE\apache2\bin\pcre.dll
2015-08-02 10:53 - 2015-07-21 14:23 - 00071680 _____ () C:\Bitnami\WAMPST~1.0BE\apache2\bin\zlib1.dll
2015-08-02 10:53 - 2015-07-23 21:39 - 00121856 _____ () C:\Bitnami\wampstack-7.0.0beta2-1\php\libpq.dll
2015-08-02 10:57 - 2015-07-23 21:39 - 00168960 _____ () C:\Bitnami\WAMPST~1.0BE\apache2\bin\libssh2.dll
2015-04-15 17:36 - 2016-10-25 21:21 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-13 15:04 - 2015-09-17 11:31 - 00875960 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\Kernel\Boomerang\UNO.dll
2016-09-13 15:03 - 2015-09-17 11:01 - 00081920 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\koan\_ctypes.pyd
2016-10-13 15:31 - 2016-10-13 15:31 - 01035936 _____ () C:\Users\Benjamin\AppData\Roaming\STRATO\HiDrive\CefSharp.Core.dll
2016-10-13 15:31 - 2016-10-13 15:31 - 48943768 _____ () C:\Users\Benjamin\AppData\Roaming\STRATO\HiDrive\libcef.dll
2014-11-26 01:20 - 2013-09-04 16:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2016-11-05 04:28 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3046321304-749213656-246317510-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Benjamin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: BEService => 3
HKLM\...\StartupApproved\StartupFolder: => "PydioSync.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Energy Manager"
HKLM\...\StartupApproved\Run: => "OnekeyStudio"
HKLM\...\StartupApproved\Run: => "Lenovo Utility"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RtsFT"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "PAC207_Monitor"
HKLM\...\StartupApproved\Run: => "TortoiseHgOverlayIconServer"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "LCgmmouseRun"
HKLM\...\StartupApproved\Run32: => "Lioncast LK15 Keyboard Driver"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "PDF5 Registry Controller"
HKLM\...\StartupApproved\Run32: => "PDFHook"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\StartupFolder: => "Logitech blank Produktregistrierung.lnk"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "deskPDF Creator"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_2CB4D10DAD5AE20CADEFA2B4E24F69E5"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "Amazon Cloud Drive"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "Plex Media Server"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "TSMApplication"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "Dxtory Update Checker 2.0"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "World of Tanks"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{541B8CF6-0579-48D8-B589-F5BE8EA3D4AE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{09DC59C6-C561-4CFA-B014-880C8D701F3A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{791D5014-C773-469D-888A-EA064D95FBEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{A6EEA21D-E1B9-48F3-BA22-4B4DD3658920}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{BAEC0A83-AC21-401C-954A-85B3CF8D2CAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{FE443B3A-5295-46DE-BFC1-0149E7ED415B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{DABEC3FA-F3BC-4EDD-852C-A26CD2F4ECCD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{8F65F44C-4088-4B8E-9E52-16B39816EE82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AF3F8ADC-663D-42D2-9432-0FF78B92924F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{24C14A46-60C8-4E01-A678-D16C19606CA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe
FirewallRules: [{A6439C3D-BC7F-43D6-8461-ECC12F53AE87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe
FirewallRules: [{7B9BE528-FD6F-49CF-AAE6-02D4629E98E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 17\x86\FarmingSimulator2017Game.exe
FirewallRules: [{934D007C-8D8F-49B9-9AC4-72DED6B4E510}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 17\x86\FarmingSimulator2017Game.exe
FirewallRules: [{3115ADC7-9E2B-4649-B38D-589B5DF5E1B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Wiederherstellungspunkte =========================

06-11-2016 01:11:15 Installed Should I Remove It
06-11-2016 01:23:21 Removed VPNAutoconnect
06-11-2016 01:25:27 Removed PydioSync
06-11-2016 23:37:58 JRT Pre-Junkware Removal
07-11-2016 18:15:10 Removed Should I Remove It

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/07/2016 06:44:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PANDORY)
Description: Bei der Aktivierung der App „Microsoft.People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/07/2016 06:44:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PANDORY)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/07/2016 06:34:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PANDORY)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/07/2016 06:34:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PANDORY)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/07/2016 06:33:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PANDORY)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/07/2016 06:33:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PANDORY)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/07/2016 06:32:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PANDORY)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/07/2016 06:31:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PANDORY)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/07/2016 06:31:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: PANDORY)
Description: Die App „Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.

Error: (11/07/2016 06:31:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PANDORY)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (11/07/2016 06:44:01 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppXv1pa150fssxfwf8qn0j65z3gp1qhwkcs.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/07/2016 06:44:01 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/07/2016 06:34:36 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/07/2016 06:34:06 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/07/2016 06:33:36 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/07/2016 06:33:06 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/07/2016 06:32:00 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/07/2016 06:31:32 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "CortanaUI" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/07/2016 06:31:24 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/07/2016 06:29:30 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "CortanaUI" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


CodeIntegrity:
===================================
  Date: 2016-11-06 02:22:13.019
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_463df33ecac6d590\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-05 03:35:30.918
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-05 03:35:30.893
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-30 01:17:17.435
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_463df33ecac6d590\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 20:44:54.114
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_463df33ecac6d590\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-16 01:16:37.295
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_0326b872c1b453bb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-12 22:00:50.316
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_0326b872c1b453bb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-01 02:15:54.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_37b47f49d2675149\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-25 22:05:54.353
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_37b47f49d2675149\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-20 20:22:29.840
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-4210M CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 29%
Installierter physikalischer RAM: 12212.27 MB
Verfügbarer physikalischer RAM: 8664.79 MB
Summe virtueller Speicher: 14068.27 MB
Verfügbarer virtueller Speicher: 10326.49 MB

==================== Laufwerke ================================

Drive c: (Windows8_OS) (Fixed) (Total:889.91 GB) (Free:215.73 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6D82B2C4)

Partition: GPT.

==================== Ende von Addition.txt ============================
Geändert von kakuzu (07.11.2016 um 18:46 Uhr)

Alt 08.11.2016, 16:47   #17
M-K-D-B
/// TB-Ausbilder
 
UCGuard nicht entfernbar und andere Malware - Standard

UCGuard nicht entfernbar und andere Malware


Servus,


ja, Arbeit ist das in der Tat...

Aber ich mache sie ja gerne...

Dann mal auf zur letzten Bereinigungswelle...


wir entfernen die letzten Reste und kontrollieren nochmal alles.



Hinweis: Der Suchlauf mit ESET kann länger dauern.



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\UCBrowser
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\UCBrowser
Unlock: HKEY_CURRENT_USER\SOFTWARE\Classes
CMD: reg delete "HKEY_CURRENT_USER\SOFTWARE\Classes\ftp\DefaultIcon" /ve /f
CMD: reg delete "HKEY_CURRENT_USER\SOFTWARE\Classes\ftp\shell\open\command" /ve /f
CMD: reg delete "HKEY_CURRENT_USER\SOFTWARE\Classes\http\DefaultIcon" /ve /f
CMD: reg delete "HKEY_CURRENT_USER\SOFTWARE\Classes\http\shell\open\command" /ve /f
CMD: reg delete "HKEY_CURRENT_USER\SOFTWARE\Classes\https\DefaultIcon" /ve /f
CMD: reg delete "HKEY_CURRENT_USER\SOFTWARE\Classes\https\shell\open\command" /ve /f
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.CRX
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.HTM
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.HTML
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.MHT
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.XHT
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
Unlock: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}
CMD: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}" /v StubPath /f
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\UCBrowser
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\UCBrowserPID
Unlock: HKEY_USERS\.DEFAULT\SOFTWARE\Classes
CMD: reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Classes\ftp\DefaultIcon" /ve /f
CMD: reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Classes\ftp\shell\open\command" /ve /f
CMD: reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Classes\http\DefaultIcon" /ve /f
CMD: reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Classes\http\shell\open\command" /ve /f
CMD: reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Classes\https\DefaultIcon" /ve /f
CMD: reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Classes\https\shell\open\command" /ve /f
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.CRX
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.HTM
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.HTML
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.MHT
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.XHT
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
DeleteKey: HKEY_USERS\.DEFAULT\Software\UCBrowser
Unlock: HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet
CMD: reg delete "HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet" /ve /f
Unlock: C:\FRST
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
  • Deaktiviere dein Anti-Viren-Programm.
  • Gehe zum Ordner C:\FRST\Quarantine.
  • Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > Zip-komprimierter Ordner.
  • Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
  • Lade die Quarantine.zip im Upload-Channel hoch.
  • Klicke dazu auf Durchsuchen, navigiere zu der zip-Datei ( C:\FRST\Quarantine.zip ) und klicke auf Öffnen.
  • Klicke abschließend auf Hochladen.
  • Vielen Dank für deine Hilfe.
  • Aktiviere dein Anti-Viren-Programm wieder.





Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 4
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 







Schritt 5
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.





Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?







Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • eine Rückmeldung bezüglich des Uploads,
  • die Logdatei von ESET,
  • die Logdatei von HitmanPro,
  • die beiden neuen Logdateien von FRST,
  • die Beantwortung der gestellten Fragen.
__________________

Geändert von M-K-D-B (08.11.2016 um 17:10 Uhr)

Alt 08.11.2016, 17:39   #18
kakuzu
 
UCGuard nicht entfernbar und andere Malware - Standard

UCGuard nicht entfernbar und andere Malware


Denke wenn es dir keinen Spaß machen würde, wärst du nicht hier. Logs folgen gleich.
__________________
Alt 08.11.2016, 18:03   #19
M-K-D-B
/// TB-Ausbilder
 
UCGuard nicht entfernbar und andere Malware - Standard

UCGuard nicht entfernbar und andere Malware


Zitat:
Zitat von kakuzu Beitrag anzeigen
Denke wenn es dir keinen Spaß machen würde, wärst du nicht hier. Logs folgen gleich.

Alt 09.11.2016, 04:54   #20
kakuzu
 
UCGuard nicht entfernbar und andere Malware - Standard

UCGuard nicht entfernbar und andere Malware


Quarantine habe ich Hochgeladen.


Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-11-2016
durchgeführt von Benjamin (08-11-2016 18:03:27) Run:6
Gestartet von C:\Users\Benjamin\Desktop
Geladene Profile: Benjamin (Verfügbare Profile: Benjamin)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\UCBrowser
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\UCBrowser
Unlock: HKEY_CURRENT_USER\SOFTWARE\Classes
CMD: reg delete "HKEY_CURRENT_USER\SOFTWARE\Classes\ftp\DefaultIcon" /ve /f
CMD: reg delete "HKEY_CURRENT_USER\SOFTWARE\Classes\ftp\shell\open\command" /ve /f
CMD: reg delete "HKEY_CURRENT_USER\SOFTWARE\Classes\http\DefaultIcon" /ve /f
CMD: reg delete "HKEY_CURRENT_USER\SOFTWARE\Classes\http\shell\open\command" /ve /f
CMD: reg delete "HKEY_CURRENT_USER\SOFTWARE\Classes\https\DefaultIcon" /ve /f
CMD: reg delete "HKEY_CURRENT_USER\SOFTWARE\Classes\https\shell\open\command" /ve /f
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.CRX
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.HTM
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.HTML
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.MHT
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.XHT
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
Unlock: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}
CMD: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}" /v StubPath /f
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\UCBrowser
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\UCBrowserPID
Unlock: HKEY_USERS\.DEFAULT\SOFTWARE\Classes
CMD: reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Classes\ftp\DefaultIcon" /ve /f
CMD: reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Classes\ftp\shell\open\command" /ve /f
CMD: reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Classes\http\DefaultIcon" /ve /f
CMD: reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Classes\http\shell\open\command" /ve /f
CMD: reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Classes\https\DefaultIcon" /ve /f
CMD: reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Classes\https\shell\open\command" /ve /f
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.CRX
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.HTM
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.HTML
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.MHT
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.XHT
DeleteKey: HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
DeleteKey: HKEY_USERS\.DEFAULT\Software\UCBrowser
Unlock: HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet
CMD: reg delete "HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet" /ve /f
Unlock: C:\FRST
EmptyTemp:
end
         
*****************

Prozess erfolgreich geschlossen.
"C:\Windows\SysWOW64\config\systemprofile\AppData\Local\UCBrowser" => nicht gefunden.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe => konnte nicht entfernt werden Schlüssel.: incorrect path. 
HKEY_CURRENT_USER\SOFTWARE\UCBrowser => konnte nicht entfernt werden Schlüssel. ErrorCode: 0xC000000D
"HKEY_CURRENT_USER\SOFTWARE\Classes" => Schlüssel wurde entsperrt

========= reg delete "HKEY_CURRENT_USER\SOFTWARE\Classes\ftp\DefaultIcon" /ve /f =========

Der Vorgang wurde erfolgreich beendet.


========= Ende von CMD: =========


========= reg delete "HKEY_CURRENT_USER\SOFTWARE\Classes\ftp\shell\open\command" /ve /f =========

Der Vorgang wurde erfolgreich beendet.


========= Ende von CMD: =========


========= reg delete "HKEY_CURRENT_USER\SOFTWARE\Classes\http\DefaultIcon" /ve /f =========

Der Vorgang wurde erfolgreich beendet.


========= Ende von CMD: =========


========= reg delete "HKEY_CURRENT_USER\SOFTWARE\Classes\http\shell\open\command" /ve /f =========

Der Vorgang wurde erfolgreich beendet.


========= Ende von CMD: =========


========= reg delete "HKEY_CURRENT_USER\SOFTWARE\Classes\https\DefaultIcon" /ve /f =========

Der Vorgang wurde erfolgreich beendet.


========= Ende von CMD: =========


========= reg delete "HKEY_CURRENT_USER\SOFTWARE\Classes\https\shell\open\command" /ve /f =========

Der Vorgang wurde erfolgreich beendet.


========= Ende von CMD: =========

HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML => Schlüssel erfolgreich entfernt
HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.CRX => Schlüssel erfolgreich entfernt
HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.HTM => Schlüssel erfolgreich entfernt
HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.HTML => Schlüssel erfolgreich entfernt
HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.MHT => Schlüssel erfolgreich entfernt
HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.SHTM => Schlüssel erfolgreich entfernt
HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.SHTML => Schlüssel erfolgreich entfernt
HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.WEBP => Schlüssel erfolgreich entfernt
HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.XHT => Schlüssel erfolgreich entfernt
HKEY_CURRENT_USER\SOFTWARE\Classes\UCHTML.AssocFile.XHTML => Schlüssel erfolgreich entfernt
"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}" => Schlüssel wurde entsperrt

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}" /v StubPath /f =========

Der Vorgang wurde erfolgreich beendet.


========= Ende von CMD: =========

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\UCBrowser => Schlüssel erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\UCBrowserPID => Schlüssel erfolgreich entfernt
"HKEY_USERS\.DEFAULT\SOFTWARE\Classes" => Schlüssel wurde entsperrt

========= reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Classes\ftp\DefaultIcon" /ve /f =========

Der Vorgang wurde erfolgreich beendet.


========= Ende von CMD: =========


========= reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Classes\ftp\shell\open\command" /ve /f =========

Der Vorgang wurde erfolgreich beendet.


========= Ende von CMD: =========


========= reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Classes\http\DefaultIcon" /ve /f =========

Der Vorgang wurde erfolgreich beendet.


========= Ende von CMD: =========


========= reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Classes\http\shell\open\command" /ve /f =========

Der Vorgang wurde erfolgreich beendet.


========= Ende von CMD: =========


========= reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Classes\https\DefaultIcon" /ve /f =========

Der Vorgang wurde erfolgreich beendet.


========= Ende von CMD: =========


========= reg delete "HKEY_USERS\.DEFAULT\SOFTWARE\Classes\https\shell\open\command" /ve /f =========

Der Vorgang wurde erfolgreich beendet.


========= Ende von CMD: =========

HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML => Schlüssel erfolgreich entfernt
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.CRX => Schlüssel erfolgreich entfernt
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.HTM => Schlüssel erfolgreich entfernt
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.HTML => Schlüssel erfolgreich entfernt
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.MHT => Schlüssel erfolgreich entfernt
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.SHTM => Schlüssel erfolgreich entfernt
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.SHTML => Schlüssel erfolgreich entfernt
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.WEBP => Schlüssel erfolgreich entfernt
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.XHT => Schlüssel erfolgreich entfernt
HKEY_USERS\.DEFAULT\SOFTWARE\Classes\UCHTML.AssocFile.XHTML => Schlüssel erfolgreich entfernt
HKEY_USERS\.DEFAULT\Software\UCBrowser => Schlüssel erfolgreich entfernt
"HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet" => Schlüssel wurde entsperrt

========= reg delete "HKEY_USERS\.DEFAULT\Software\Clients\StartMenuInternet" /ve /f =========

Der Vorgang wurde erfolgreich beendet.


========= Ende von CMD: =========

"C:\FRST" => wurde entsperrt

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20418949 B
Java, Flash, Steam htmlcache => 23835569 B
Windows/system/drivers => 155763344 B
Edge => 0 B
Chrome => 403419042 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 21374 B
NetworkService => 32124 B
Benjamin => 106191964 B

RecycleBin => 50365468 B
EmptyTemp: => 724.8 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 18:05:22 ====
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=80e212d9e0c9364291de014dcf2cc6e2
# end=init
# utc_time=2016-11-08 05:48:09
# local_time=2016-11-08 06:48:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 31341
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=80e212d9e0c9364291de014dcf2cc6e2
# end=updated
# utc_time=2016-11-08 05:50:34
# local_time=2016-11-08 06:50:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=80e212d9e0c9364291de014dcf2cc6e2
# engine=31341
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-11-08 10:41:30
# local_time=2016-11-08 11:41:30 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=788 16777213 83 84 19415 105583 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 25918 9975506 0 0
# scanned=705468
# found=10
# cleaned=0
# scan_time=17454
sh=DF83F4A59EBFDA84C231CC80DD1BAB0FC702EE95 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\FRST\Quarantine.7z"
sh=C0FC93ABC70DF9F7725A5AA898BA7BEF661C4EE9 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\FRST\Quarantine.zip"
sh=52802CEF92DA7C53B2E3C9F7D44D089ABE95BB9C ft=1 fh=38ec82c27dd955c6 vn="Variante von Win32/Adware.ELEX.AZ.gen Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Phowert\CrashReport.dll"
sh=B225D6ED70172303C5D5289B3F209999F6E20BD7 ft=1 fh=fd2662cd571d1a72 vn="Variante von Win32/Adware.ELEX.AC Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Phowert\qonakclecisycln.dll"
sh=62920EB910D78BC90DF7E72FEB520D0756947674 ft=1 fh=cf3591e95b7303e6 vn="Variante von Win32/Taobao.B evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\UCBrowser\Application\Uninstall.exe"
sh=1649894F20EBB1F6532FB6414B06EF92DA1AFC7E ft=1 fh=07e7c1cdf16eab08 vn="Variante von Win32/Taobao.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\UCBrowser\Application\5.7.16400.12\UCAgent.exe"
sh=62920EB910D78BC90DF7E72FEB520D0756947674 ft=1 fh=cf3591e95b7303e6 vn="Variante von Win32/Taobao.B evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\UCBrowser\Application\new\new_Uninstall.exe"
sh=3F9CC4C38537CF81924B65E77156C24C4799811A ft=0 fh=0000000000000000 vn="Win32/IStartSurf.BF evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Benjamin\Downloads\Cheat Bot Package.zip.xBAD"
sh=147E7AEBDEBB6E9F8FF6421745782501C2C5B245 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Benjamin\AppData\Roaming\VWHL"
sh=CA86219CFA741E7F2BF9F2F43DF57A1788CCE51E ft=0 fh=0000000000000000 vn="Variante von Win32/InstallMonstr.QJ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Benjamin\Downloads\Malwarebytes Anti_Malware 2.2.1.rar"
Code:
ATTFilter

	
Code: 

 
ATTFilter


  

	
HitmanPro 3.7.14.280
www.hitmanpro.com

   Computer name . . . . : PANDORY
   Windows . . . . . . . : 10.0.0.14393.X64/4
   User name . . . . . . : PANDORY\Benjamin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-11-09 04:56:54
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 12m 23s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 28

   Objects scanned . . . : 3.520.880
   Files scanned . . . . : 247.941
   Remnants scanned  . . : 1.685.259 files / 1.587.680 keys

Suspicious files ____________________________________________________________

   C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\D46GWYDT\FRST64[2].exe
      Size . . . . . . . : 2.410.496 bytes
      Age  . . . . . . . : 1.5 days (2016-11-07 17:19:31)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 48D202227568D232E29D8C80EEA40BEA1B95DD610913F97F8FAAE1FEA10DE5ED
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.2s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\S8K6R2TP\FRST64[2].exe
          0.0s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\D46GWYDT\FRST64[2].exe

   C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\D46GWYDT\FRST64[3].exe
      Size . . . . . . . : 2.410.496 bytes
      Age  . . . . . . . : 1.4 days (2016-11-07 18:11:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 48D202227568D232E29D8C80EEA40BEA1B95DD610913F97F8FAAE1FEA10DE5ED
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.2s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\S8K6R2TP\FRST64[4].exe
          0.0s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\D46GWYDT\FRST64[3].exe

   C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\DNVFOYMY\FRST64[1].exe
      Size . . . . . . . : 2.410.496 bytes
      Age  . . . . . . . : 2.6 days (2016-11-06 14:21:50)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 48D202227568D232E29D8C80EEA40BEA1B95DD610913F97F8FAAE1FEA10DE5ED
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.1s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\S8K6R2TP\FRST64[1].exe
          0.0s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\DNVFOYMY\FRST64[1].exe
          2.6s C:\Users\Benjamin\Downloads\FRST-OlderVersion\

   C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\DNVFOYMY\FRST64[4].exe
      Size . . . . . . . : 2.410.496 bytes
      Age  . . . . . . . : 1.4 days (2016-11-07 18:43:01)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 48D202227568D232E29D8C80EEA40BEA1B95DD610913F97F8FAAE1FEA10DE5ED
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.1s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\DNVFOYMY\FRST64[3].exe
          0.0s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\DNVFOYMY\FRST64[4].exe
          2.9s C:\Users\Benjamin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\dfsvc.exe.log

   C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\E1K3J9HK\FRST64[2].exe
      Size . . . . . . . : 2.410.496 bytes
      Age  . . . . . . . : 2.2 days (2016-11-06 23:10:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 48D202227568D232E29D8C80EEA40BEA1B95DD610913F97F8FAAE1FEA10DE5ED
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.2s C:\Users\Benjamin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AF4EE75E3A4ABA658C0087EB9A0BB5B_4F8D4D4F8A055DA96F5FDDC885E626A4
         -0.2s C:\Users\Benjamin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AF4EE75E3A4ABA658C0087EB9A0BB5B_4F8D4D4F8A055DA96F5FDDC885E626A4
         -0.1s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\E1K3J9HK\FRST64[1].exe
          0.0s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\E1K3J9HK\FRST64[2].exe
          0.0s C:\Users\Benjamin\Downloads\FRST64.exe
          5.1s C:\FRST\Logs\ct
          5.1s C:\Users\Benjamin\Downloads\Fixlog.txt

   C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\E1K3J9HK\FRST64[3].exe
      Size . . . . . . . : 2.410.496 bytes
      Age  . . . . . . . : 2.2 days (2016-11-06 23:40:53)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 48D202227568D232E29D8C80EEA40BEA1B95DD610913F97F8FAAE1FEA10DE5ED
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -26.2s C:\Windows\Prefetch\NOTEPAD.EXE-DD7726D2.pf
         -0.2s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\D46GWYDT\FRST64[1].exe
          0.0s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\E1K3J9HK\FRST64[3].exe
          0.0s C:\Users\Benjamin\Desktop\FRST-OlderVersion\FRST64.exe
          1.7s C:\Users\Benjamin\Desktop\FRST-OlderVersion\
          4.7s C:\Windows\Prefetch\KAKUZU.EXE-96B217A1.pf
         14.7s C:\Windows\Prefetch\FRST64.EXE-9C8FE83F.pf

   C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\S8K6R2TP\FRST64[3].exe
      Size . . . . . . . : 2.410.496 bytes
      Age  . . . . . . . : 1.5 days (2016-11-07 17:24:32)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 48D202227568D232E29D8C80EEA40BEA1B95DD610913F97F8FAAE1FEA10DE5ED
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.2s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\DNVFOYMY\FRST64[2].exe
          0.0s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\S8K6R2TP\FRST64[3].exe

   C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\S8K6R2TP\FRST64[5].exe
      Size . . . . . . . : 2.410.496 bytes
      Age  . . . . . . . : 0.5 days (2016-11-08 18:02:42)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 48D202227568D232E29D8C80EEA40BEA1B95DD610913F97F8FAAE1FEA10DE5ED
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -4.1s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCookies\AF9EZTWG.cookie
         -4.1s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\D46GWYDT\82[1].htm
         -0.2s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\E1K3J9HK\FRST64[4].exe
          0.0s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\S8K6R2TP\FRST64[5].exe
          0.0s C:\Users\Benjamin\Desktop\FRST64.exe
          4.4s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\DNVFOYMY\up64[1]
          7.9s C:\FRST\Quarantine\C\WINDOWS\SysWOW64\config\
          7.9s C:\FRST\Quarantine\C\WINDOWS\SysWOW64\config\systemprofile\
          7.9s C:\FRST\Quarantine\C\WINDOWS\SysWOW64\config\systemprofile\AppData\
          7.9s C:\FRST\Quarantine\C\WINDOWS\SysWOW64\
          7.9s C:\FRST\Quarantine\C\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\

   C:\Users\Benjamin\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.410.496 bytes
      Age  . . . . . . . : 2.2 days (2016-11-06 23:40:53)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 48D202227568D232E29D8C80EEA40BEA1B95DD610913F97F8FAAE1FEA10DE5ED
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -26.2s C:\Windows\Prefetch\NOTEPAD.EXE-DD7726D2.pf
         -0.2s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\D46GWYDT\FRST64[1].exe
          0.0s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\E1K3J9HK\FRST64[3].exe
          0.0s C:\Users\Benjamin\Desktop\FRST-OlderVersion\FRST64.exe
          1.7s C:\Users\Benjamin\Desktop\FRST-OlderVersion\
          4.7s C:\Windows\Prefetch\KAKUZU.EXE-96B217A1.pf
         14.7s C:\Windows\Prefetch\FRST64.EXE-9C8FE83F.pf

   C:\Users\Benjamin\Desktop\FRST64.exe
      Size . . . . . . . : 2.410.496 bytes
      Age  . . . . . . . : 0.5 days (2016-11-08 18:02:42)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 48D202227568D232E29D8C80EEA40BEA1B95DD610913F97F8FAAE1FEA10DE5ED
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -4.1s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCookies\AF9EZTWG.cookie
         -4.1s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\D46GWYDT\82[1].htm
         -0.2s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\E1K3J9HK\FRST64[4].exe
         -0.0s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\S8K6R2TP\FRST64[5].exe
          0.0s C:\Users\Benjamin\Desktop\FRST64.exe
          4.4s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\DNVFOYMY\up64[1]
          7.9s C:\FRST\Quarantine\C\WINDOWS\SysWOW64\config\
          7.9s C:\FRST\Quarantine\C\WINDOWS\SysWOW64\config\systemprofile\
          7.9s C:\FRST\Quarantine\C\WINDOWS\SysWOW64\config\systemprofile\AppData\
          7.9s C:\FRST\Quarantine\C\WINDOWS\SysWOW64\
          7.9s C:\FRST\Quarantine\C\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\

   C:\Users\Benjamin\Desktop\kakuzu.exe
      Size . . . . . . . : 2.409.984 bytes
      Age  . . . . . . . : 3.2 days (2016-11-05 23:40:16)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : AC81F3D4148F10234E4A231B8E7004D4EB4DD07B4ADC63E384E023450CE98EB4
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -28.7s C:\Users\Benjamin\Downloads\FRST-OlderVersion\FRST.exe
          0.0s C:\Users\Benjamin\Desktop\kakuzu.exe
          0.0s C:\Users\Benjamin\Downloads\FRST-OlderVersion\FRST64.exe

   C:\Users\Benjamin\Downloads\FRST-OlderVersion\FRST.exe
      Size . . . . . . . : 1.759.744 bytes
      Age  . . . . . . . : 3.2 days (2016-11-05 23:39:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 28DD8DA4F186BE615DDE14D3DE9ED64BD01F7A21AA5F6268303AFD40AA2122C5
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Benjamin\Downloads\FRST-OlderVersion\FRST.exe
         28.7s C:\Users\Benjamin\Desktop\kakuzu.exe
         28.7s C:\Users\Benjamin\Downloads\FRST-OlderVersion\FRST64.exe

   C:\Users\Benjamin\Downloads\FRST-OlderVersion\FRST64 (1).exe
      Size . . . . . . . : 2.409.984 bytes
      Age  . . . . . . . : 4.0 days (2016-11-05 04:43:13)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : AC81F3D4148F10234E4A231B8E7004D4EB4DD07B4ADC63E384E023450CE98EB4
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Benjamin\Downloads\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.410.496 bytes
      Age  . . . . . . . : 3.2 days (2016-11-05 23:40:16)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 48D202227568D232E29D8C80EEA40BEA1B95DD610913F97F8FAAE1FEA10DE5ED
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -28.7s C:\Users\Benjamin\Downloads\FRST-OlderVersion\FRST.exe
          0.0s C:\Users\Benjamin\Desktop\kakuzu.exe
          0.0s C:\Users\Benjamin\Downloads\FRST-OlderVersion\FRST64.exe

   C:\Users\Benjamin\Downloads\FRST64.exe
      Size . . . . . . . : 2.410.496 bytes
      Age  . . . . . . . : 2.2 days (2016-11-06 23:10:47)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 48D202227568D232E29D8C80EEA40BEA1B95DD610913F97F8FAAE1FEA10DE5ED
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.2s C:\Users\Benjamin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AF4EE75E3A4ABA658C0087EB9A0BB5B_4F8D4D4F8A055DA96F5FDDC885E626A4
         -0.2s C:\Users\Benjamin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AF4EE75E3A4ABA658C0087EB9A0BB5B_4F8D4D4F8A055DA96F5FDDC885E626A4
         -0.1s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\E1K3J9HK\FRST64[1].exe
         -0.0s C:\Users\Benjamin\AppData\Local\Microsoft\Windows\INetCache\IE\E1K3J9HK\FRST64[2].exe
          0.0s C:\Users\Benjamin\Downloads\FRST64.exe
          5.1s C:\FRST\Logs\ct
          5.1s C:\Users\Benjamin\Downloads\Fixlog.txt


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\Interface\{0FF03983-EAA6-4628-8E7C-387B2D4F8EF2}\ (OtherSearch)
   HKLM\SOFTWARE\Classes\Interface\{3A71C84A-1CC4-4201-B037-C81CE118D66F}\ (OtherSearch)
   HKLM\SOFTWARE\Classes\Interface\{432599E9-40CF-41E3-951A-E1E81B7B1D29}\ (OtherSearch)
   HKLM\SOFTWARE\Classes\Interface\{7D215707-3E74-4E0E-A078-2C95E1CDE233}\ (OtherSearch)
   HKLM\SOFTWARE\Classes\Interface\{9295785F-8C01-4ED3-9322-8BE5C17CA141}\ (OtherSearch)
   HKLM\SOFTWARE\Classes\Interface\{B98E44C8-7BB7-4A4A-B8D2-60874CA109B2}\ (OtherSearch)
   HKLM\SOFTWARE\Classes\Interface\{C656BCEB-6B19-4992-9975-D53CEA283356}\ (OtherSearch)
   HKLM\SOFTWARE\Classes\Interface\{D5AC4B9C-8EE4-48AD-A77E-1560AD886A0B}\ (OtherSearch)
   HKLM\SOFTWARE\Classes\Interface\{D6914FD3-FD8E-45AD-8993-901E7B2759FD}\ (OtherSearch)
   HKLM\SOFTWARE\Classes\Interface\{E0106905-0EDD-4F56-BDB5-890A1F6E8F47}\ (OtherSearch)
   HKLM\SOFTWARE\Classes\Interface\{E26E880F-176C-4007-B2A7-B8F27621EC51}\ (OtherSearch)
   HKLM\SOFTWARE\Classes\Interface\{E776B534-9402-4049-87C3-089EC0F54BAF}\ (OtherSearch)
   HKLM\SOFTWARE\Classes\Interface\{FCFBBE24-2ADA-4D6E-A381-DEC6E3EAEE21}\ (OtherSearch)

Geändert von kakuzu (09.11.2016 um 05:11 Uhr)

Alt 09.11.2016, 14:24   #21
M-K-D-B
/// TB-Ausbilder
 
UCGuard nicht entfernbar und andere Malware - Standard

UCGuard nicht entfernbar und andere Malware


Servus,


poste bitte noch die neuen Logdateien von FRST, dann können wir evtl. schon abschließen.

Alt 09.11.2016, 15:45   #22
kakuzu
 
UCGuard nicht entfernbar und andere Malware - Standard

UCGuard nicht entfernbar und andere Malware


Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-11-2016
durchgeführt von Benjamin (09-11-2016 05:13:10)
Gestartet von C:\Users\Benjamin\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-17 16:33:15)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3046321304-749213656-246317510-500 - Administrator - Disabled)
Benjamin (S-1-5-21-3046321304-749213656-246317510-1001 - Administrator - Enabled) => C:\Users\Benjamin
DefaultAccount (S-1-5-21-3046321304-749213656-246317510-503 - Limited - Disabled)
Gast (S-1-5-21-3046321304-749213656-246317510-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3046321304-749213656-246317510-1003 - Limited - Enabled)
priva (S-1-5-21-3046321304-749213656-246317510-1006 - Administrator - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

4K Video Downloader 4.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.0.1.88 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
Amazon Cloud Drive (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\Amazon Cloud Drive) (Version: 3.2.1.29 - Amazon.com, Inc.)
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
AnyBurn (HKLM-x32\...\AnyBurn) (Version: 3.0 - Power Software Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
Bitnami WAMP Stack (HKLM-x32\...\Bitnami WAMP Stack 7.0.0beta2-1) (Version: 7.0.0beta2-1 - Bitnami)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J5620DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Brother P-touch Editor 5.1 (HKLM-x32\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0610 - Brother Industries, Ltd.)
C9 (HKLM-x32\...\C9(Continent of the Ninth Seal)_is1) (Version:  - WEBZEN)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version:  - getcomposer.org)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Creation Kit: Fallout 4 (HKLM-x32\...\Creation Kit: Fallout 4) (Version:  - Bethesda Softworks)
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead by Daylight (HKLM\...\Steam App 381210) (Version:  - Behaviour Digital Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dragon's Prophet (HKLM-x32\...\{C31556D7-F2B9-4787-B223-F7A035067E89}_is1) (Version: 2.1.1434.29 - Infernum Productions AG)
Dxtory version 2.0.135 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.135 - ExKode Co. Ltd.)
eBlendr Version 2.0.2.60 (HKLM-x32\...\eBlendr_is1) (Version: 2.0.2.60 - H. Brinkhaus Onlineservices)
eMule (HKLM-x32\...\eMule) (Version:  - )
Euro Truck Simulator 2 (HKLM\...\Steam App 227300) (Version:  - SCS Software)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.25.2.5 - SCS Software)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Fallout Mod Manager 0.12.6 (HKLM-x32\...\Fallout Mod Manager_is1) (Version:  - Timeslip, Q)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Farming Simulator 17 (HKLM\...\Steam App 447020) (Version:  - Giants Software)
FileZilla Client 3.22.2.2 (HKLM-x32\...\FileZilla Client) (Version: 3.22.2.2 - Tim Kosse)
Flash Decompiler Trillix (HKLM-x32\...\Flash Decompiler Trillix_is1) (Version: 5.3 - Eltima Software)
FlashDevelop (HKLM-x32\...\FlashDevelop) (Version: 5.1.1 - FlashDevelop.org)
FlashFXP 5 (HKLM-x32\...\FlashFXP 5) (Version: 5.0.0.3791 - OpenSight Software LLC)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Gameforge Live 2.0.6 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.6 - Gameforge)
Genymotion version 2.5.2 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.5.2 - Genymobile)
GIANTS Editor 7.0.2 64-bit (HKLM-x32\...\giants_editor_7.0.2_win64_is1) (Version: 7.0.2 - GIANTS Software GmbH)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Git version 1.9.5-preview20150319 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20150319 - The Git Development Community)
GitHub (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\5f7eb300e2ea4ebf) (Version: 3.1.1.4 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Daybreak Games)
H1Z1: King of the Kill (HKLM-x32\...\Steam App 433850) (Version:  - Daybreak Game Company)
Hearthstone Deck Tracker (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\HearthstoneDeckTracker) (Version: 1.0.5 - HearthSim)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hide and Shriek (HKLM\...\Steam App 480430) (Version:  - Funcom)
HiDrive (HKLM-x32\...\{88D57A8B-DF01-4C4D-8EF4-289C08BD2F96}) (Version: 4.2.1.0 - STRATO AG)
HP ePrint (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version: 14.0.14176.1823 - Hewlett-Packard)
HP ePrint (HKLM-x32\...\{2dbf7d69-d76e-4907-8ee6-ad90bf62aab7}) (Version: 1.0.7.31082 - HP)
HWiNFO64 Version 5.06 (HKLM\...\HWiNFO64_is1) (Version: 5.06 - Martin Malík - REALiX)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6503.0 - IDT)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation)
Intel WiDi Media Share (x32 Version: 1.1.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation)
Intel® WiDi Media Share (HKLM-x32\...\{32d14b1d-18fa-48e7-867d-93b7a72c816a}) (Version: 1.1.0.0 - Intel Corporation)
IsoBuster 3.7 (HKLM-x32\...\IsoBuster_is1) (Version: 3.7 - Smart Projects)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 92 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Java SE Development Kit 8 Update 92 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180920}) (Version: 8.0.920.14 - Oracle Corporation)
JetBrains PhpStorm 2016.1 (HKLM-x32\...\PhpStorm 2016.1) (Version: 145.258.2 - JetBrains s.r.o.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10245 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photo Master Trial (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.2.3317.01 Trial - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
LibreOffice 5.0.5.2 (HKLM-x32\...\{43D862C3-739D-4FF6-91C0-25612368CC81}) (Version: 5.0.5.2 - The Document Foundation)
Lioncast LK15 Keyboard Driver (HKLM-x32\...\{54C8FBB3-B992-43CB-8F0A-E26228013F88}) (Version: 1.0 - )
Lioncast LM30 Gaming Mouse Version 1.1 (HKLM-x32\...\{BF8BC0AC-979B-4085-8F94-7933AF19CBD2}_is1) (Version: 1.1 - LIONCAST)
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version:  - )
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
LS Mod Manager (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\fee48a2c9be21a28) (Version: 3.0.1.5 - Thomas Müller)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 47.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 de)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MultiBit HD 0.3.0 (HKLM\...\6925-4794-5772-4956) (Version: 0.3.0 - Bitcoin Solutions Ltd)
MySQL Workbench 6.2 CE (HKLM\...\{82D50D82-CAF2-4ABA-8BB7-090668162290}) (Version: 6.2.5 - Oracle Corporation)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.4.0.0 - Electronic Arts)
NetBeans IDE 8.0.2 (HKLM-x32\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.3 - Black Tree Gaming)
NifSkope (remove only) (HKLM-x32\...\NifSkope) (Version:  - )
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
Node.js (HKLM\...\{40435563-20B0-4DA3-8E52-E5BF28ABE5C3}) (Version: 0.12.2 - Joyent, Inc. and other Node contributors)
Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Treiber 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Nylas N1 (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\nylas) (Version: 0.4.5 - Nylas Inc.)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.2 - OBS Project)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Oracle VM VirtualBox 5.0.20 (HKLM\...\{8209969B-9A31-4021-B0D8-E6F719F7F995}) (Version: 5.0.20 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.8.3.59237 - Electronic Arts, Inc.)
Outlast (HKLM-x32\...\Steam App 238320) (Version:  - Red Barrels)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.99.11.0 - Overwolf Ltd.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Pinegrow Web Designer version 2.01 (HKLM-x32\...\Pinegrow Web Designer_is1) (Version: 2.01 - )
PlayClaw 5 fast codec (HKLM-x32\...\PlayClaw 5 fast codec_is1) (Version: 5.5 - )
PlayClaw 5 Plus (HKLM-x32\...\PlayClaw 5 Plus_is1) (Version: 5 - )
Plex Media Server (HKLM-x32\...\{06f702c0-12c1-4d02-a753-2c00d9f1d01e}) (Version: 0.9.1506 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1506 - Plex, Inc.) Hidden
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.8.7 - Vaclav Slavik)
PosteRazor (HKLM-x32\...\PosteRazor_is1) (Version: 1.5.2 - Alessandro Portale)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27343 - Razer Inc.)
Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16035.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.16035.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 (HKLM-x32\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.2.80601 - Samsung Electronics Co., Ltd.)
Samsung PC Studio 3 (x32 Version: 3.0.0.80601 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
SF-Etikett 13 (HKLM-x32\...\{B3966C9F-E4EC-4AB7-BFF3-8ACFAC844EAC}) (Version: 13.00.000 - Frank Stolzer)
SHIELD Streaming (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Sothink SWF Decompiler (HKLM-x32\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.4 - SourceTec Software Co., LTD)
Sothink SWF Editor (HKLM-x32\...\{0BF1DE3D-31B9-417F-A915-4BCC5AAEE3CD}_is1) (Version: 1.3 - SourceTec Software Co., LTD)
SourceTree (HKLM-x32\...\SourceTree 1.6.14) (Version: 1.6.14 - Atlassian)
SourceTree (x32 Version: 1.6.14 - Atlassian) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamline (HKLM-x32\...\d229a310-2468-4f0c-b49b-4a6dcdd47809) (Version:  - PS363)
Sublime Text Build 3065 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
Telegram Desktop Version 0.7.10 (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.10 - Telegram Messenger LLP)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version:  - Ubisoft)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version:  - Ubisoft Montreal)
TortoiseHg 3.3.3 (x64) (HKLM\...\{2A25209F-23B5-4F5F-A484-E7A0C30B5975}) (Version: 3.3.3 - Steve Borho and others)
TruckersMP 0.2.1.2.5 Alpha (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.2.1.2.5 Alpha - TruckersMP Team)
Trust 100K Series Webcam (HKLM-x32\...\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}) (Version: 1.0.4.15 - Trust)
Tukui Client (HKLM-x32\...\{BAD6EBBD-A6A9-41C9-898A-8C868A552E4C}) (Version: 2.4.6 - Tukui)
Twitch Launcher (HKLM-x32\...\Twitch Launcher 1.0.0) (Version: 1.0.0 - Twitch)
UnderCover10 2.03 (HKLM-x32\...\UnderCover10_is1) (Version:  - Wicked & Wild Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 21.1 - Ubisoft)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Vagrant (HKLM-x32\...\{DBD58741-B374-4518-B0F7-8F33D09E3164}) (Version: 1.8.1 - HashiCorp)
Vanilla DayZmod Launcher (HKLM-x32\...\{2F318942-6CAC-4D3C-AA18-259B8C5600EE}_is1) (Version: 1.0.4 - AmberHelios)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Windows-Treiberpaket - Dimension Engineering USB Serial Converter (11/12/2015 1.0.3.13) (HKLM\...\32A12E2F88EE40BDBADBB41ECCB8559DEE67F7A3) (Version: 11/12/2015 1.0.3.13 - Dimension Engineering)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
WYSIWYG Web Builder 10  (HKLM-x32\...\WYSIWYG_Web_Builder_10) (Version:  - )
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.21-0 - Bitnami)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3046321304-749213656-246317510-1001_Classes\CLSID\{33C169DA-833A-456A-9059-F3D6D429ED42}\InprocServer32 -> C:\WINDOWS\system32\timedate.cpl (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3046321304-749213656-246317510-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3046321304-749213656-246317510-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-3046321304-749213656-246317510-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-3046321304-749213656-246317510-1001_Classes\CLSID\{ecfae962-f1ac-499d-a4e9-3eec574033d8}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {09C19643-230A-4D8C-A476-C9748F3E0760} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {239108FA-ADB7-43A4-9BF6-8674581B4641} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3CF2BC52-14B3-48EF-AF3A-CB967383B7BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-07] (Google Inc.)
Task: {41CECE4F-3BE9-4752-8C1E-BF27E58428A8} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {4C6D350C-26AD-44A6-8491-D0CE433309F1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-11-07] (AVAST Software)
Task: {548B1208-8B1A-4755-BA2F-F879AF00D78C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {67265F0E-F9EA-4783-A6DC-099E6F1CDE42} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {6E4FA571-8BCF-4512-89EE-E03C92BD34A1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-10-11] (Microsoft Corporation)
Task: {83DB1462-D709-4D90-AF96-587D1CC5676A} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-10-30] (Overwolf LTD)
Task: {8B599AAE-2D21-421A-824F-D21139601E27} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [2015-09-17] (CyberLink Corp.)
Task: {8EE9593D-A158-457B-AECD-8DB785316ED5} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
Task: {A1C858F2-D3C0-4A7D-86C0-B8524A5EFD60} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-pandory@outlook.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-03-30] (Adobe Systems Incorporated)
Task: {A71A91F7-F713-455E-8C89-857AF9816B51} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25] (NVIDIA Corporation)
Task: {B0768C7B-4CE3-4217-B30B-993C55E0EE41} - System32\Tasks\SafeZone scheduled Autoupdate 1478543165 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {B1D197F1-E01F-4E05-8BC9-12E9CCA28EEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-07] (Google Inc.)
Task: {B24FF775-0247-4A53-8D67-9BB4BA20F0E4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {DCD3F4CA-2722-41AE-8AF5-4061C951D0D8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {DEE81BB9-0E5F-4A5E-9A82-18C6FF7F3472} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {F5486DC8-52DD-4D86-AA31-237997D44139} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-29 22:11 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-02-23 12:36 - 2013-06-17 17:40 - 00035944 _____ () C:\WINDOWS\system32\ddmon4-64x.dll
2016-09-08 19:25 - 2016-10-25 21:21 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-08 19:25 - 2016-10-25 21:21 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-08 19:25 - 2016-10-25 21:21 - 00420408 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2014-11-26 02:03 - 2012-04-25 03:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-06-23 20:11 - 2015-06-23 20:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-12-31 13:31 - 2005-04-22 05:36 - 00143360 ____R () C:\WINDOWS\system32\BrSNMP64.dll
2015-08-02 10:53 - 2015-05-05 12:35 - 11048960 _____ () C:\Bitnami\wampstack-7.0.0beta2-1\mysql\bin\mysqld.exe
2016-05-28 23:29 - 2016-03-24 04:20 - 11583304 _____ () C:\xampp\mysql\bin\mysqld.exe
2016-08-17 16:53 - 2016-10-25 21:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-29 22:11 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2015-04-16 16:42 - 2015-04-16 16:42 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-08-18 02:00 - 2016-08-18 02:00 - 00959168 _____ () C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2016-11-01 19:10 - 2016-11-01 19:10 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-03-12 19:23 - 2015-03-12 19:23 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-03-12 19:23 - 2015-03-12 19:23 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-10-13 15:31 - 2016-10-13 15:31 - 06673568 _____ () C:\Users\Benjamin\AppData\Roaming\STRATO\HiDrive\HiDrive.App.exe
2016-11-07 18:24 - 2016-10-31 08:11 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\libglesv2.dll
2016-11-07 18:24 - 2016-10-31 08:11 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\libegl.dll
2016-11-07 19:23 - 2016-11-07 19:23 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-08 15:25 - 2016-11-08 15:25 - 03130832 _____ () C:\Program Files\AVAST Software\Avast\defs\16110800\algo.dll
2016-11-07 19:23 - 2016-11-07 19:23 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-11-08 22:11 - 2016-11-08 22:11 - 03067904 _____ () C:\Program Files\AVAST Software\Avast\defs\16110805\algo.dll
2016-05-28 23:29 - 2015-06-05 11:54 - 00404992 _____ () C:\xampp\apache\bin\pcre.dll
2016-05-28 23:29 - 2016-04-28 04:37 - 00130048 _____ () C:\xampp\php\libpq.dll
2015-04-15 17:36 - 2016-10-25 21:21 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-13 15:04 - 2015-09-17 11:31 - 00875960 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\Kernel\Boomerang\UNO.dll
2016-09-13 15:03 - 2015-09-17 11:01 - 00081920 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\koan\_ctypes.pyd
2016-10-13 15:31 - 2016-10-13 15:31 - 01035936 _____ () C:\Users\Benjamin\AppData\Roaming\STRATO\HiDrive\CefSharp.Core.dll
2016-10-13 15:31 - 2016-10-13 15:31 - 48943768 _____ () C:\Users\Benjamin\AppData\Roaming\STRATO\HiDrive\libcef.dll
2016-11-07 19:23 - 2016-11-07 19:23 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-11-26 01:20 - 2013-09-04 16:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-09-29 22:11 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-11-01 19:10 - 2016-11-01 19:10 - 00048304 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2016-11-05 04:28 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3046321304-749213656-246317510-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Benjamin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

MSCONFIG\Services: BEService => 3
HKLM\...\StartupApproved\StartupFolder: => "PydioSync.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Energy Manager"
HKLM\...\StartupApproved\Run: => "OnekeyStudio"
HKLM\...\StartupApproved\Run: => "Lenovo Utility"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RtsFT"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "PAC207_Monitor"
HKLM\...\StartupApproved\Run: => "TortoiseHgOverlayIconServer"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "LCgmmouseRun"
HKLM\...\StartupApproved\Run32: => "Lioncast LK15 Keyboard Driver"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "PDF5 Registry Controller"
HKLM\...\StartupApproved\Run32: => "PDFHook"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\StartupFolder: => "Logitech blank Produktregistrierung.lnk"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "deskPDF Creator"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_2CB4D10DAD5AE20CADEFA2B4E24F69E5"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "Amazon Cloud Drive"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "Plex Media Server"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "TSMApplication"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "Dxtory Update Checker 2.0"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "World of Tanks"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{541B8CF6-0579-48D8-B589-F5BE8EA3D4AE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{09DC59C6-C561-4CFA-B014-880C8D701F3A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{791D5014-C773-469D-888A-EA064D95FBEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{A6EEA21D-E1B9-48F3-BA22-4B4DD3658920}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{BAEC0A83-AC21-401C-954A-85B3CF8D2CAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{FE443B3A-5295-46DE-BFC1-0149E7ED415B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{DABEC3FA-F3BC-4EDD-852C-A26CD2F4ECCD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{8F65F44C-4088-4B8E-9E52-16B39816EE82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AF3F8ADC-663D-42D2-9432-0FF78B92924F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{24C14A46-60C8-4E01-A678-D16C19606CA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe
FirewallRules: [{A6439C3D-BC7F-43D6-8461-ECC12F53AE87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe
FirewallRules: [{7B9BE528-FD6F-49CF-AAE6-02D4629E98E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 17\x86\FarmingSimulator2017Game.exe
FirewallRules: [{934D007C-8D8F-49B9-9AC4-72DED6B4E510}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Farming Simulator 17\x86\FarmingSimulator2017Game.exe
FirewallRules: [{3115ADC7-9E2B-4649-B38D-589B5DF5E1B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{110637D9-B004-4A66-BF47-1F96235B6E27}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ACE7B07B-BCDB-4810-8D5A-EF07589370F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{790CD2BD-F850-4127-B1A9-541CE940BCAE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC870588-6D46-4F8F-BC4A-A409CA430E61}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{4F317401-FD0C-47E8-B566-6CB697209ECC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{00A7AB3E-124F-4321-B28E-6DBE2E1EDF07}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{08B7A9E2-589B-4741-B887-543AD4A65A82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe

==================== Wiederherstellungspunkte =========================

06-11-2016 01:11:15 Installed Should I Remove It
06-11-2016 01:23:21 Removed VPNAutoconnect
06-11-2016 01:25:27 Removed PydioSync
06-11-2016 23:37:58 JRT Pre-Junkware Removal
07-11-2016 18:15:10 Removed Should I Remove It
07-11-2016 19:35:16 ASU_MSI_TRAN

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/09/2016 05:06:08 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PANDORY)
Description: Bei der Aktivierung der App „Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/09/2016 05:06:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PANDORY)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/09/2016 05:06:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Music.UI.exe, Version: 10.16092.1031.0, Zeitstempel: 0x5806afe7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.321, Zeitstempel: 0x57f4c4f0
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x0000000000017788
ID des fehlerhaften Prozesses: 0x46cc
Startzeit der fehlerhaften Anwendung: 0x01d23a3e98c5da02
Pfad der fehlerhaften Anwendung: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16092.10311.0_x64__8wekyb3d8bbwe\Music.UI.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: edf24c06-fa7c-4bf8-9d81-7d2e3a2dc43f
Vollständiger Name des fehlerhaften Pakets: Microsoft.ZuneMusic_10.16092.10311.0_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.ZuneMusic

Error: (11/09/2016 04:55:51 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Benjamin\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_4213128bc687e6d3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_89c04962db040fd9.manifest.

Error: (11/09/2016 04:54:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_4213128bc687e6d3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_89c04962db040fd9.manifest.

Error: (11/09/2016 04:52:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_4213128bc687e6d3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_89c04962db040fd9.manifest.

Error: (11/09/2016 04:52:19 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_89c04962db040fd9.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_4213128bc687e6d3.manifest.

Error: (11/09/2016 04:51:57 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_4213128bc687e6d3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.351_none_89c04962db040fd9.manifest.

Error: (11/09/2016 04:31:36 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PANDORY)
Description: Bei der Aktivierung der App „Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (11/09/2016 04:09:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PANDORY)
Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


Systemfehler:
=============
Error: (11/09/2016 05:06:08 AM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "Microsoft.ZuneMusic.AppXg7frm9cyrqhbagxce6zrshkx8fn0ycca.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/09/2016 05:06:07 AM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "CortanaUI.AppXvtawfp8s388m3217mfbq5fa3myj37wpa.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/09/2016 04:31:36 AM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/09/2016 04:09:11 AM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "App" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/09/2016 04:09:00 AM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "App" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/09/2016 02:51:07 AM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppXv1pa150fssxfwf8qn0j65z3gp1qhwkcs.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/09/2016 02:16:55 AM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/09/2016 02:06:08 AM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "Microsoft.ZuneMusic.AppXg7frm9cyrqhbagxce6zrshkx8fn0ycca.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/09/2016 01:51:07 AM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (11/09/2016 01:36:07 AM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "App.AppX65azfy60a5wn91mcvdd3dr2y0wj02n39.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


CodeIntegrity:
===================================
  Date: 2016-11-08 23:42:24.392
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_fe7c040832a3bf1e\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-07 18:53:23.652
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_fe7c040832a3bf1e\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-06 02:22:13.019
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_463df33ecac6d590\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-05 03:35:30.918
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-05 03:35:30.893
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-30 01:17:17.435
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_463df33ecac6d590\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-25 20:44:54.114
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_463df33ecac6d590\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-16 01:16:37.295
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_0326b872c1b453bb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-12 22:00:50.316
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_0326b872c1b453bb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-01 02:15:54.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_37b47f49d2675149\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-4210M CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 34%
Installierter physikalischer RAM: 12212.27 MB
Verfügbarer physikalischer RAM: 7969.66 MB
Summe virtueller Speicher: 14068.27 MB
Verfügbarer virtueller Speicher: 9302.64 MB

==================== Laufwerke ================================

Drive c: (Windows8_OS) (Fixed) (Total:889.91 GB) (Free:213.37 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6D82B2C4)

Partition: GPT.

==================== Ende von Addition.txt ============================

Alt 09.11.2016, 15:48   #23
kakuzu
 
UCGuard nicht entfernbar und andere Malware - Standard

UCGuard nicht entfernbar und andere Malware


So die restlichen Logs. Bin ich heut morgen vor der Arbeit nicht mehr zu gekommen.

Alt 09.11.2016, 15:52   #24
kakuzu
 
UCGuard nicht entfernbar und andere Malware - Standard

UCGuard nicht entfernbar und andere Malware


Aktuell habe ich immer noch das Problem, das mein Startbutton nicht geht und das ich im Betrieb und beim Starten eine Windowssound höre. Den gleichen wie wenn eine Anwendung Adminrechte benötigt

Alt 09.11.2016, 16:30   #25
M-K-D-B
/// TB-Ausbilder
 
UCGuard nicht entfernbar und andere Malware - Standard

UCGuard nicht entfernbar und andere Malware


Servus,




Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
C:\Users\Benjamin\AppData\Roaming\VWHL
C:\Users\Benjamin\Downloads\Malwarebytes Anti_Malware 2.2.1.rar
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{0FF03983-EAA6-4628-8E7C-387B2D4F8EF2}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{3A71C84A-1CC4-4201-B037-C81CE118D66F}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{432599E9-40CF-41E3-951A-E1E81B7B1D29}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{7D215707-3E74-4E0E-A078-2C95E1CDE233}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{9295785F-8C01-4ED3-9322-8BE5C17CA141}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B98E44C8-7BB7-4A4A-B8D2-60874CA109B2}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{C656BCEB-6B19-4992-9975-D53CEA283356}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D5AC4B9C-8EE4-48AD-A77E-1560AD886A0B}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D6914FD3-FD8E-45AD-8993-901E7B2759FD}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E0106905-0EDD-4F56-BDB5-890A1F6E8F47}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E26E880F-176C-4007-B2A7-B8F27621EC51}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E776B534-9402-4049-87C3-089EC0F54BAF}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{FCFBBE24-2ADA-4D6E-A381-DEC6E3EAEE21}
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.








Schritt 2
  • Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
  • Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
  • Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
  • Starte das Programm und führe die Punkte 1-7 durch. (Siehe Bildanleitung)
Alt 09.11.2016, 16:41   #26
kakuzu
 
UCGuard nicht entfernbar und andere Malware - Standard

UCGuard nicht entfernbar und andere Malware


Beim Deaktivieren vom Defender sehe ich gerade das oben in Rot folgendes steht " Einige Einstellungen werden von Ihrer Organisation verwaltet."

Alt 09.11.2016, 16:45   #27
M-K-D-B
/// TB-Ausbilder
 
UCGuard nicht entfernbar und andere Malware - Standard

UCGuard nicht entfernbar und andere Malware


Zitat:
Zitat von kakuzu Beitrag anzeigen
Beim Deaktivieren vom Defender sehe ich gerade das oben in Rot folgendes steht " Einige Einstellungen werden von Ihrer Organisation verwaltet."
Wird wohl an Avast liegen, weil es den Windows Defender deaktiviert sobald es selbst aktiv ist.

Alt 09.11.2016, 16:46   #28
kakuzu
 
UCGuard nicht entfernbar und andere Malware - Standard

UCGuard nicht entfernbar und andere Malware


Ok lasse dann mal Windows Repair laufen meld mich später.

Code:
ATTFilter
Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-11-2016
durchgeführt von Benjamin (09-11-2016 16:33:29) Run:7
Gestartet von C:\Users\Benjamin\Desktop
Geladene Profile: Benjamin (Verfügbare Profile: Benjamin)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
C:\Users\Benjamin\AppData\Roaming\VWHL
C:\Users\Benjamin\Downloads\Malwarebytes Anti_Malware 2.2.1.rar
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{0FF03983-EAA6-4628-8E7C-387B2D4F8EF2}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{3A71C84A-1CC4-4201-B037-C81CE118D66F}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{432599E9-40CF-41E3-951A-E1E81B7B1D29}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{7D215707-3E74-4E0E-A078-2C95E1CDE233}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{9295785F-8C01-4ED3-9322-8BE5C17CA141}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{B98E44C8-7BB7-4A4A-B8D2-60874CA109B2}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{C656BCEB-6B19-4992-9975-D53CEA283356}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D5AC4B9C-8EE4-48AD-A77E-1560AD886A0B}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D6914FD3-FD8E-45AD-8993-901E7B2759FD}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E0106905-0EDD-4F56-BDB5-890A1F6E8F47}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E26E880F-176C-4007-B2A7-B8F27621EC51}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{E776B534-9402-4049-87C3-089EC0F54BAF}
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{FCFBBE24-2ADA-4D6E-A381-DEC6E3EAEE21}
Reboot:
end
         
*****************

Prozess erfolgreich geschlossen.
C:\Users\Benjamin\AppData\Roaming\VWHL => erfolgreich verschoben
C:\Users\Benjamin\Downloads\Malwarebytes Anti_Malware 2.2.1.rar => erfolgreich verschoben
HKLM\SOFTWARE\Classes\Interface\{0FF03983-EAA6-4628-8E7C-387B2D4F8EF2} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{3A71C84A-1CC4-4201-B037-C81CE118D66F} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{432599E9-40CF-41E3-951A-E1E81B7B1D29} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{7D215707-3E74-4E0E-A078-2C95E1CDE233} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{9295785F-8C01-4ED3-9322-8BE5C17CA141} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{B98E44C8-7BB7-4A4A-B8D2-60874CA109B2} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{C656BCEB-6B19-4992-9975-D53CEA283356} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{D5AC4B9C-8EE4-48AD-A77E-1560AD886A0B} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{D6914FD3-FD8E-45AD-8993-901E7B2759FD} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{E0106905-0EDD-4F56-BDB5-890A1F6E8F47} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{E26E880F-176C-4007-B2A7-B8F27621EC51} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{E776B534-9402-4049-87C3-089EC0F54BAF} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Classes\Interface\{FCFBBE24-2ADA-4D6E-A381-DEC6E3EAEE21} => Schlüssel erfolgreich entfernt


Das System musste neu gestartet werden.

==== Ende von Fixlog 16:33:31 ====

Alt 09.11.2016, 16:47   #29
M-K-D-B
/// TB-Ausbilder
 
UCGuard nicht entfernbar und andere Malware - Standard

UCGuard nicht entfernbar und andere Malware


Zitat:
Zitat von kakuzu Beitrag anzeigen
Ok lasse dann mal Windows Repair laufen meld mich später
ok...

Alt 09.11.2016, 23:16   #30
kakuzu
 
UCGuard nicht entfernbar und andere Malware - Standard

UCGuard nicht entfernbar und andere Malware


So Windows Repair ist mittlerweile Fertig. Der Startbutton geht auch wieder.

Ursache für den Windowssound ist nun auch ersichtlich. Das Infocenter Zeit mittlerweile Meldungen an das Standartanwendungen zurückgesetzt werden. Für verschiedene Dateitypen.

Antwort
Seite 2 von 3 1 2 3

Themen zu UCGuard nicht entfernbar und andere Malware
appdata, bericht, button, cid, code, dateien, defender, dll, entfernen, firefox, google, home, hängt, infizierte, lösung, malware, microsoft, ordner, rechner, registry, secure, server, software, windows, wmi


« BrowserModifier: Win32/SupTab!blnk | Computer plötzlich extrem langsam »


Ähnliche Themen: UCGuard nicht entfernbar und andere Malware


  1. DNS-Unlocker nicht entfernbar?
    Plagegeister aller Art und deren Bekämpfung - 30.03.2016 (7)
  2. WIN10 DNS Keeper lässt sich nicht entfernen/Verdacht auf andere Malware
    Log-Analyse und Auswertung - 07.09.2015 (4)
  3. BetterMarkIT NICHT entfernbar
    Plagegeister aller Art und deren Bekämpfung - 01.02.2015 (7)
  4. PUM.DNS in Registry nicht entfernbar
    Log-Analyse und Auswertung - 09.10.2014 (21)
  5. PUP.Datamngr nicht entfernbar
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (29)
  6. gvu trojaner nicht entfernbar
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (2)
  7. Trojan.Gen.Ml - Nicht entfernbar!
    Log-Analyse und Auswertung - 29.10.2010 (35)
  8. Malware Problem / Virus nicht entfernbar
    Log-Analyse und Auswertung - 30.08.2010 (3)
  9. Malware nicht entfernbar?
    Antiviren-, Firewall- und andere Schutzprogramme - 23.05.2010 (1)
  10. TR/Crypt.FKM.Gen nicht entfernbar?
    Plagegeister aller Art und deren Bekämpfung - 20.03.2009 (2)
  11. BNA.tmp und andere Trojanerteile nicht entfernbar
    Log-Analyse und Auswertung - 21.01.2009 (12)
  12. Virtumonde und andere Malware lässt sich nicht entfernen, bitte um Hilfe!
    Mülltonne - 01.10.2008 (0)
  13. Bin mir nicht sicher ob ich n Vundo oder ne andere Malware eingefangen hab!
    Log-Analyse und Auswertung - 05.06.2008 (1)
  14. HEUR.Malware nicht entfernbar
    Plagegeister aller Art und deren Bekämpfung - 15.04.2008 (9)
  15. NewDotNet nicht entfernbar
    Plagegeister aller Art und deren Bekämpfung - 02.01.2007 (2)
  16. Prozesse nicht entfernbar!
    Log-Analyse und Auswertung - 20.12.2005 (3)
  17. TR/agent.cs.1 nicht entfernbar
    Log-Analyse und Auswertung - 07.07.2005 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema UCGuard nicht entfernbar und andere Malware - Ich scheine ja mal richtig was eingefangen zu haben. Mache dir damit mal so richtig Arbeit. Aber schön zu sehen das es so eine Hilfsbereite Community gibt. Code: Alles auswählen - UCGuard nicht entfernbar und andere Malware...
Archiv
Du betrachtest: UCGuard nicht entfernbar und andere Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130