| |
| |||||||
Log-Analyse und Auswertung: UCGuard nicht entfernbar und andere MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
06.11.2016, 14:38
| #1 |
 |  UCGuard nicht entfernbar und andere Malware Umbenennen der Datei hat geholfen. Log Dateien sind zu groß, habe sie mal als Anhang bei gefügt. Oder soll ich die Logs File besser Splitten? Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 04-11-2016
durchgeführt von Benjamin (06-11-2016 14:23:45)
Gestartet von C:\Users\Benjamin\Downloads
Windows 10 Home Version 1607 (X64) (2016-08-17 16:33:15)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-3046321304-749213656-246317510-500 - Administrator - Disabled)
Benjamin (S-1-5-21-3046321304-749213656-246317510-1001 - Administrator - Enabled) => C:\Users\Benjamin
DefaultAccount (S-1-5-21-3046321304-749213656-246317510-503 - Limited - Disabled)
Gast (S-1-5-21-3046321304-749213656-246317510-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3046321304-749213656-246317510-1003 - Limited - Enabled)
priva (S-1-5-21-3046321304-749213656-246317510-1006 - Administrator - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
4K Video Downloader (HKLM\...\4K Video DownloaderLatest) (Version: Latest - Franki Hack)
4K Video Downloader 4.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version: - The Fun Pimps)
7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.0.1.88 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.2.2 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version: - Gameforge)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 20.2.1245.53580 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 20.2.1245.53580 - Alcor Micro Corp.) Hidden
Amazon Cloud Drive (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\Amazon Cloud Drive) (Version: 3.2.1.29 - Amazon.com, Inc.)
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
AnyBurn (HKLM-x32\...\AnyBurn) (Version: 3.0 - Power Software Ltd)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Benutzerhandbücher (x32 Version: 3.0.0.3 - Lenovo) Hidden
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
Bitnami WAMP Stack (HKLM-x32\...\Bitnami WAMP Stack 7.0.0beta2-1) (Version: 7.0.0beta2-1 - Bitnami)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J5620DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.5.0 - Brother Industries, Ltd.)
Brother P-touch Editor 5.1 (HKLM-x32\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0610 - Brother Industries, Ltd.)
C9 (HKLM-x32\...\C9(Continent of the Ninth Seal)_is1) (Version: - WEBZEN)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Composer - Php Dependency Manager (HKLM-x32\...\{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1) (Version: - getcomposer.org)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version: - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Creation Kit: Fallout 4 (HKLM-x32\...\Creation Kit: Fallout 4) (Version: - Bethesda Softworks)
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
Curse Client (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Dead by Daylight (HKLM\...\Steam App 381210) (Version: - Behaviour Digital Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dragon's Prophet (HKLM-x32\...\{C31556D7-F2B9-4787-B223-F7A035067E89}_is1) (Version: 2.1.1434.29 - Infernum Productions AG)
Dxtory version 2.0.135 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.135 - ExKode Co. Ltd.)
eBlendr Version 2.0.2.60 (HKLM-x32\...\eBlendr_is1) (Version: 2.0.2.60 - H. Brinkhaus Onlineservices)
eMule (HKLM-x32\...\eMule) (Version: - )
Euro Truck Simulator 2 (HKLM\...\Steam App 227300) (Version: - SCS Software)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.25.2.5 - SCS Software)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version: - Bethesda Game Studios)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
Fallout Mod Manager 0.12.6 (HKLM-x32\...\Fallout Mod Manager_is1) (Version: - Timeslip, Q)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Farming Simulator 17 (HKLM\...\Steam App 447020) (Version: - Giants Software)
FileZilla Client 3.22.1 (HKLM-x32\...\FileZilla Client) (Version: 3.22.1 - Tim Kosse)
Flash Decompiler Trillix (HKLM-x32\...\Flash Decompiler Trillix_is1) (Version: 5.3 - Eltima Software)
FlashDevelop (HKLM-x32\...\FlashDevelop) (Version: 5.1.1 - FlashDevelop.org)
FlashFXP 5 (HKLM-x32\...\FlashFXP 5) (Version: 5.0.0.3791 - OpenSight Software LLC)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Gameforge Live 2.0.6 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.6 - Gameforge)
Genymotion version 2.5.2 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.5.2 - Genymobile)
GIANTS Editor 7.0.2 64-bit (HKLM-x32\...\giants_editor_7.0.2_win64_is1) (Version: 7.0.2 - GIANTS Software GmbH)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Git version 1.9.5-preview20150319 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20150319 - The Git Development Community)
GitHub (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\5f7eb300e2ea4ebf) (Version: 3.1.1.4 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
H1Z1 (HKLM-x32\...\Steam App 295110) (Version: - Daybreak Games)
H1Z1: King of the Kill (HKLM-x32\...\Steam App 433850) (Version: - Daybreak Game Company)
Hearthstone Deck Tracker (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\HearthstoneDeckTracker) (Version: 1.0.5 - HearthSim)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Hide and Shriek (HKLM\...\Steam App 480430) (Version: - Funcom)
HiDrive (HKLM-x32\...\{88D57A8B-DF01-4C4D-8EF4-289C08BD2F96}) (Version: 4.2.1.0 - STRATO AG)
HP ePrint (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version: 14.0.14176.1823 - Hewlett-Packard)
HP ePrint (HKLM-x32\...\{2dbf7d69-d76e-4907-8ee6-ad90bf62aab7}) (Version: 1.0.7.31082 - HP)
HWiNFO64 Version 5.06 (HKLM\...\HWiNFO64_is1) (Version: 5.06 - Martin Malík - REALiX)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6503.0 - IDT)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1013 - Intel Corporation)
Intel WiDi Media Share (x32 Version: 1.1.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.5.1000 - Intel Corporation)
Intel® WiDi Media Share (HKLM-x32\...\{32d14b1d-18fa-48e7-867d-93b7a72c816a}) (Version: 1.1.0.0 - Intel Corporation)
IsoBuster 3.7 (HKLM-x32\...\IsoBuster_is1) (Version: 3.7 - Smart Projects)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 92 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Java SE Development Kit 8 Update 92 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180920}) (Version: 8.0.920.14 - Oracle Corporation)
JetBrains PhpStorm 2016.1 (HKLM-x32\...\PhpStorm 2016.1) (Version: 145.258.2 - JetBrains s.r.o.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10245 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photo Master Trial (HKLM-x32\...\{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 2.2.3317.01 Trial - CyberLink Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden
LibreOffice 5.0.5.2 (HKLM-x32\...\{43D862C3-739D-4FF6-91C0-25612368CC81}) (Version: 5.0.5.2 - The Document Foundation)
Lioncast LK15 Keyboard Driver (HKLM-x32\...\{54C8FBB3-B992-43CB-8F0A-E26228013F88}) (Version: 1.0 - )
Lioncast LM30 Gaming Mouse Version 1.1 (HKLM-x32\...\{BF8BC0AC-979B-4085-8F94-7933AF19CBD2}_is1) (Version: 1.1 - LIONCAST)
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version: - )
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
LS Mod Manager (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\fee48a2c9be21a28) (Version: 3.0.1.5 - Thomas Müller)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Access database engine 2010 (German) (HKLM-x32\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 46.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 de)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MultiBit HD 0.3.0 (HKLM\...\6925-4794-5772-4956) (Version: 0.3.0 - Bitcoin Solutions Ltd)
MySQL Workbench 6.2 CE (HKLM\...\{82D50D82-CAF2-4ABA-8BB7-090668162290}) (Version: 6.2.5 - Oracle Corporation)
Need for Speed™ Most Wanted (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}) (Version: 1.5.0.0 - Electronic Arts)
Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.4.0.0 - Electronic Arts)
NetBeans IDE 8.0.2 (HKLM-x32\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
NetStat4Win 1.60 (HKLM\...\NetStat4Win) (Version: - Mirko Böer)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.3 - Black Tree Gaming)
NifSkope (remove only) (HKLM-x32\...\NifSkope) (Version: - )
Nitro Pro 9 (HKLM\...\{4C32F7E8-A65F-4D3C-9153-9F3B57CB6872}) (Version: 9.0.5.9 - Nitro)
Node.js (HKLM\...\{40435563-20B0-4DA3-8E52-E5BF28ABE5C3}) (Version: 0.12.2 - Joyent, Inc. and other Node contributors)
Nuance PaperPort 12 (HKLM-x32\...\{2A770862-7142-4C77-8117-F933E4110A3F}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Treiber 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Nylas N1 (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\nylas) (Version: 0.4.5 - Nylas Inc.)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.2 - OBS Project)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Oracle VM VirtualBox 5.0.20 (HKLM\...\{8209969B-9A31-4021-B0D8-E6F719F7F995}) (Version: 5.0.20 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.8.3.59237 - Electronic Arts, Inc.)
Outlast (HKLM-x32\...\Steam App 238320) (Version: - Red Barrels)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.98.211.0 - Overwolf Ltd.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Pinegrow Web Designer version 2.01 (HKLM-x32\...\Pinegrow Web Designer_is1) (Version: 2.01 - )
PlayClaw 5 fast codec (HKLM-x32\...\PlayClaw 5 fast codec_is1) (Version: 5.5 - )
PlayClaw 5 Plus (HKLM-x32\...\PlayClaw 5 Plus_is1) (Version: 5 - )
Plex Media Server (HKLM-x32\...\{06f702c0-12c1-4d02-a753-2c00d9f1d01e}) (Version: 0.9.1506 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1506 - Plex, Inc.) Hidden
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.8.7 - Vaclav Slavik)
PosteRazor (HKLM-x32\...\PosteRazor_is1) (Version: 1.5.2 - Alessandro Portale)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.305 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27343 - Razer Inc.)
Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16035.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.16035.2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version: - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung PC Studio 3 (HKLM-x32\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.2.80601 - Samsung Electronics Co., Ltd.)
Samsung PC Studio 3 (x32 Version: 3.0.0.80601 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Scansoft PDF Professional (x32 Version: - ) Hidden
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
SF-Etikett 13 (HKLM-x32\...\{B3966C9F-E4EC-4AB7-BFF3-8ACFAC844EAC}) (Version: 13.00.000 - Frank Stolzer)
SHIELD Streaming (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
Should I Remove It (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Sothink SWF Decompiler (HKLM-x32\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.4 - SourceTec Software Co., LTD)
Sothink SWF Editor (HKLM-x32\...\{0BF1DE3D-31B9-417F-A915-4BCC5AAEE3CD}_is1) (Version: 1.3 - SourceTec Software Co., LTD)
SourceTree (HKLM-x32\...\SourceTree 1.6.14) (Version: 1.6.14 - Atlassian)
SourceTree (x32 Version: 1.6.14 - Atlassian) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streamline (HKLM-x32\...\d229a310-2468-4f0c-b49b-4a6dcdd47809) (Version: - PS363)
Sublime Text Build 3065 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Telegram Desktop Version 0.7.10 (HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.10 - Telegram Messenger LLP)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft)
The Forest (HKLM-x32\...\Steam App 242760) (Version: - Endnight Games Ltd)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft Montreal)
TortoiseHg 3.3.3 (x64) (HKLM\...\{2A25209F-23B5-4F5F-A484-E7A0C30B5975}) (Version: 3.3.3 - Steve Borho and others)
TruckersMP 0.2.1.2.5 Alpha (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.2.1.2.5 Alpha - TruckersMP Team)
Trust 100K Series Webcam (HKLM-x32\...\{C679F9B9-C65D-4C65-BD6C-BF90B859E281}) (Version: 1.0.4.15 - Trust)
Tukui Client (HKLM-x32\...\{BAD6EBBD-A6A9-41C9-898A-8C868A552E4C}) (Version: 2.4.6 - Tukui)
Twitch Launcher (HKLM-x32\...\Twitch Launcher 1.0.0) (Version: 1.0.0 - Twitch)
Twitch Leecher 1.3.2 (HKLM-x32\...\{90604deb-1435-465e-9485-862937465b6b}) (Version: 1.3.2.0 - Fake Smile Revolution)
Twitch Leecher 1.3.2 (Version: 1.3.2.0 - Fake Smile Revolution) Hidden
UnderCover10 2.03 (HKLM-x32\...\UnderCover10_is1) (Version: - Wicked & Wild Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 21.1 - Ubisoft)
User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo)
Vagrant (HKLM-x32\...\{DBD58741-B374-4518-B0F7-8F33D09E3164}) (Version: 1.8.1 - HashiCorp)
Vanilla DayZmod Launcher (HKLM-x32\...\{2F318942-6CAC-4D3C-AA18-259B8C5600EE}_is1) (Version: 1.0.4 - AmberHelios)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
WEBZEN Browser Extension (HKLM-x32\...\{95723791-2C44-454B-9220-C65D47D70E9C}) (Version: 1.12.010 - WEBZEN)
Windows-Treiberpaket - Dimension Engineering USB Serial Converter (11/12/2015 1.0.3.13) (HKLM\...\32A12E2F88EE40BDBADBB41ECCB8559DEE67F7A3) (Version: 11/12/2015 1.0.3.13 - Dimension Engineering)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
WYSIWYG Web Builder 10 (HKLM-x32\...\WYSIWYG_Web_Builder_10) (Version: - )
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.21-0 - Bitnami)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3046321304-749213656-246317510-1001_Classes\CLSID\{33C169DA-833A-456A-9059-F3D6D429ED42}\InprocServer32 -> C:\WINDOWS\system32\timedate.cpl (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3046321304-749213656-246317510-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3046321304-749213656-246317510-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-3046321304-749213656-246317510-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-3046321304-749213656-246317510-1001_Classes\CLSID\{ecfae962-f1ac-499d-a4e9-3eec574033d8}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {09C19643-230A-4D8C-A476-C9748F3E0760} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {239108FA-ADB7-43A4-9BF6-8674581B4641} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {2CA40D83-1939-47D2-A855-2F7A4FAB06E8} - System32\Tasks\SecureUpdater => C:\Program Files (x86)\UCBrowser\Application\uclauncher.exe [2016-11-04] (UC Web Inc.) <==== ACHTUNG
Task: {33E118EB-0693-4BEC-88A4-A38AF88114D0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {40BD5A48-16A5-429F-85F3-0176EF3735A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {41CECE4F-3BE9-4752-8C1E-BF27E58428A8} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)
Task: {43E0225D-0996-45E3-BC8E-A4C886C60E52} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-10-31] (UCWeb Inc) <==== ACHTUNG
Task: {4DF13BBA-9FFD-48E0-93AD-3EADE7C6B18B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {548B1208-8B1A-4755-BA2F-F879AF00D78C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {5A3D076E-4860-4BEB-9F01-29C47D023B28} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {64AAF96A-BD92-463B-BE03-B8B88DC23005} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {67265F0E-F9EA-4783-A6DC-099E6F1CDE42} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {6E4FA571-8BCF-4512-89EE-E03C92BD34A1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-10-11] (Microsoft Corporation)
Task: {75196BBE-3737-4678-AE57-464270E71418} - System32\Tasks\090814979df9a1cbff315bc3871a6032 => Rundll32.exe "C:\Program Files (x86)\PDF24\5emdqf.dll",e62dc6c6547f46bda862da2d05af6862 <==== ACHTUNG
Task: {7A34A017-10ED-43F4-B3ED-275D45FE199B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {826CF2EA-D0DF-45E0-AF6A-95816F289396} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {83DB1462-D709-4D90-AF96-587D1CC5676A} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-09-27] (Overwolf LTD)
Task: {8B599AAE-2D21-421A-824F-D21139601E27} - System32\Tasks\CyberLink\Photo Master Gadget startup => C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoMasterWorker.exe [2015-09-17] (CyberLink Corp.)
Task: {8EE9593D-A158-457B-AECD-8DB785316ED5} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
Task: {96B2DA81-9A99-40BB-AC28-1AA2DB91F55E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {99363A44-6DEC-4356-B050-29265EFD2B77} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {9DC45D87-CD47-4FF5-B828-8EEAA989237A} - System32\Tasks\Cwspgajother Provider => C:\Program Files (x86)\Phowert\steiing.exe [2016-11-04] (Glarysoft Ltd)
Task: {A1C858F2-D3C0-4A7D-86C0-B8524A5EFD60} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-pandory@outlook.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-03-30] (Adobe Systems Incorporated)
Task: {A392F5FC-6486-4E05-AEBD-55CDEC33D22A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {A54A7010-1548-4C4B-A473-6223323ADCC3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {A71A91F7-F713-455E-8C89-857AF9816B51} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25] (NVIDIA Corporation)
Task: {A8B04EAC-2AF5-4B8A-86CA-687A402989E2} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-10-31] (UCWeb Inc) <==== ACHTUNG
Task: {B24FF775-0247-4A53-8D67-9BB4BA20F0E4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {CE0EE6F4-7D41-4703-A6F8-FB026CFD393E} - System32\Tasks\Microsoft\Windows\RestartManager\{6FCA8F0B-9FC1-4d99-997C-A2EE39124A9A} => C:\WINDOWS\system32\rmclient.exe [2016-07-16] (Microsoft Corporation)
Task: {D082025C-E335-415A-A00D-C3591ED52A58} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {D274DC96-E8BC-4642-92F0-F538D9913564} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {DCD3F4CA-2722-41AE-8AF5-4061C951D0D8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {DEE81BB9-0E5F-4A5E-9A82-18C6FF7F3472} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {F5486DC8-52DD-4D86-AA31-237997D44139} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ACHTUNG
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\iexplore.bat ()
Shortcut: C:\Users\Benjamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\iexplore.bat ()
Shortcut: C:\Users\Benjamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\chrome.bat (Keine Datei)
Shortcut: C:\Users\Benjamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\iexplore.bat ()
ShortcutWithArgument: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\nodejs\nodevars.bat"
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-29 22:11 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-02-23 12:36 - 2013-06-17 17:40 - 00035944 _____ () C:\WINDOWS\system32\ddmon4-64x.dll
2014-11-26 02:03 - 2012-04-25 03:43 - 00390632 ____N () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-05-28 23:29 - 2016-03-24 04:20 - 11583304 _____ () C:\xampp\mysql\bin\mysqld.exe
2015-06-23 20:11 - 2015-06-23 20:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-12-31 13:31 - 2005-04-22 05:36 - 00143360 ____R () C:\WINDOWS\system32\BrSNMP64.dll
2015-08-02 10:53 - 2015-05-05 12:35 - 11048960 _____ () C:\Bitnami\wampstack-7.0.0beta2-1\mysql\bin\mysqld.exe
2016-09-29 22:11 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2015-04-16 16:42 - 2015-04-16 16:42 - 00997536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-08-18 02:00 - 2016-08-18 02:00 - 00959168 _____ () C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
2016-10-03 15:57 - 2016-10-03 15:57 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2015-06-01 16:03 - 2015-03-19 22:33 - 00736962 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-03-12 19:23 - 2015-03-12 19:23 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-03-12 19:23 - 2015-03-12 19:23 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-10-13 15:31 - 2016-10-13 15:31 - 06673568 _____ () C:\Users\Benjamin\AppData\Roaming\STRATO\HiDrive\HiDrive.App.exe
2016-09-08 19:25 - 2016-10-25 21:21 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-08 19:25 - 2016-10-25 21:21 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-08 19:25 - 2016-10-25 21:21 - 00420408 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-08-17 16:53 - 2016-10-25 21:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-28 10:14 - 2016-08-03 16:36 - 00174872 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-08-04 14:43 - 2016-08-03 16:36 - 00103192 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-08-04 14:43 - 2016-08-03 16:36 - 00107800 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-08-04 14:46 - 2016-08-03 16:36 - 00312088 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-08-04 14:46 - 2016-08-03 16:36 - 00485656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2016-11-04 18:24 - 2016-11-04 18:24 - 00274944 _____ () c:\program files (x86)\phowert\qonakclecisycln.dll
2015-08-02 10:53 - 2015-07-21 14:17 - 00409600 _____ () C:\Bitnami\WAMPST~1.0BE\apache2\bin\pcre.dll
2015-08-02 10:53 - 2015-07-21 14:23 - 00071680 _____ () C:\Bitnami\WAMPST~1.0BE\apache2\bin\zlib1.dll
2015-08-02 10:53 - 2015-07-23 21:39 - 00121856 _____ () C:\Bitnami\wampstack-7.0.0beta2-1\php\libpq.dll
2015-08-02 10:57 - 2015-07-23 21:39 - 00168960 _____ () C:\Bitnami\WAMPST~1.0BE\apache2\bin\libssh2.dll
2016-09-13 15:04 - 2015-09-17 11:31 - 00875960 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\Kernel\Boomerang\UNO.dll
2016-09-13 15:03 - 2015-09-17 11:01 - 00081920 _____ () C:\Program Files (x86)\Lenovo\Lenovo Photo Master\koan\_ctypes.pyd
2016-10-13 15:31 - 2016-10-13 15:31 - 01035936 _____ () C:\Users\Benjamin\AppData\Roaming\STRATO\HiDrive\CefSharp.Core.dll
2016-10-13 15:31 - 2016-10-13 15:31 - 48943768 _____ () C:\Users\Benjamin\AppData\Roaming\STRATO\HiDrive\libcef.dll
2014-11-26 01:20 - 2013-09-04 16:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-04-15 17:36 - 2016-10-25 21:21 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-08 19:25 - 2016-10-25 20:57 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-09-08 19:25 - 2016-10-25 20:57 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-09-08 19:25 - 2016-10-25 20:57 - 02808256 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-09-08 19:25 - 2016-10-25 21:21 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-08 19:25 - 2016-10-25 21:21 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-08 19:25 - 2016-10-25 20:57 - 00246840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-09-08 19:25 - 2016-10-25 20:57 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-09-08 19:25 - 2016-10-25 20:57 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-09-08 19:25 - 2016-10-25 20:57 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-10-03 15:57 - 2016-10-03 15:57 - 00048304 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2015-08-29 18:34 - 2016-09-08 04:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-08-29 18:34 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-08-29 18:34 - 2016-10-13 02:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2015-08-29 18:34 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-08-29 18:34 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-08-29 18:34 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-08-29 18:34 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-08-29 18:34 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-08-29 18:34 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-08-29 18:34 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-08-29 18:34 - 2016-10-13 02:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-11 18:43 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-22 07:46 - 2016-08-04 21:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll
2015-08-29 18:34 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-08-18 02:00 - 2016-08-18 02:00 - 00679624 _____ () C:\Users\Benjamin\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\ClientTelemetry.dll
2016-11-03 02:05 - 2016-10-31 06:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\libglesv2.dll
2016-11-03 02:05 - 2016-10-31 06:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\libegl.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [360536]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1156450]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 14:25 - 2016-11-05 04:28 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3046321304-749213656-246317510-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Benjamin\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
MSCONFIG\Services: BEService => 3
HKLM\...\StartupApproved\StartupFolder: => "PydioSync.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "Energy Manager"
HKLM\...\StartupApproved\Run: => "OnekeyStudio"
HKLM\...\StartupApproved\Run: => "Lenovo Utility"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "RtsFT"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "PAC207_Monitor"
HKLM\...\StartupApproved\Run: => "TortoiseHgOverlayIconServer"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "LCgmmouseRun"
HKLM\...\StartupApproved\Run32: => "Lioncast LK15 Keyboard Driver"
HKLM\...\StartupApproved\Run32: => "BrHelp"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "PDF5 Registry Controller"
HKLM\...\StartupApproved\Run32: => "PDFHook"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\StartupFolder: => "Logitech blank Produktregistrierung.lnk"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "deskPDF Creator"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_2CB4D10DAD5AE20CADEFA2B4E24F69E5"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "ISUSPM"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "Amazon Cloud Drive"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "Plex Media Server"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "TSMApplication"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "Dxtory Update Checker 2.0"
HKU\S-1-5-21-3046321304-749213656-246317510-1001\...\StartupApproved\Run: => "World of Tanks"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{0C343DB2-595E-4609-91E0-5FBBBCFD66D0}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{73BF8670-C78B-4344-8F68-D8CCCA0CDD28}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{541B8CF6-0579-48D8-B589-F5BE8EA3D4AE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{09DC59C6-C561-4CFA-B014-880C8D701F3A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{791D5014-C773-469D-888A-EA064D95FBEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{A6EEA21D-E1B9-48F3-BA22-4B4DD3658920}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [TCP Query User{C8977BBE-7EAD-4591-9306-7453C1398E5C}C:\program files (x86)\steam\steamapps\common\farming simulator 17\x64\farmingsimulator2017game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\farming simulator 17\x64\farmingsimulator2017game.exe
FirewallRules: [UDP Query User{7129E83C-67D3-4121-9627-A618858F3635}C:\program files (x86)\steam\steamapps\common\farming simulator 17\x64\farmingsimulator2017game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\farming simulator 17\x64\farmingsimulator2017game.exe
FirewallRules: [{BAEC0A83-AC21-401C-954A-85B3CF8D2CAD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{FE443B3A-5295-46DE-BFC1-0149E7ED415B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{DABEC3FA-F3BC-4EDD-852C-A26CD2F4ECCD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{8F65F44C-4088-4B8E-9E52-16B39816EE82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AF3F8ADC-663D-42D2-9432-0FF78B92924F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
==================== Wiederherstellungspunkte =========================
06-11-2016 01:11:15 Installed Should I Remove It
06-11-2016 01:23:21 Removed VPNAutoconnect
06-11-2016 01:25:27 Removed PydioSync
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/06/2016 02:07:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PANDORY)
Description: Bei der Aktivierung der App „Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (11/06/2016 02:06:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PANDORY)
Description: Bei der Aktivierung der App „Microsoft.WindowsAlarms_8wekyb3d8bbwe!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (11/06/2016 02:06:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Music.UI.exe, Version: 10.16092.1031.0, Zeitstempel: 0x5806afe7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.321, Zeitstempel: 0x57f4c4f0
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x0000000000017788
ID des fehlerhaften Prozesses: 0x4c24
Startzeit der fehlerhaften Anwendung: 0x01d2382ea7e3aca6
Pfad der fehlerhaften Anwendung: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16092.10311.0_x64__8wekyb3d8bbwe\Music.UI.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 81f1f8c2-ad7f-4b3c-95f3-b5603fdd9013
Vollständiger Name des fehlerhaften Pakets: Microsoft.ZuneMusic_10.16092.10311.0_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Microsoft.ZuneMusic
Error: (11/06/2016 01:55:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PANDORY)
Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (11/06/2016 01:55:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.14393.187, Zeitstempel: 0x57cf9d73
Name des fehlerhaften Moduls: ShellExperienceHost.exe, Version: 10.0.14393.187, Zeitstempel: 0x57cf9d73
Ausnahmecode: 0xc000027b
Fehleroffset: 0x0000000000022e37
ID des fehlerhaften Prozesses: 0x1780
Startzeit der fehlerhaften Anwendung: 0x01d2382d07791967
Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Berichtskennung: e5976a74-17a3-45d6-ac14-ee5296717a4e
Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.ShellExperienceHost_10.0.14393.206_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (11/06/2016 01:54:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PANDORY)
Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (11/06/2016 01:54:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.14393.187, Zeitstempel: 0x57cf9d73
Name des fehlerhaften Moduls: ShellExperienceHost.exe, Version: 10.0.14393.187, Zeitstempel: 0x57cf9d73
Ausnahmecode: 0xc000027b
Fehleroffset: 0x0000000000022e37
ID des fehlerhaften Prozesses: 0x4fa0
Startzeit der fehlerhaften Anwendung: 0x01d2382cf9b8a0c3
Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Berichtskennung: 3d923c12-790a-47bf-a4f2-0b3774178c97
Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.ShellExperienceHost_10.0.14393.206_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (11/06/2016 01:51:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PANDORY)
Description: Bei der Aktivierung der App „Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (11/06/2016 01:46:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PANDORY)
Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error: (11/06/2016 01:46:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.14393.187, Zeitstempel: 0x57cf9d73
Name des fehlerhaften Moduls: ShellExperienceHost.exe, Version: 10.0.14393.187, Zeitstempel: 0x57cf9d73
Ausnahmecode: 0xc000027b
Fehleroffset: 0x0000000000022e37
ID des fehlerhaften Prozesses: 0x1d8c
Startzeit der fehlerhaften Anwendung: 0x01d2382bbc50b694
Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Berichtskennung: 5c11c5ae-802f-4938-86d1-c0989b44f47f
Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.ShellExperienceHost_10.0.14393.206_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Systemfehler:
=============
Error: (11/06/2016 02:07:00 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "Microsoft.ZuneMusic.AppXg7frm9cyrqhbagxce6zrshkx8fn0ycca.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (11/06/2016 02:06:58 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "App.AppXvwgnrrhcka99admvy9fqan3zpdmgg69a.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (11/06/2016 01:55:21 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "App" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (11/06/2016 01:54:59 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "App" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (11/06/2016 01:51:57 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (11/06/2016 01:46:07 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "App" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (11/06/2016 01:06:57 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "CortanaUI.AppXvtawfp8s388m3217mfbq5fa3myj37wpa.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (11/06/2016 01:00:58 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "App" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (11/06/2016 12:48:52 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "App" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (11/06/2016 12:47:50 PM) (Source: DCOM) (EventID: 10010) (User: PANDORY)
Description: Der Server "App" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
CodeIntegrity:
===================================
Date: 2016-11-06 02:22:13.019
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_463df33ecac6d590\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-05 03:35:30.918
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-11-05 03:35:30.893
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-10-30 01:17:17.435
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_463df33ecac6d590\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-10-25 20:44:54.114
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_463df33ecac6d590\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-10-16 01:16:37.295
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_0326b872c1b453bb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-10-12 22:00:50.316
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_0326b872c1b453bb\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-10-01 02:15:54.025
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_37b47f49d2675149\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-25 22:05:54.353
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_37b47f49d2675149\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-20 20:22:29.840
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4210M CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 42%
Installierter physikalischer RAM: 12212.27 MB
Verfügbarer physikalischer RAM: 7037.73 MB
Summe virtueller Speicher: 14068.27 MB
Verfügbarer virtueller Speicher: 6129.12 MB
==================== Laufwerke ================================
Drive c: (Windows8_OS) (Fixed) (Total:889.91 GB) (Free:224.98 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 6D82B2C4)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
06.11.2016, 21:04
| #2 |
| /// TB-Ausbilder   | UCGuard nicht entfernbar und andere Malware Servus,
__________________passt schon so. Bitte alle Schritte aufmerksam durchlesen und genau so mit den genannten Optionen/Einstellungen, insbesondere bei AdwCleaner, anwenden! Habe schon lange nicht mehr so viele Malware gesehen...  Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
ShellExecuteHooks: - {47BCB852-9E94-11E6-AEC8-64006A5CFC23} - C:\Users\Benjamin\AppData\Roaming\Hnentqerky\Domesanruent.dll Keine Datei [ ]
C:\Users\Benjamin\AppData\Roaming\Hnentqerky
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Keine Datei
SearchScopes: HKU\S-1-5-21-3046321304-749213656-246317510-1001 -> {467914D1-0A20-41D7-8496-E7B7AD0E48D4} URL =
R2 Arakosatuhph; C:\Program Files (x86)\Phowert\qonakclecisycln.dll [274944 2016-11-04] () [Datei ist nicht signiert]
C:\Program Files (x86)\Phowert
S2 xecotyvo; kein ImagePath
R1 ucdrv; C:\WINDOWS\System32\drivers:ucdrv-x64.sys [80850 ] (UC Web Inc.) <==== ACHTUNG
Unlock: C:\WINDOWS\System32\drivers:ucdrv-x64.sys
C:\WINDOWS\System32\drivers:ucdrv-x64.sys
R1 UCGuard; C:\WINDOWS\System32\DRIVERS\ucguard.sys [81792 2016-08-29] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== ACHTUNG
Unlock: C:\WINDOWS\System32\DRIVERS\ucguard.sys
C:\WINDOWS\System32\DRIVERS\ucguard.sys
Unlock: C:\Users\Benjamin\AppData\Roaming\wyUpdate AU
C:\Users\Benjamin\AppData\Roaming\wyUpdate AU
C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job
C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
C:\WINDOWS\Tasks\UCBrowserUpdater.job
C:\WINDOWS\System32\Tasks\UCBrowserUpdater
C:\WINDOWS\System32\Tasks\SecureUpdater
C:\Users\Benjamin\AppData\Local\UCBrowser
C:\Program Files (x86)\UCBrowser
C:\ProgramData\Avira
C:\ProgramData\Avg
C:\ProgramData\AVAST Software
C:\WINDOWS\System32\Tasks\Cwspgajother Provider
C:\WINDOWS\System32\Tasks\090814979df9a1cbff315bc3871a6032
C:\Users\Public\Thunder Network
C:\Program Files (x86)\Phowert
C:\Users\Benjamin\AppData\Roaming\Hnentqerky
C:\Users\Benjamin\AppData\Local\Wisahoroly
C:\Users\Benjamin\Downloads\Cheat Bot Package.zip
Task: {2CA40D83-1939-47D2-A855-2F7A4FAB06E8} - System32\Tasks\SecureUpdater => C:\Program Files (x86)\UCBrowser\Application\uclauncher.exe [2016-11-04] (UC Web Inc.) <==== ACHTUNG
Task: {33E118EB-0693-4BEC-88A4-A38AF88114D0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {40BD5A48-16A5-429F-85F3-0176EF3735A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {43E0225D-0996-45E3-BC8E-A4C886C60E52} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-10-31] (UCWeb Inc) <==== ACHTUNG
Task: {64AAF96A-BD92-463B-BE03-B8B88DC23005} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {7A34A017-10ED-43F4-B3ED-275D45FE199B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {826CF2EA-D0DF-45E0-AF6A-95816F289396} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {96B2DA81-9A99-40BB-AC28-1AA2DB91F55E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {99363A44-6DEC-4356-B050-29265EFD2B77} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {9DC45D87-CD47-4FF5-B828-8EEAA989237A} - System32\Tasks\Cwspgajother Provider => C:\Program Files (x86)\Phowert\steiing.exe [2016-11-04] (Glarysoft Ltd)
Task: {A392F5FC-6486-4E05-AEBD-55CDEC33D22A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {A54A7010-1548-4C4B-A473-6223323ADCC3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {A8B04EAC-2AF5-4B8A-86CA-687A402989E2} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-10-31] (UCWeb Inc) <==== ACHTUNG
Task: {D082025C-E335-415A-A00D-C3591ED52A58} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {D274DC96-E8BC-4642-92F0-F538D9913564} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Unlock: C:\Program Files (x86)\UCBrowser
C:\Program Files (x86)\UCBrowser
CMD: type "C:\iexplore.bat"
C:\iexplore.bat
CMD: type "C:\launcher.bat"
C:\launcher.bat
CMD: type "C:\Users\Benjamin\AppData\Roaming\2.txt"
Shortcut: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехplоrеr.lnk -> C:\iexplore.bat ()
Shortcut: C:\Users\Benjamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\iexplore.bat ()
Shortcut: C:\Users\Benjamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\chrome.bat (Keine Datei)
Shortcut: C:\Users\Benjamin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnеt Ехplоrеr.lnk -> C:\iexplore.bat ()
ShortcutWithArgument: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\nodejs\nodevars.bat"
Unlock: C:\Program Files\nodejs
C:\Program Files\nodejs
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [80850]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [360536]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1156450]
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 5
Bitte poste mit deiner nächsten Antwort
|
|
| Themen zu UCGuard nicht entfernbar und andere Malware |
| appdata, bericht, button, cid, code, dateien, defender, dll, entfernen, firefox, google, home, hängt, infizierte, lösung, malware, microsoft, ordner, rechner, registry, secure, server, software, windows, wmi |
Hybrid-Darstellung
