| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Doppelte unterstriche und sehr langsamer SystemstartWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.07.2017, 09:06
| #1 |
 |  Doppelte unterstriche und sehr langsamer Systemstart Hallo zusammen Ich habe bereits im Forum herumgelesen und habe daher bereits den Farbar scanner heruntergeladen und eine Untersuchung durchgeführt. Die Resultate poste ich weiter unten. Nun aber zum Problem ... Zum Einen habe ich auf manchen Webseiten (meist in Foren oder auf Kommentarseiten, jedoch auf den meisten "normalen" Seiten nicht, oder nur selten) doppelt unterstrichene Worte, die dann beim Darüberfahren mit der Maus ein Werbefeld aufgehen lassen. Zum Anderen startet mein System seit ca einer Woche extrem langsam. Es brauchte sonst lediglich vielleicht 10 - 20 Sekunden. Im Moment benötigt es dazu 2 bis 3 Minuten (manchmal mehr). Bis zum Bildschirm "Windows wird gestartet" ist alles in Ordnung, dann dauert es ewig. Ich poste auch mal einen Screenshot von der Konfiguration des Systems. Ich wäre für jede Hilfe sehr dankbar, da ich den PC auch zum Arbeiten benötige...  Code:
ATTFilter angUntersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 11-07-2017
durchgeführt von Andi (Administrator) auf AGS-PC (12-07-2017 09:49:26)
Gestartet von C:\Users\Andi\Downloads
Geladene Profile: Andi (Verfügbare Profile: Andi & Jeanny)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel® Corporation) C:\Program Files\Intel\ConnectCenter\bin\CCFManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(SDL) C:\Program Files (x86)\Common Files\SDL\Telemetrics\Sdl.Desktop.ProductTelemetrics.Host.Windows.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Program Files\Intel\STCServ\STCServ.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSGPlusBTServer64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSmartGestureDetector64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(SDL) C:\Program Files (x86)\SDL\SDL Trados Studio\Studio5\SDLTradosStudio.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [IntelConnectCenter] => C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe [90112 2015-03-16] (Intel® Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Sound Blaster Tactic3D Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Tactic(3D)\Sound Blaster Tactic(3D) Control Panel\Tactic3D.exe [2091008 2014-07-03] (Creative Technology Ltd)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [134480 2016-06-16] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [918008 2017-06-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-621980183-3602246592-3111385562-1000\...\MountPoints2: {925c8e7e-afd6-11e6-a9f0-d0509989981b} - L:\Setup.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{00136E05-4921-4A2F-9D07-82E260986944}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9DC98569-598A-418E-AD52-46C384025607}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKU\S-1-5-21-621980183-3602246592-3111385562-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-621980183-3602246592-3111385562-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-621980183-3602246592-3111385562-1000 -> DefaultScope {8EB27096-0ABF-414F-BB50-41BE9F13B2E6} URL =
SearchScopes: HKU\S-1-5-21-621980183-3602246592-3111385562-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-621980183-3602246592-3111385562-1000 -> {8EB27096-0ABF-414F-BB50-41BE9F13B2E6} URL =
SearchScopes: HKU\S-1-5-21-621980183-3602246592-3111385562-1000 -> {91120B82-7C23-424B-B036-5252EC9FEA84} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-06] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-07-06] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: PDF Architect 4 Helper -> {38279E1A-7019-40C1-B579-E99DFB3312E8} -> C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll [2016-08-05] (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-07-11] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-07-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-07-11] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - PDF Architect 4 Toolbar - {23FD9C33-A9E1-48A1-8404-E5925CF1C8E1} - C:\Program Files (x86)\PDF Architect 4\creator-ie-plugin.dll [2016-08-05] (pdfforge GmbH)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-06] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: a7jg73x5.default
FF ProfilePath: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\a7jg73x5.default [2017-07-12]
FF NewTab: Mozilla\Firefox\Profiles\a7jg73x5.default -> about:home
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\a7jg73x5.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\a7jg73x5.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\a7jg73x5.default -> about:home
FF Session Restore: Mozilla\Firefox\Profiles\a7jg73x5.default -> ist aktiviert.
FF Extension: (YouTube Download Plus) - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\a7jg73x5.default\Extensions\addon@ytdownloader.info.xpi [2017-02-25]
FF Extension: (Tab Scope) - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\a7jg73x5.default\Extensions\tabscope@xuldev.org.xpi [2017-02-25]
FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\a7jg73x5.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2017-07-09]
FF Extension: (Video DownloadHelper) - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\a7jg73x5.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-10]
FF SearchPlugin: C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\a7jg73x5.default\searchplugins\google-lavasoft.xml [2016-11-19]
FF HKLM\...\Firefox\Extensions: [pdf_architect_4_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension
FF Extension: (PDF Architect 4 Creator) - C:\Program Files\PDF Architect 4\resources\pdfarchitect4firefoxextension [2017-01-13] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-07-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-07-08] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-07-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-06-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-06-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
Chrome:
=======
CHR NewTab: Default -> Active:"chrome-extension://fdbpcigaolookbahgdofnimidinicfid/newtab.html"
CHR DefaultSearchURL: Default -> hxxp://www.ultimateshoppingsearch.com/default?q={searchTerms}&PCSF=SU_DEFAULT
CHR DefaultSearchKeyword: Default -> ultimateshoppingsearch.com
CHR DefaultSuggestURL: Default -> hxxp://www.ultimateshoppingsearch.com/suggest/CSuggestJson.ashx?prefix={searchTerms}&PCSF=SU_SUGGEST
CHR Profile: C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default [2017-07-08]
CHR Extension: (Google Slides) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-12]
CHR Extension: (Google Docs) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-12]
CHR Extension: (Google Drive) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-12]
CHR Extension: (YouTube) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-12]
CHR Extension: (Avast SafePrice) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-05-15]
CHR Extension: (Yahoo Partner) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdbpcigaolookbahgdofnimidinicfid [2017-02-14]
CHR Extension: (Google Sheets) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-12]
CHR Extension: (Avira Browser Safety) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-01-12]
CHR Extension: (Google Docs Offline) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-14]
CHR Extension: (Avast Online Security) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-24]
CHR Extension: (Gmail) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-12]
CHR Extension: (Chrome Media Router) - C:\Users\Andi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fdbpcigaolookbahgdofnimidinicfid] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Dienste (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-06-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1524216 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [377976 2017-06-13] (Avira Operations GmbH & Co. KG)
S2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [335088 2017-06-23] (Avira Operations GmbH & Co. KG)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-02] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-02] (BlueStack Systems, Inc.)
S4 chip1click; C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [91136 2016-10-27] (Chip Digital GmbH) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4411592 2017-06-23] (Microsoft Corporation)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [Datei ist nicht signiert]
S4 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [391656 2016-08-24] (Digital Wave Ltd.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2014-05-15] ()
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.587\McCHSvc.exe [404376 2017-06-30] (McAfee, Inc.)
S4 memoQauhlp78; C:\Program Files (x86)\Kilgray\memoQ-2015\MemoQ.AutoUpdate.exe [221072 2017-01-16] (Kilgray)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-10] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-27] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2017-02-10] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2155920 2017-06-02] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3125656 2017-06-02] (Electronic Arts)
S4 PDF Architect 4; C:\Program Files\PDF Architect 4\ws.exe [2438880 2016-08-05] (pdfforge GmbH)
S4 PDF Architect 4 CrashHandler; C:\Program Files\PDF Architect 4\crash-handler-ws.exe [1038048 2016-08-05] (pdfforge GmbH)
S4 PDF Architect 4 Creator; C:\Program Files\PDF Architect 4\creator-ws.exe [851168 2016-08-05] (pdfforge GmbH)
S4 PDF Architect 4 Manager; C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe [972056 2016-05-18] (© pdfforge GmbH.)
R2 Sdl.ProductTelemetrics.v1; C:\Program Files (x86)\Common Files\SDL\Telemetrics\Sdl.Desktop.ProductTelemetrics.Host.Windows.exe [12288 2016-11-09] (SDL) [Datei ist nicht signiert]
R2 STCServ; C:\Program Files\Intel\STCServ\STCServ.exe [8095456 2015-03-16] (Intel Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3746584 2016-06-16] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-06-14] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114424 2016-05-24] (Check Point Software Technologies, Ltd.)
===================== Treiber (Nicht auf der Ausnahmeliste) ======================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.)
S3 ampa; C:\Windows\system32\ampa.sys [19568 2015-11-10] () [Datei ist nicht signiert]
S3 ampa; C:\Windows\SysWOW64\ampa.sys [19568 2015-11-10] () [Datei ist nicht signiert]
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [39704 2016-11-03] (Windows (R) Win 7 DDK provider)
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [75584 2016-11-03] (ASUS Corporation)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [64504 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [185032 2017-06-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [149976 2017-06-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-06-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-06-02] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [34128 2017-06-02] (Avira Operations GmbH & Co. KG)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-02] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-02] (Bluestack System Inc. )
S3 dc21x4vm; C:\Windows\System32\DRIVERS\dc21x4vm.sys [57344 2009-06-10] (Microsoft Corp.)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [39296 2013-08-05] (Etron Technology Inc)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [252832 2017-07-11] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-30] (Malwarebytes)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2017-02-10] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57792 2017-06-28] (NVIDIA Corporation)
R3 phantomtap; C:\Windows\System32\DRIVERS\phantomtap.sys [35664 2017-05-18] (The OpenVPN Project)
R3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2013-05-31] (Creative Technology Ltd.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461240 2017-07-01] (Check Point Software Technologies Ltd.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-07-12 09:49 - 2017-07-12 09:50 - 00025364 _____ C:\Users\Andi\Downloads\FRST.txt
2017-07-12 09:49 - 2017-07-12 09:49 - 00000000 ____D C:\FRST
2017-07-12 09:48 - 2017-07-12 09:48 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Andi\Downloads\mbar-1.09.3.1001.exe
2017-07-12 09:48 - 2017-07-12 09:48 - 04110280 _____ C:\Users\Andi\Downloads\AdwCleaner_6.047.exe
2017-07-12 09:48 - 2017-07-12 09:48 - 01663672 _____ (Malwarebytes) C:\Users\Andi\Downloads\JRT.exe
2017-07-12 09:47 - 2017-07-12 09:48 - 02435584 _____ (Farbar) C:\Users\Andi\Downloads\FRST64.exe
2017-07-12 01:56 - 2017-07-12 01:56 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-07-12 01:56 - 2017-06-27 22:27 - 00135616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-07-12 01:56 - 2017-03-10 23:17 - 00536864 _____ C:\Windows\system32\vulkan-1.dll
2017-07-12 01:56 - 2017-03-10 23:17 - 00525600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-07-12 01:56 - 2017-03-10 23:17 - 00254240 _____ C:\Windows\system32\vulkaninfo.exe
2017-07-12 01:56 - 2017-03-10 23:17 - 00233760 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-07-12 01:54 - 2017-06-28 00:38 - 40239736 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 35798136 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 35314296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 28922488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 18726880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 15437248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-07-12 01:54 - 2017-06-28 00:38 - 14688096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 13559376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 12337112 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 12132272 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 11501960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 10381336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 09982456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 03803256 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 03359168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 01988216 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438476.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 01597888 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438476.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 01066616 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 01004480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 00972736 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 00924280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 00689808 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 00578056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 00512672 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 00499320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 00429920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 00407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 00218712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-07-12 01:54 - 2017-06-28 00:38 - 00171384 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 00154208 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 00149224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 00132072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 00057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-07-12 01:54 - 2017-06-28 00:38 - 00045976 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-07-12 01:54 - 2017-06-28 00:38 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-07-12 01:54 - 2017-06-28 00:38 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-07-12 01:46 - 2017-07-12 01:46 - 00262144 ____N C:\Windows\Minidump\071217-59233-01.dmp
2017-07-11 16:42 - 2017-07-11 16:42 - 13763133 _____ C:\Users\Jeanny\Desktop\JurassiCraft-2.0.5.jar
2017-07-11 16:12 - 2017-07-11 16:13 - 13824772 _____ C:\Users\Jeanny\Downloads\Terra Swoop Force - By Noxcrew (V1.5.2) (Unzip This).zip.part
2017-07-10 22:51 - 2017-07-10 23:12 - 406760479 _____ C:\Users\Andi\Desktop\Die Hütte - Ein Wochenende mit Gott stream German HD.mp4
2017-07-10 22:50 - 2017-07-10 23:27 - 461918116 _____ C:\Users\Andi\Desktop\Kong Skull Island stream German HD.mp4
2017-07-10 22:49 - 2017-07-10 23:14 - 462197636 _____ C:\Users\Andi\Desktop\Full Metal Jacket stream German HD.mp4
2017-07-10 14:11 - 2017-07-10 14:11 - 02968434 _____ C:\Users\Jeanny\Desktop\Harvest-Festival-1.10.2-0.5.27.jar
2017-07-08 22:32 - 2017-07-08 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-07-08 22:32 - 2017-07-08 22:32 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-07-08 22:02 - 2017-07-08 22:02 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2017-07-08 15:29 - 2017-07-08 16:29 - 00000000 ____D C:\Users\Jeanny\Desktop\Kopie von §8§lGielinor - The 4th
2017-07-08 14:43 - 2017-07-08 15:29 - 00000000 ____D C:\Users\Jeanny\Desktop\Gielinor the Fourth Age 1.2 (by Team Nemesis)
2017-07-08 12:00 - 2017-07-08 12:00 - 00648953 _____ C:\Users\Jeanny\Downloads\Farming Pack 1.0-3.0.zip
2017-07-07 14:29 - 2017-07-07 14:30 - 55619521 _____ C:\Users\Jeanny\Downloads\Gielinor the Fourth Age 1.2 (by Team Nemesis).zip
2017-07-06 16:03 - 2017-07-06 16:03 - 03306597 _____ C:\Users\Jeanny\Downloads\MCA-1.10.2-5.2.3-universal.jar
2017-07-04 01:23 - 2017-07-04 01:23 - 00389392 _____ C:\Users\Andi\Desktop\KursGottesdienstgestaltung-Stand-Sept2013.pdf
2017-07-04 01:23 - 2017-07-04 01:23 - 00266863 _____ C:\Users\Andi\Desktop\Flyer.pdf
2017-07-03 12:24 - 2017-07-03 12:24 - 05138221 _____ C:\Users\Andi\Documents\EKS_Januar_bis_Mai.pdf
2017-07-03 12:22 - 2017-07-03 12:23 - 05142411 _____ C:\Users\Andi\Documents\IMG_20170703_0003.pdf
2017-07-03 12:19 - 2017-07-03 12:21 - 00023451 _____ C:\Users\Andi\Documents\IMG_20170703_0002.pdf
2017-07-03 12:16 - 2017-07-03 12:18 - 00023158 _____ C:\Users\Andi\Documents\IMG_20170703_0001.pdf
2017-07-03 10:57 - 2017-07-03 10:57 - 00257489 _____ C:\Users\Andi\Downloads\Anlage-EKS-Erklaerung-Einkommen-Selbstaendiger.pdf
2017-07-02 13:36 - 2017-07-11 17:22 - 00000000 ____D C:\Users\Jeanny\AppData\Roaming\Modinstaller
2017-07-02 13:36 - 2017-07-02 13:36 - 00001976 _____ C:\Users\Jeanny\Desktop\MC Modinstaller.LNK
2017-06-30 22:45 - 2017-06-30 22:45 - 00000000 _____ C:\Windows\system32\Drivers\etc\lmhosts
2017-06-30 22:44 - 2017-06-30 22:44 - 00438992 _____ C:\Windows\system32\Drivers\vsconfig.xml
2017-06-30 22:43 - 2017-06-30 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2017-06-30 22:42 - 2017-06-30 22:43 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2017-06-30 22:42 - 2017-06-30 22:42 - 00000000 ____D C:\ProgramData\CheckPoint
2017-06-30 22:41 - 2017-06-30 22:41 - 01524744 _____ C:\Users\Andi\Downloads\ZoneAlarm Free Firewall - CHIP-Installer.exe
2017-06-30 22:39 - 2017-06-30 22:40 - 10569376 _____ (ashampoo GmbH & Co. KG ) C:\Users\Andi\Downloads\ashampoo_firewall_free_120_sm.exe
2017-06-30 22:23 - 2017-06-30 22:23 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Avira
2017-06-30 22:22 - 2017-06-02 19:05 - 00185032 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2017-06-30 22:22 - 2017-06-02 19:05 - 00149976 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2017-06-30 22:22 - 2017-06-02 19:05 - 00078600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2017-06-30 22:22 - 2017-06-02 19:05 - 00064504 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
2017-06-30 22:22 - 2017-06-02 19:05 - 00035328 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2017-06-30 22:22 - 2017-06-02 19:05 - 00034128 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2017-06-28 23:00 - 2017-06-28 23:12 - 00000000 ____D C:\AdwCleaner
2017-06-28 22:49 - 2017-06-28 22:49 - 04110280 _____ C:\Users\Andi\Downloads\adwcleaner_6.047__1_.exe
2017-06-28 22:48 - 2017-06-28 22:48 - 00000000 ____D C:\Users\Andi\Documents\Simply Super Software
2017-06-28 22:46 - 2017-07-02 02:28 - 00000000 ____D C:\Users\Andi\Desktop\Programme
2017-06-28 22:45 - 2017-06-28 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrojanHunter
2017-06-28 22:45 - 2017-06-28 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2017-06-28 22:45 - 2017-06-28 22:45 - 00000000 ____D C:\Program Files (x86)\TrojanHunter
2017-06-28 22:44 - 2017-06-28 22:45 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2017-06-28 22:44 - 2017-06-28 22:44 - 00000000 ____D C:\ProgramData\Simply Super Software
2017-06-28 22:43 - 2017-06-28 22:43 - 01524744 _____ C:\Users\Andi\Downloads\TrojanHunter - CHIP-Installer.exe
2017-06-28 22:43 - 2017-06-28 22:43 - 01524744 _____ C:\Users\Andi\Downloads\Trojan Remover - CHIP-Installer.exe
2017-06-28 22:43 - 2017-06-28 22:43 - 01524744 _____ C:\Users\Andi\Downloads\Malwarebytes Malware Scanner - CHIP-Installer.exe
2017-06-28 16:54 - 2017-06-28 16:54 - 00262144 ____N C:\Windows\Minidump\062817-19827-01.dmp
2017-06-28 16:12 - 2017-06-28 16:12 - 00406352 _____ C:\Windows\Minidump\062817-19858-01.dmp
2017-06-25 13:02 - 2017-06-25 13:02 - 00406336 _____ C:\Windows\Minidump\062517-20186-01.dmp
2017-06-24 20:43 - 2017-06-24 20:43 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Media Player Classic
2017-06-24 20:19 - 2017-06-24 20:19 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video-Converter.lnk
2017-06-24 20:19 - 2017-06-24 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme
2017-06-24 20:19 - 2017-06-24 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette
2017-06-24 20:19 - 2017-06-24 20:19 - 00000000 ____D C:\Program Files (x86)\NCH Software
2017-06-24 20:18 - 2017-06-24 20:18 - 00683760 _____ (NCH Software) C:\Users\Andi\Downloads\prismpsetup.exe
2017-06-24 20:11 - 2017-06-24 20:11 - 00000000 ____D C:\Users\Andi\Desktop\Neuer Ordner
2017-06-24 19:02 - 2017-06-24 19:02 - 00262144 ____N C:\Windows\Minidump\062417-20841-01.dmp
2017-06-24 18:56 - 2017-06-24 18:56 - 00000000 ____D C:\Users\Andi\AppData\Local\DivXConverter
2017-06-24 18:56 - 2017-06-24 18:56 - 00000000 ____D C:\Users\Andi\.MCTranscodingSDK
2017-06-24 18:55 - 2017-06-24 18:55 - 00003652 _____ C:\Windows\System32\Tasks\DivXUpdate
2017-06-24 18:55 - 2017-06-24 18:55 - 00000000 ____D C:\Users\Andi\AppData\Roaming\DivX
2017-06-24 18:55 - 2017-06-24 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2017-06-24 18:54 - 2017-06-24 18:55 - 00000000 ____D C:\Program Files (x86)\DivX
2017-06-24 18:54 - 2017-06-24 18:54 - 00000000 ____D C:\Users\Andi\Documents\Any Video Converter
2017-06-24 18:53 - 2017-06-24 18:58 - 00000000 ____D C:\ProgramData\DivX
2017-06-24 18:53 - 2017-06-24 18:54 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Anvsoft
2017-06-24 18:53 - 2017-06-24 18:53 - 00000000 ____D C:\Program Files (x86)\Anvsoft
2017-06-24 18:50 - 2017-06-24 18:50 - 50652912 _____ C:\Users\Andi\Downloads\avc-free_6.1.4.exe
2017-06-24 18:43 - 2017-06-24 18:51 - 138259902 _____ C:\Users\Andi\Downloads\Luther.mp4
2017-06-24 18:39 - 2017-06-24 18:39 - 00000000 ____D C:\output media
2017-06-24 18:38 - 2017-06-24 18:38 - 00000034 ____H C:\Windows\SysWOW64\Converter_sysquict.dat
2017-06-24 18:38 - 2017-06-24 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Convert to DIVX AVI WMV MP4 MPEG Converter
2017-06-24 18:38 - 2017-06-24 18:38 - 00000000 ____D C:\Program Files (x86)\Free Convert to DIVX AVI WMV MP4 MPEG Converter
2017-06-24 18:37 - 2011-01-28 10:00 - 00080896 _____ C:\Windows\SysWOW64\ff_vfw.dll
2017-06-24 18:37 - 2011-01-28 10:00 - 00000038 _____ C:\Windows\avisplitter.ini
2017-06-24 18:37 - 2010-12-10 18:57 - 00000590 _____ C:\Windows\SysWOW64\ff_vfw.dll.manifest
2017-06-24 18:37 - 2010-12-07 20:40 - 00183808 _____ C:\Windows\SysWOW64\xvidvfw.dll
2017-06-24 18:37 - 2010-12-07 20:22 - 00810496 _____ C:\Windows\SysWOW64\xvidcore.dll
2017-06-24 18:37 - 2010-11-03 21:08 - 00237568 _____ (www.helixcommunity.org) C:\Windows\SysWOW64\yv12vfw.dll
2017-06-24 18:37 - 2010-03-15 12:31 - 00165376 _____ C:\Windows\SysWOW64\unrar.dll
2017-06-24 18:37 - 2010-01-17 18:18 - 00151552 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2017-06-24 18:37 - 2008-10-03 15:30 - 00000414 _____ C:\Windows\SysWOW64\lame_acm.xml
2017-06-24 18:37 - 2008-09-24 21:41 - 00839680 _____ (hxxp://www.mp3dev.org/) C:\Windows\SysWOW64\lameACM.acm
2017-06-24 18:35 - 2017-06-24 18:36 - 19378336 _____ (Xillvideo Software, Inc. ) C:\Users\Andi\Downloads\free_xill_to_divx_avi_wmv_mp4_mpeg.exe
2017-06-24 18:35 - 2017-06-24 18:35 - 02433992 _____ (DivX, LLC) C:\Users\Andi\Downloads\DivXInstaller.exe
2017-06-22 16:03 - 2017-07-06 18:41 - 00000000 ____D C:\Users\Jeanny\Desktop\Survival mit papa
2017-06-22 14:09 - 2017-06-22 14:09 - 00000000 ____D C:\Users\Jeanny\Desktop\game
2017-06-22 14:08 - 2017-06-22 14:09 - 38970240 _____ (Mojang) C:\Users\Jeanny\Desktop\Minecraft.exe
2017-06-22 14:04 - 2017-07-11 18:37 - 00000000 ____D C:\Users\Jeanny\AppData\Roaming\.minecraft
2017-06-18 16:41 - 2017-06-18 16:41 - 00262144 ____N C:\Windows\Minidump\061817-18642-01.dmp
2017-06-17 23:04 - 2017-06-17 23:06 - 247942007 _____ C:\Users\Andi\Downloads\1 HOUR Highlights of Hells Kitchen Contestants being Roasted UNCENSORED - YouTube [360p].mp4
2017-06-16 23:36 - 2017-06-16 23:38 - 311612753 _____ C:\Users\Andi\Downloads\Gordon Ramsey Hell's Kitchen Uncut Uncensored Highlight's Ep 3 - YouTube [360p].mp4
2017-06-16 16:00 - 2017-06-16 16:00 - 00262144 ____N C:\Windows\Minidump\061617-19312-01.dmp
2017-06-13 16:21 - 2017-06-13 16:21 - 00304435 _____ C:\Users\Jeanny\Downloads\Lucky-Block-Water-Mod-1.8.zip
2017-06-13 09:15 - 2017-06-13 09:24 - 1395444823 _____ C:\Users\Andi\Downloads\Let's Play Silent Hunter III + LSH3 2015 MOD - 50 - Vier Jahre Kriegstagebuch! - YouTube [360p].mp4
2017-06-12 23:58 - 2017-06-12 23:58 - 00262144 ____N C:\Windows\Minidump\061217-19406-01.dmp
2017-06-12 23:55 - 2017-06-13 00:00 - 42369660 _____ C:\Users\Andi\Downloads\Hell's Kitchen - Signature Dishes Challenge s10 - YouTube [360p].mp4
2017-06-12 23:54 - 2017-06-12 23:54 - 25369577 _____ C:\Users\Andi\Downloads\Hell's Kitchen- Season 2 Signature Dishes Uncensored! - YouTube [360p].mp4
2017-06-12 23:54 - 2017-06-12 23:54 - 22807351 _____ C:\Users\Andi\Downloads\Hell's Kitchen- Season 5 Signature Dishes Uncensored - YouTube [360p].mp4
2017-06-12 23:46 - 2017-06-12 23:47 - 30536683 _____ C:\Users\Andi\Downloads\Hells Kitchen - Signature Dishes Challenge s14 - YouTube [360p].mp4
2017-06-12 23:39 - 2017-06-12 23:39 - 21406728 _____ C:\Users\Andi\Downloads\Gordon Ramsay Hell's Kitchen - Signature Dish Challenge Classic S 1 ! - YouTube [360p].mp4
2017-06-12 23:31 - 2017-06-12 23:32 - 255235731 _____ C:\Users\Andi\Downloads\Hell's Kitchen Contestants being verbally Destroyed by Gordon Ramsay - YouTube [360p].mp4
2017-06-12 22:46 - 2017-06-12 22:47 - 82129311 _____ C:\Users\Andi\Downloads\Hell's Kitchen S07 - Best Of (Uncensored) - Part 1 - YouTube [360p].mp4
2017-06-12 22:33 - 2017-06-12 22:33 - 47283903 _____ C:\Users\Andi\Downloads\Hell's Kitchen Season 3 Uncensored Highlights - YouTube [360p].mp4
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2017-07-12 09:39 - 2016-11-19 12:33 - 00000000 ____D C:\Users\Andi\AppData\LocalLow\Mozilla
2017-07-12 08:59 - 2009-07-14 06:45 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-12 08:59 - 2009-07-14 06:45 - 00021696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-12 08:44 - 2015-09-07 01:59 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-12 08:43 - 2016-12-13 13:15 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-07-12 08:43 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-12 01:58 - 2011-04-12 09:43 - 00699092 _____ C:\Windows\system32\perfh007.dat
2017-07-12 01:58 - 2011-04-12 09:43 - 00149232 _____ C:\Windows\system32\perfc007.dat
2017-07-12 01:58 - 2009-07-14 07:13 - 01619284 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-12 01:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-07-12 01:56 - 2015-09-07 02:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-07-12 01:56 - 2015-09-07 01:59 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-12 01:55 - 2015-09-07 01:58 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-07-12 01:53 - 2016-11-20 00:34 - 00003864 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1479594876
2017-07-12 01:53 - 2016-11-20 00:33 - 00000000 ___HD C:\Program Files (x86)\Opera
2017-07-12 01:47 - 2016-11-23 04:26 - 00000000 ____D C:\Windows\Minidump
2017-07-12 00:58 - 2016-11-21 01:03 - 00000000 ____D C:\Users\Andi\AppData\Roaming\vlc
2017-07-12 00:58 - 2016-11-20 02:18 - 00000000 ____D C:\ProgramData\Oracle
2017-07-11 22:54 - 2017-01-27 16:35 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-07-11 22:54 - 2017-01-27 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-11 22:54 - 2017-01-27 16:35 - 00000000 ____D C:\Program Files (x86)\Java
2017-07-11 22:27 - 2016-11-23 04:30 - 00000000 ____D C:\Windows\pss
2017-07-11 22:18 - 2017-03-15 22:11 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-11 22:17 - 2017-01-13 17:25 - 00000000 ____D C:\ProgramData\TEMP
2017-07-11 22:14 - 2016-11-19 23:31 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-07-11 22:14 - 2016-11-19 23:30 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-11 19:17 - 2017-05-03 14:52 - 00001219 _____ C:\Users\Jeanny\Desktop\nativelog.txt
2017-07-11 19:17 - 2016-11-20 01:09 - 00000000 ____D C:\Users\Jeanny\AppData\LocalLow\Mozilla
2017-07-11 09:51 - 2017-06-01 22:11 - 00000000 ____D C:\Users\Andi\Desktop\Adi-Bewerbungen
2017-07-11 08:56 - 2016-10-24 16:53 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-11 08:55 - 2016-11-19 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-07-10 13:22 - 2017-01-26 16:56 - 00000000 ____D C:\Users\Andi\AppData\Roaming\Skype
2017-07-09 13:17 - 2017-06-05 12:37 - 00000000 ____D C:\Users\Jeanny\Desktop\ThemePark for Pat & Jen
2017-07-08 22:02 - 2016-11-21 19:58 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-07-08 22:02 - 2016-11-21 19:58 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-08 22:02 - 2016-11-21 19:58 - 00004366 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-07-08 22:02 - 2016-11-21 19:58 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-07-08 22:02 - 2016-11-21 19:58 - 00000000 ____D C:\Windows\system32\Macromed
2017-07-08 22:02 - 2016-11-20 23:56 - 00000000 ____D C:\Users\Andi\AppData\Local\Adobe
2017-07-07 21:12 - 2016-11-19 12:45 - 00000000 ____D C:\Users\Andi\Desktop\Zeug
2017-07-07 21:11 - 2016-11-19 12:59 - 00120864 _____ C:\Users\Andi\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-07 12:53 - 2016-11-20 01:02 - 00120864 _____ C:\Users\Jeanny\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-07 12:51 - 2009-07-14 06:45 - 00469192 _____ C:\Windows\system32\FNTCACHE.DAT
2017-07-07 07:15 - 2016-06-27 11:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-06 23:15 - 2016-06-27 11:37 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-05 15:27 - 2017-05-12 17:12 - 00000000 ____D C:\Users\Jeanny\AppData\Local\CrashDumps
2017-07-03 12:18 - 2016-11-23 16:09 - 00000000 ____D C:\ProgramData\CanonIJPLM
2017-07-03 10:55 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-07-02 15:23 - 2017-03-18 13:33 - 00000000 ____D C:\Users\Jeanny\AppData\Roaming\rabc
2017-07-02 13:36 - 2016-11-20 02:19 - 00001962 _____ C:\Users\Jeanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MC Modinstaller.LNK
2017-07-01 22:45 - 2016-06-16 00:51 - 00461240 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys
2017-07-01 15:47 - 2016-11-19 12:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-01 15:47 - 2016-11-19 12:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-30 22:22 - 2016-11-19 23:34 - 00000000 ____D C:\ProgramData\Avira
2017-06-28 23:09 - 2017-03-15 22:05 - 00000000 ____D C:\Program Files\Common Files\AV
2017-06-28 23:09 - 2017-03-15 22:02 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-28 22:50 - 2017-03-15 22:11 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-28 22:47 - 2017-03-15 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-28 22:12 - 2017-01-12 22:06 - 00002194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 16:12 - 2016-11-24 01:56 - 714075098 _____ C:\Windows\MEMORY.DMP
2017-06-28 00:38 - 2015-09-07 01:58 - 21432048 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-06-28 00:38 - 2015-09-07 01:58 - 17806048 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-06-28 00:38 - 2015-09-07 01:58 - 04186824 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-06-28 00:38 - 2015-09-07 01:58 - 03691192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-06-28 00:38 - 2015-09-07 01:58 - 01615448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-06-28 00:38 - 2015-09-07 01:58 - 00491720 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-06-28 00:38 - 2015-09-07 01:58 - 00044110 _____ C:\Windows\system32\nvinfo.pb
2017-06-27 23:03 - 2015-09-07 01:59 - 06462400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-06-27 23:03 - 2015-09-07 01:59 - 02478712 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-06-27 23:03 - 2015-09-07 01:59 - 01762936 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-06-27 23:03 - 2015-09-07 01:59 - 00549312 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-06-27 23:03 - 2015-09-07 01:59 - 00392312 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-06-27 23:03 - 2015-09-07 01:59 - 00082040 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-06-27 23:03 - 2015-09-07 01:59 - 00069752 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-06-27 22:52 - 2015-09-07 01:59 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-06-27 17:02 - 2016-11-22 23:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-06-27 00:30 - 2017-05-29 13:55 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-06-26 15:56 - 2017-06-02 13:43 - 00000000 ____D C:\ProgramData\Origin
2017-06-24 20:44 - 2016-11-27 13:35 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2017-06-24 20:12 - 2016-12-04 14:17 - 00000000 ____D C:\Users\Andi\AppData\Roaming\obs-studio
2017-06-24 20:09 - 2017-01-31 17:40 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-06-24 18:56 - 2016-11-18 18:34 - 00000000 ____D C:\Users\Andi
2017-06-24 18:38 - 2016-11-19 20:37 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2017-06-24 18:37 - 2016-11-19 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2017-06-23 13:31 - 2017-02-26 12:20 - 00003170 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-23 13:31 - 2017-02-26 12:20 - 00000000 ___RD C:\Users\Jeanny\OneDrive
2017-06-23 13:31 - 2016-11-20 01:01 - 00002185 _____ C:\Users\Jeanny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-06-22 22:30 - 2015-09-07 01:59 - 08076177 _____ C:\Windows\system32\nvcoproc.bin
2017-06-22 14:09 - 2017-02-04 18:15 - 00000000 ____D C:\Users\Jeanny\Desktop\tmp
2017-06-22 14:02 - 2016-11-20 01:02 - 00000000 ____D C:\Users\Jeanny\AppData\Roaming\Adobe
2017-06-19 13:41 - 2016-12-13 03:44 - 00000000 ____D C:\Users\Andi\AppData\Local\Share Link
2017-06-16 14:34 - 2017-06-02 15:43 - 00000000 ____D C:\Users\Jeanny\AppData\Roaming\Origin
2017-06-16 13:50 - 2017-01-13 17:27 - 00000000 ____D C:\Users\Jeanny\AppData\Roaming\Farm Mania
2017-06-14 22:52 - 2017-03-03 18:42 - 00000000 ____D C:\Users\Andi\AppData\Local\CrashDumps
2017-06-14 17:22 - 2017-06-02 15:43 - 00000000 ____D C:\Users\Jeanny\AppData\Local\Origin
2017-06-14 11:26 - 2016-11-21 21:03 - 00000000 ____D C:\Users\Public\UntertitelNeu
2017-06-13 15:29 - 2016-11-20 00:56 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-06-13 09:12 - 2016-11-18 18:37 - 00000000 ____D C:\Users\Andi\Desktop\Arbeit
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-11-20 21:21 - 2017-01-31 20:09 - 0001059 _____ () C:\Users\Andi\AppData\Roaming\vso_ts_preview.xml
2016-11-23 04:18 - 2016-11-24 02:06 - 1307648 _____ () C:\Users\Andi\AppData\Local\file__0.localstorage
2017-03-03 15:50 - 2017-03-10 23:33 - 0000600 _____ () C:\Users\Andi\AppData\Local\PUTTY.RND
2016-11-30 03:26 - 2017-06-01 22:34 - 0001160 ___SH () C:\ProgramData\KGyGaAvL.sys
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Public\OpenOffice_4.1.3_Win_x86_install_de.exe
C:\Users\Public\Subtitle Edit - CHIP-Installer.exe
Einige Dateien in TEMP:
====================
2017-07-11 22:53 - 2017-07-11 22:53 - 0739904 _____ (Oracle Corporation) C:\Users\Andi\AppData\Local\Temp\jre-8u131-windows-au.exe
2015-09-07 02:00 - 2017-02-10 00:39 - 0868152 _____ (NVIDIA Corporation) C:\Users\Andi\AppData\Local\Temp\nvSCPAPI64.dll
2017-07-12 01:54 - 2017-02-10 00:39 - 0352704 _____ (NVIDIA Corporation) C:\Users\Andi\AppData\Local\Temp\nvStInst.exe
2017-07-07 18:06 - 2017-07-07 18:06 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-1390533001486367592.dll
2017-07-11 16:48 - 2017-07-11 16:48 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-1415396364333701880.dll
2017-07-05 14:23 - 2017-07-05 14:23 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-1427424307432995551.dll
2017-02-05 17:02 - 2017-02-05 17:02 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-1550513002760056503.dll
2017-07-10 13:51 - 2017-07-10 13:51 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-1829102861272725637.dll
2017-07-03 15:04 - 2017-07-03 15:04 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-2203415117062072094.dll
2017-07-07 14:22 - 2017-07-07 14:22 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-2209844414251552332.dll
2017-07-07 13:02 - 2017-07-07 13:02 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-2312956405125430718.dll
2017-07-03 13:14 - 2017-07-03 13:14 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-2374061059161976123.dll
2017-07-07 13:36 - 2017-07-07 13:36 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-2679210908756797800.dll
2017-07-04 13:56 - 2017-07-04 13:56 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-2795858324532182413.dll
2017-07-11 14:09 - 2017-07-11 14:09 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-2928887477895269920.dll
2017-07-09 15:31 - 2017-07-09 15:31 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-2948489749759053350.dll
2017-07-10 15:47 - 2017-07-10 15:47 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-327341638120913230.dll
2017-07-02 15:22 - 2017-07-02 15:22 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-3304870229542352651.dll
2017-07-09 15:34 - 2017-07-09 15:34 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-3442685405311275294.dll
2017-07-05 15:27 - 2017-07-05 15:27 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-3505055942341619065.dll
2017-07-07 14:03 - 2017-07-07 14:03 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-3550587541939100111.dll
2017-07-09 15:03 - 2017-07-09 15:03 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-4016304067054784494.dll
2017-07-09 15:26 - 2017-07-09 15:26 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-4092256336553935560.dll
2017-07-08 12:36 - 2017-07-08 12:36 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-4175116043655818339.dll
2017-07-02 13:38 - 2017-07-02 13:38 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-4175610318439682332.dll
2017-07-02 13:58 - 2017-07-02 13:58 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-4521371541405972896.dll
2017-07-02 15:27 - 2017-07-02 15:27 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-4607055030037190340.dll
2017-07-07 12:58 - 2017-07-07 12:58 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-4723958083998538462.dll
2017-07-11 17:13 - 2017-07-11 17:13 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-4725746593538196399.dll
2017-07-02 13:40 - 2017-07-02 13:40 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-4822696949216246654.dll
2017-07-04 14:54 - 2017-07-04 14:54 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-4965006537088542763.dll
2017-07-06 13:52 - 2017-07-06 13:52 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-4989709794326820586.dll
2017-07-04 13:32 - 2017-07-04 13:32 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-5011011183983601013.dll
2017-07-11 17:12 - 2017-07-11 17:12 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-5832321320005605090.dll
2017-07-09 14:46 - 2017-07-09 14:46 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-5891505233298053296.dll
2017-07-06 16:15 - 2017-07-06 16:15 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-6273216250880787465.dll
2017-07-09 15:50 - 2017-07-09 15:50 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-6416497324117706868.dll
2017-07-10 14:55 - 2017-07-10 14:55 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-6563591733916040989.dll
2017-07-10 15:40 - 2017-07-10 15:40 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-6711731997733439907.dll
2017-07-04 13:49 - 2017-07-04 13:49 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-6719314972753316772.dll
2017-07-03 15:18 - 2017-07-03 15:18 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-6730703654486226280.dll
2017-07-11 16:49 - 2017-07-11 16:49 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-6768770706573648662.dll
2017-07-11 13:26 - 2017-07-11 13:26 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-7024180310868209090.dll
2017-07-07 14:24 - 2017-07-07 14:24 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-705387765424317671.dll
2017-07-10 14:12 - 2017-07-10 14:12 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-7174028458667146295.dll
2017-07-09 15:31 - 2017-07-09 15:31 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-7247938503634575994.dll
2017-07-10 14:07 - 2017-07-10 14:07 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-7400271615561895210.dll
2017-07-02 14:00 - 2017-07-02 14:00 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-7436488516808548069.dll
2017-07-11 14:14 - 2017-07-11 14:14 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-7556881797113506552.dll
2017-07-04 17:17 - 2017-07-04 17:17 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-7632161786227790040.dll
2017-07-07 17:59 - 2017-07-07 17:59 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-7953023704885172038.dll
2017-07-09 15:26 - 2017-07-09 15:26 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-812187502804739297.dll
2017-07-03 15:17 - 2017-07-03 15:17 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-817142940014913332.dll
2017-07-09 15:02 - 2017-07-09 15:02 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-8375968535494980989.dll
2017-07-03 16:49 - 2017-07-03 16:49 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-9171180323047194678.dll
2017-07-09 15:51 - 2017-07-09 15:51 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Jeanny\AppData\Local\Temp\jansi-64-9192355784413923814.dll
==================== Bamital & volsnap ======================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2017-07-12 09:16
==================== Ende von FRST.txt ============================
|
|
12.07.2017, 12:50
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Doppelte unterstriche und sehr langsamer Systemstart addition.txt Logfile bitte nachreichen
__________________ Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
| Themen zu Doppelte unterstriche und sehr langsamer Systemstart |
| .dll, antivirus, avast, avdevprot, avdevprot.sys, avira, bildschirm, canon, computer, defender, explorer, firefox, flash player, homepage, maus, mozilla, node.js, problem, prozesse, registry, rundll, scan, security, server, services.exe, software, super, svchost.exe, system, windows |
Linear-Darstellung
