|
Plagegeister aller Art und deren Bekämpfung: USB VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.11.2016, 14:53 | #1 |
| USB Virus Hallo Leute, Bei mir ist, wie man so schön sagt so richtig die kacke am dampfen Ich muss mir aus dem Copyshop einen Virus über einen USB Stick eingefangen haben. Das weiß ich daher, weil ich mir hier im Forum erstmal die Threads durchgelesen habe, die zu meinem Problem passen. Und zwar wird ständig die Datei e maluel.doc als virus erkannt, sobald ich einen Stick einstecke. Außerdem werden die Dateien auf dem Stivk nurnoch als Verknüpfungen angezeigt. Das Problem ist, dass ich am besagten Tag eine Seminararbeit abgeben musste und so gut wie nichts ging. Deshalb hatte ich seitdem folgendes am PC angeschlossen, das ja dann denke ich mal auch verseucht ist. 4 Sticks, eine USB Festplatte mit Sachen drauf, die für mich für die Uni sehr wichtig sind, und noch einen portablen USB Drag and Drop DVD Brenner (wobei ich ganz ehrlich nicht weiß, ob der sich auch infizieren kann. Sollte dem so sein, dann habe ich mir wahrscheinlich auchnoch meinen zweiten PC infiziert). Ich bin wirklich um jede Hilfe dankbar. Das System plattzumachen wäre für mich auch ein Graus, da ich dort als einziges ein vorinstalliertes Officepacket habe, welches beim PC dabei war und von dem es bei mir demnach auch keine CD gab. Ich bin um.jede schnelle Hilfe sehr dankbar. Denn die nächste Seminararbeit steht schon wieder an Wie sollte ich da jetzt vorgehen um diesen Virus möglichst von allen Geräten runterzubekommen und meine Dateien zu behalten? MfG Michael Hier schon mal die FRST Logs: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2016 durchgeführt von Michael (Administrator) auf SPITT (29-11-2016 13:41:44) Gestartet von C:\Users\Michael\Downloads Geladene Profile: Michael (Verfügbare Profile: Michael) Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: IE) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe () C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe (Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe ==================== Registry (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671640 2014-04-10] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2014-04-15] (ELAN Microelectronics Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2014-03-12] (CyberLink Corp.) HKLM-x32\...\Run: [PowerDVD12Agent] => "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2014-03-07] (CyberLink Corp.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2016-03-03] () HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [134368 2015-07-02] (Avira Operations GmbH & Co. KG) HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-2257497389-2768460267-1156638137-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize HKU\S-1-5-21-2257497389-2768460267-1156638137-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29642368 2016-09-12] (Skype Technologies S.A.) HKU\S-1-5-21-2257497389-2768460267-1156638137-1001\...\RunOnce: [Uninstall C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" HKU\S-1-5-18\...\Run: [AppLauncher] => C:\Program Files (x86)\Ashampoo\Ashampoo AppLauncher\AppLauncher.exe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{4056DD07-9692-41D3-A726-A38F3CFD7A52}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKU\S-1-5-21-2257497389-2768460267-1156638137-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB HKU\S-1-5-21-2257497389-2768460267-1156638137-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB SearchScopes: HKU\S-1-5-21-2257497389-2768460267-1156638137-1001 -> {798517FA-63A7-47CE-9DBD-3832C9481A9E} URL = hxxps://de.search.yahoo.com/search?fr=mcafee&type=B011DE1140D20150416&p={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-10-11] (Microsoft Corporation) BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-09-27] (Microsoft Corporation) BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpn.uni-siegen.de/CACHE/stc/32/binaries/vpnweb.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\Hp8Jq8xY.default [2015-06-05] FF Extension: (Avira Browser Safety) - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\Hp8Jq8xY.default\Extensions\abs@avira.com [2015-06-02] [ist nicht signiert] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-11] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default [2016-11-29] CHR Extension: (Google Präsentationen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-11] CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-14] CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10] CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06] CHR Extension: (Google-Suche) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10] CHR Extension: (Google Tabellen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-11] CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03] CHR Extension: (Citavi Picker) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2016-10-12] CHR Extension: (Google Mail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-14] CHR Extension: (Chrome Media Router) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx ==================== Dienste (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 ACT2_Service; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [1421216 2011-08-22] () S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated) R2 AHDDC2; C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504 2012-07-30] () S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [218816 2015-07-02] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3040496 2016-10-04] (Microsoft Corporation) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [101680 2013-10-15] (ELAN Microelectronics Corp.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-12] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-06-18] () R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2013-03-06] () R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816656 2014-06-18] (Intel® Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) ====================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 ACT2PM; C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [15160 2011-06-10] () R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-02-03] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1419064 2014-02-21] (Motorola Solutions, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink) R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation) R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [186064 2014-04-04] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-29] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-10] (Intel Corporation) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.) R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3489256 2014-08-10] (Intel Corporation) S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation) S3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [2968280 2014-01-15] (Realtek Semiconductor Corporation ) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation) S3 VNUSB; C:\Windows\System32\Drivers\VNUSB.sys [22528 2009-09-29] (OLYMPUS IMAGING CORP.) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ========================== MD5 Treiber ======================= C:\Windows\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1 C:\Windows\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1 C:\Windows\System32\drivers\ACPI.sys E796AE43DDD1844281DB4D57294D17C0 C:\Windows\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813 C:\Windows\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F C:\Windows\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65 C:\Windows\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7 C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys 2D766591E87FFFF237C0C9C16CDDECAB C:\Windows\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD C:\Windows\system32\drivers\afd.sys A460C3AF3755A2A79A3C8EFE72E147B5 C:\Windows\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8 C:\Windows\System32\DRIVERS\ahcache.sys FE14D249D39368CA62D8DA6BC94AC694 C:\Windows\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729 C:\Windows\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3 C:\Windows\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2 C:\Windows\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E C:\Windows\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50 C:\Windows\System32\drivers\AMPPAL.sys 4DE4BE679205B3A712562507AEE75227 C:\Windows\system32\DRIVERS\amppal.sys 4DE4BE679205B3A712562507AEE75227 C:\Windows\system32\drivers\appid.sys 415DD71628795197F7AFC176CBADC74E C:\Windows\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B C:\Windows\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD C:\Windows\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF C:\Windows\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68 C:\Windows\System32\drivers\BasicRender.sys 38A82F4EE8C416A6744B6D30381ED768 C:\Windows\System32\drivers\bcmfn2.sys C1ABB0F7E3BEA48A0417BDF6FF14AB21 C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6 C:\Windows\System32\DRIVERS\bowser.sys 4938A9236300A356F97E378491EE4844 C:\Windows\System32\drivers\BthAvrcpTg.sys A8F23D453A424FF4DE04989C4727ECC7 C:\Windows\System32\drivers\BthEnum.sys 1104A31260CCF4318C884E0AE6C513BF C:\Windows\System32\drivers\bthhfenum.sys 272A62B660A48AEF366F8A1836CED19F C:\Windows\System32\drivers\BthHFHid.sys 71FE2A48E4C93DDB9798C024880B6C07 C:\Windows\system32\DRIVERS\BthLEEnum.sys D30C67473A2E229662D21F27EAA9AAA5 C:\Windows\System32\drivers\bthmodem.sys EF4B9E7C9AD88C00C18A12B0D22D1894 C:\Windows\System32\drivers\bthpan.sys FEA8FC81431AD93F44D5FBFBBF096AA7 C:\Windows\System32\Drivers\BTHport.sys 0CC00ADC1B84C93FB46E1A0974E956E1 C:\Windows\System32\Drivers\BTHUSB.sys 08EA90955AED2D959EE67DF6EDF0E2B6 C:\Windows\system32\DRIVERS\btmaux.sys C7BC070D31514017717A25C60F479896 C:\Windows\system32\DRIVERS\btmhsf.sys 3C74F2960F64F403C865AFDEA80F602A C:\Windows\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9 C:\Windows\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D C:\Windows\System32\drivers\circlass.sys BE9936EDD3267FAAFF94A7835867F00B C:\Windows\System32\drivers\CLFS.sys 28D94419E856D61D7686ED942611D15E C:\Windows\system32\DRIVERS\CLVirtualDrive.sys 3E76A1547F2448BCEE3D2F4AE3931AB5 C:\Windows\system32\DRIVERS\clwvd.sys 9731DAFDC7B690B2C7752FDFF045BFD8 C:\Windows\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB C:\Windows\System32\Drivers\cng.sys 5CBF8B3E27D824D2AA2A34AFB406F1D0 C:\Windows\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905 C:\Windows\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2 C:\Windows\System32\drivers\dam.sys 315BA4BC19316D72B2E037534E048B93 C:\Windows\System32\Drivers\dfsc.sys FBFF94FC1FE0699A6BC5ACE270AB9EA1 C:\Windows\system32\DRIVERS\ssudbus.sys 85137571AEC8AC757D497B9DD30D544D C:\Windows\System32\drivers\disk.sys 8B1E62881D5AC68E673CD94B136B34AC C:\Windows\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F C:\Windows\system32\drivers\drmkaud.sys 00C594D5A1DBD22AD8B2902B9F6EFF94 C:\Windows\System32\drivers\dxgkrnl.sys F74B839FA0F4E6060CA1DA6B8DA17941 C:\Windows\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D C:\Windows\System32\drivers\EhStorClass.sys 43531A5993380CC5113242C29D265FD9 C:\Windows\System32\drivers\EhStorTcgDrv.sys 6F8E738A9505A388B1157FDDE7B3101B C:\Windows\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3 C:\Windows\system32\DRIVERS\ETD.sys 171C1741162595025113ED93588275D9 C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4 C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B C:\Windows\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B C:\Windows\System32\drivers\fileinfo.sys BCFD8B149B3ADF92D0DB1E909CAF0265 C:\Windows\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF C:\Windows\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A C:\Windows\System32\drivers\fltmgr.sys C1FB505A73FA2E9019D32444AB33B75A C:\Windows\System32\drivers\FsDepends.sys A7C31B168F371E8E6796219F23E354DB C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42 C:\Windows\System32\DRIVERS\fvevol.sys D4AB6EE3D715BC44C00277FD934FAACF C:\Windows\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015 C:\Windows\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA C:\Windows\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1 C:\Windows\System32\drivers\iaiogpioe.sys A7528907E163E60EFEBFC76C42868E9B C:\Windows\System32\Drivers\msgpioclx.sys 8DF1254093B5C354CE725EB6B9B0DE19 C:\Windows\system32\drivers\HdAudio.sys 56F69F7C25FB67C970997D7066DBC593 C:\Windows\System32\drivers\HDAudBus.sys D4B7ED39C7900384D9E5C1283F1E7926 C:\Windows\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906 C:\Windows\System32\drivers\hidbth.sys 42F88B57CAE42FC10059C887B3FCFCEA C:\Windows\System32\drivers\hidi2c.sys C241A8BAFBBFC90176EA0F5240EACC17 C:\Windows\System32\drivers\hidir.sys 9BDDEE26255421017E161CCB9D5EDA95 C:\Windows\System32\drivers\hidusb.sys 49676FEC898AB2A11B157F848269A56E C:\Windows\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D C:\Windows\System32\drivers\HTTP.sys E87A6D3B8FECD5B93BC0CFBB48C27970 C:\Windows\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F C:\Windows\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1 C:\Windows\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25 C:\Windows\System32\drivers\i8042prt.sys 49EE0AE9E5B64FFBBD06D55C4984B598 C:\Windows\System32\drivers\iaioi2ce.sys A7CFF798E71C93EA6C3232F550F12E4A C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 5D90E32E36CE5D4C535D17CE08AEAF05 C:\Windows\System32\drivers\iaLPSSi_I2C.sys DD05E7E80F52ADE9AEB292819920F32C C:\Windows\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC C:\Windows\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2 C:\Windows\system32\DRIVERS\ibtusb.sys AA69B4BA74386FDF6934EBC71B7D40F8 C:\Windows\system32\DRIVERS\igdkmd64.sys 142CFBE6ED0E498CCA7ABE8DD932C1AF C:\Windows\system32\drivers\intelaud.sys F0F581A2299CB2BAB1DF2597BCDDB80F C:\Windows\system32\drivers\RTKVHD64.sys F94E2C3BA6D4B57C2E1DD03E950CBBC4 C:\Windows\system32\DRIVERS\IntcDAud.sys 8E4044C6B71B2F837166F6EDB6BF9100 C:\Windows\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157 C:\Windows\System32\drivers\intelpep.sys A770340FC02B999EF0DE6C2A6BC8437C C:\Windows\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9 C:\Windows\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514 C:\Windows\System32\drivers\IPMIDrv.sys C800DCD904016B2BF6AB541083770A3A C:\Windows\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD C:\Windows\System32\drivers\irenum.sys AE44C526AB5F8A487D941CEB57B10C97 C:\Windows\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21 C:\Windows\System32\drivers\msiscsi.sys AD3C1F4BD9167420F04052FDA197CF29 C:\Windows\System32\drivers\iwdbus.sys C2BC9AC9C6514230A481BDCA6A24BEFD C:\Windows\System32\drivers\kbdclass.sys 5917AFE4A3F695A54B99C1849C8207FE C:\Windows\System32\drivers\kbdhid.sys 8CD840A062F6BDF41DDE3ACB96164B72 C:\Windows\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05 C:\Windows\System32\Drivers\ksecdd.sys 304DA394D958BC3B62AF6DF514005B01 C:\Windows\System32\Drivers\ksecpkg.sys 3D4AE520CD6F6FFE549DD195C1F515BE C:\Windows\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F C:\Windows\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8 C:\Windows\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC C:\Windows\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141 C:\Windows\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191 C:\Windows\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C C:\Windows\system32\drivers\luafv.sys DDEE191AB32DFC22C6465002ECDF5EE4 C:\Windows\system32\drivers\mbam.sys 78BFF5425E044086E74E78650A359FBB C:\Windows\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B C:\Windows\system32\drivers\mwac.sys 898415AC0B5F1D2A9A48ABCB68A6DC4B C:\Windows\System32\drivers\MBI.sys 0D3CF8B876F55291B137B972891C1575 C:\Windows\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F C:\Windows\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363 C:\Windows\System32\drivers\mfeelamk.sys 5F4CABAFF1858C54DD5AFB33BD76926E C:\Windows\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378 C:\Windows\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9 C:\Windows\System32\drivers\mouclass.sys 08374E4E5B8914DE6067CBA99F61E930 C:\Windows\System32\drivers\mouhid.sys 5FCBAB60598AE119E02B4C27DE6B99EA C:\Windows\System32\drivers\mountmgr.sys 24DABC0A77FAFDC0E379AB3B30F61BB6 C:\Windows\System32\drivers\mpsdrv.sys 6FC047578785B0435F4E2660946D1ADC C:\Windows\system32\drivers\mrxdav.sys 3F818C1518DA702C8F10259095C9BDE0 C:\Windows\System32\DRIVERS\mrxsmb.sys 3AF30CEB99E581E2FADA0B5FC4B551D8 C:\Windows\System32\DRIVERS\mrxsmb10.sys 15D7AF1A26CCEBA32DF21A8E2098F463 C:\Windows\System32\DRIVERS\mrxsmb20.sys 0790EEB1EC199F8BE8259E47B373ED23 C:\Windows\system32\DRIVERS\bridge.sys F3C060444777A59FC63D920719E43CCD C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08 C:\Windows\System32\drivers\msgpiowin32.sys C6B474E46F9E543B875981ED3FFE6ADD C:\Windows\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31 C:\Windows\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA C:\Windows\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C C:\Windows\system32\drivers\MSKSSRV.sys A9BBBD2BAE6142253B9195E949AC2E8D C:\Windows\system32\DRIVERS\mslldp.sys 51B3AC0560848CD6D65AC2033E293113 C:\Windows\system32\drivers\MSPCLOCK.sys 7B2128EB875DCBC006E6A913211006D6 C:\Windows\system32\drivers\MSPQM.sys 1E88171579B218115C7A772F8DE04BD8 C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0 C:\Windows\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E C:\Windows\system32\drivers\MSTEE.sys 115019AE01E0EB9C048530D2928AB4A2 C:\Windows\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E C:\Windows\System32\Drivers\mup.sys 438EA7A2D8D4F9B8AFB64748ACA70BA8 C:\Windows\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F C:\Windows\system32\DRIVERS\nwifi.sys 008F7CED69FD5B30CBDE1E03C6F36A27 C:\Windows\System32\drivers\ndis.sys 97DC5967F65503213FD1F1B3E4A6F983 C:\Windows\system32\DRIVERS\ndiscap.sys 8CECC8DA55F3274181FD1EA28AD76664 C:\Windows\system32\DRIVERS\NdisImPlatform.sys 269882812E9A68FFF1AFE1283D428322 C:\Windows\system32\DRIVERS\ndistapi.sys 82821F4EEC776B4CF11695A38F3ABA46 C:\Windows\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59 C:\Windows\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE C:\Windows\system32\DRIVERS\ndiswan.sys C3755FCF9A0B5C6FE8ED9E873B85D3CE C:\Windows\system32\DRIVERS\ndiswan.sys C3755FCF9A0B5C6FE8ED9E873B85D3CE C:\Windows\System32\Drivers\NDProxy.sys DDD7F92A83F74D1476B71FBA9530A8DC C:\Windows\System32\drivers\Ndu.sys 3083926D1CC5B56EA0786527B557DD1B C:\Windows\System32\DRIVERS\netbios.sys 42FF4975D032CAE558AE4BB8448F6E5A C:\Windows\System32\DRIVERS\netbt.sys 9DC17B7D9D84C37C102D379FCC7D4942 C:\Windows\System32\drivers\netvsc63.sys D4DCE03870314D3354F3501F9DDD4123 C:\Windows\system32\DRIVERS\Netwbw02.sys 84F2F878FBC384D3FE8DED96CD02CE79 C:\Windows\system32\DRIVERS\NETwew02.sys B636B4A8E59A73033B766EA7FD7C3B81 C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351 C:\Windows\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC C:\Windows\System32\drivers\nsiproxy.sys 0E046FF5823B95326D10CF1B4AF23541 C:\Windows\System32\Drivers\Ntfs.sys 9980B262DBE439AE6BDC91AA985F19EE C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904 C:\Windows\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8 C:\Windows\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E C:\Windows\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49 C:\Windows\System32\drivers\parport.sys 57DCE4FB0467986AE78E1C6FC5240D32 C:\Windows\System32\drivers\partmgr.sys BAFF6122CFC9F95CA175AD8C348179A4 C:\Windows\System32\drivers\pci.sys 91ED124E261EA8FAA1C0FFDF2A71B0C4 C:\Windows\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4 C:\Windows\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397 C:\Windows\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D C:\Windows\System32\drivers\pdc.sys 24A8DFC07E4BAF29AEA26E383D4CC886 C:\Windows\System32\drivers\peauth.sys 0ECEE590F2E2EF969FB74A6FC583A1E6 C:\Windows\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F C:\Windows\system32\DRIVERS\pacer.sys FC0141B4A5AD6D637D883C1A89FC45C5 C:\Windows\system32\drivers\qwavedrv.sys 83868EB2924E6BC21A54337C65D614D1 C:\Windows\System32\DRIVERS\rasacd.sys B337B1F1E82A83E20A1743E008E25C0F C:\Windows\system32\DRIVERS\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A C:\Windows\System32\DRIVERS\rdbss.sys D67ED4AB59D1EF66B05AD1A81AC28B26 C:\Windows\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32 C:\Windows\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF C:\Windows\System32\drivers\rdpvideominiport.sys BC8A79C625568DDB7DCA49D0C2741A64 C:\Windows\System32\drivers\rdyboost.sys A26AEC49F318FEE141DDDB2C5F99B3E6 C:\Windows\System32\Drivers\ReFS.sys 759FB47B96FA0A9D767B3269F76E5E25 C:\Windows\System32\drivers\rfcomm.sys DC66AE45816614D2999DCD3834DCCC4E C:\Windows\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC C:\Windows\System32\Drivers\RtsUVStor.sys 28B356BAB74470786867BF4DC261E17C C:\Windows\system32\DRIVERS\Rt630x64.sys CFE738C524F35B6E523A4D0F54840C30 C:\Windows\system32\DRIVERS\rtwlanu.sys 65315D4C548B9F42918226FD06ADD557 C:\Windows\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0 C:\Windows\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7 C:\Windows\System32\DRIVERS\scfilter.sys 13BEA6C882D4D877A5A85CA149C86BC1 C:\Windows\System32\drivers\sdbus.sys C54B6B2170BF628FD42F799A66956D75 C:\Windows\System32\drivers\sdstor.sys 0B1E929D11A8E358106955603FAC65E8 C:\Windows\System32\Drivers\secdrv.sys ==> MD5 ist legitim C:\Windows\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89 C:\Windows\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431 C:\Windows\System32\drivers\serenum.sys 1F0135949A6AD6025F363F80FE268251 C:\Windows\System32\drivers\serial.sys 81633C87B42B63BA484A6177179AC750 C:\Windows\System32\drivers\sermouse.sys 148195AE95D9BC7375A08846439FDAC1 C:\Windows\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764 C:\Windows\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F C:\Windows\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F C:\Windows\System32\drivers\spaceport.sys B312191DCBECE3C07DF9A99DE433B126 C:\Windows\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34 C:\Windows\System32\DRIVERS\srv.sys 36B082C7A764A34FB1DC72D975870B61 C:\Windows\System32\DRIVERS\srv2.sys F5849909D4B29B4E3D4445F943E5C7E3 C:\Windows\System32\DRIVERS\srvnet.sys FABC49666708EA562549E78E6FBF3191 C:\Windows\system32\DRIVERS\ssudmdm.sys 9B74226E10CD57E965F87014841016F9 C:\Windows\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B C:\Windows\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90 C:\Windows\System32\drivers\vmstorfl.sys 8B9486B64E5FC17FB9CC04CA10B77A34 C:\Windows\System32\drivers\stornvme.sys 0EDD1F4D470C775740625B06A60C9DD5 C:\Windows\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F C:\Windows\System32\drivers\swenum.sys 65454187E0F8B6C0DCECB0287D06EC43 C:\Windows\System32\drivers\tcpip.sys 1C8560E3A37A9D4F25B7769C3E3D4163 C:\Windows\system32\DRIVERS\tcpip.sys 1C8560E3A37A9D4F25B7769C3E3D4163 C:\Windows\System32\drivers\tcpipreg.sys 41CF802064F72E55F50CA0A221FD36D4 C:\Windows\system32\DRIVERS\tdx.sys E0BD2D83875464FEEEB242CBA8B7E073 C:\Windows\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431 C:\Windows\system32\drivers\tpm.sys 80A2FC1A089A71F2DBE5D8394FFB009F C:\Windows\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93 C:\Windows\System32\drivers\TsUsbGD.sys 20185BEB7512EDE4EFECDFA148AC9F99 C:\Windows\system32\DRIVERS\tunnel.sys E85916632CD3B9E9B546968DB950BF42 C:\Windows\System32\drivers\TXEIx64.sys E624283C1A2F9BB4688A002914CC00A7 C:\Windows\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54 C:\Windows\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B C:\Windows\System32\drivers\ucx01000.sys 807F8CF3E973305FC435C61CBBEE2A49 C:\Windows\System32\DRIVERS\udfs.sys C61EAF8E1E4B2F62BA4FDF457440B2C6 C:\Windows\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21 C:\Windows\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9 C:\Windows\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034 C:\Windows\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E C:\Windows\System32\drivers\usbccgp.sys FF78D053A05E5A394F4E3C1816CC65A8 C:\Windows\System32\drivers\usbcir.sys 0139248F6B95CF0D837B5B46A2722D40 C:\Windows\System32\drivers\usbehci.sys C996CBEF922B5653A01E3F50DDCE2F86 C:\Windows\System32\drivers\usbhub.sys CD81683F4553677B9BF5163A922153EB C:\Windows\System32\drivers\UsbHub3.sys 5C90D5379B53590FBB24BBAD4FA682EE C:\Windows\System32\drivers\usbohci.sys A0F0484C97D6441ED6A75D7426ECCC9E C:\Windows\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C C:\Windows\System32\drivers\USBSTOR.SYS 9D168BFA334D47BE404367EB58D4E130 C:\Windows\System32\drivers\usbuhci.sys FC974B03C8B87455F44F734C8F31A3C8 C:\Windows\System32\Drivers\usbvideo.sys 5C8F604F6DC74177CDD8372D7B1ADFF0 C:\Windows\System32\drivers\USBXHCI.SYS 44603DA5A87FB491EF59C889EBBB4DDB C:\Windows\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562 C:\Windows\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD C:\Windows\System32\drivers\vhdmp.sys 8ABB4BABF59F092DF0B43778D8FD1884 C:\Windows\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199 C:\Windows\System32\drivers\vmbus.sys 511AD3FF957A0127E6BD336FF6F89C38 C:\Windows\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F C:\Windows\System32\Drivers\VNUSB.sys 3F63FA4A5D8A7C1B1A87E342569FBA53 C:\Windows\System32\drivers\volmgr.sys 436E1A724E7E683F6B612D3D58F04241 C:\Windows\System32\drivers\volmgrx.sys CCB9E901F7254BF96D28EB1B0E5329B7 C:\Windows\System32\drivers\volsnap.sys 17F7B0F2298D97F4B6C7A69511033D3D C:\Windows\System32\drivers\vpci.sys DAC438FB5FF85A9E72806E2341D5D732 C:\Windows\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07 C:\Windows\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B C:\Windows\System32\drivers\vwifibus.sys 71066FF95C487327E44C8AF1B72EBE8B C:\Windows\system32\DRIVERS\vwififlt.sys 29AB43937FFDA0B0FB56984226E698C6 C:\Windows\system32\DRIVERS\vwifimp.sys 8B8624A93E3F88CB923AEB05B6313227 C:\Windows\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B C:\Windows\System32\drivers\WdBoot.sys 81285DDC994F03379DB46419300B2DCB C:\Windows\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D C:\Windows\System32\drivers\WdFilter.sys 26B8FED3F3B85F5F0C4BD03FD00B9941 C:\Windows\System32\Drivers\WdNisDrv.sys CE67080F00E0AF32755096CEA6430ABA C:\Windows\System32\DRIVERS\wfplwfs.sys 715ABA3DD164D06457A2A3C92F6EA9D5 C:\Windows\System32\drivers\wimmount.sys 5F66B7BB330AA80067FC66149A692620 C:\Windows\system32\DRIVERS\WinUsb.sys 3AF1FA17F1C4ACBDB660D8F98B1A9C13 C:\Windows\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128 C:\Windows\System32\Drivers\Wof.sys 7FC5667DF73D4B04AA457CC3A4180E09 C:\Windows\System32\DRIVERS\wpcfltr.sys A2468CC3509394A33C4C32F99563D845 C:\Windows\System32\drivers\WpdUpFltr.sys 9F2904B55F6CECCD1A8D986B5CE2609A C:\Windows\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572 C:\Windows\System32\drivers\WSDPrint.sys F586F3F1BF962FE9AE4316E0D896B22F C:\Windows\System32\drivers\WSDScan.sys 58035FD3369879E02D65989C44D27450 C:\Windows\System32\drivers\WudfPf.sys 481286719402E4BAEFEA0604AB1B5113 C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F C:\Windows\system32\DRIVERS\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Drei Monate: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-11-29 13:41 - 2016-11-29 13:42 - 00037995 _____ C:\Users\Michael\Downloads\FRST.txt 2016-11-29 13:40 - 2016-11-29 13:41 - 00000000 ____D C:\FRST 2016-11-29 13:35 - 2016-11-29 13:36 - 02411520 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe 2016-11-29 13:34 - 2016-11-29 13:35 - 01760768 _____ (Farbar) C:\Users\Michael\Downloads\FRST (2).exe 2016-11-29 13:32 - 2016-11-29 13:33 - 01760768 _____ (Farbar) C:\Users\Michael\Downloads\FRST (1).exe 2016-11-29 13:29 - 2016-11-29 13:29 - 00000000 ___HD C:\OneDriveTemp 2016-11-29 13:28 - 2016-11-29 13:29 - 01760768 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe 2016-11-29 12:24 - 2016-11-29 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2016-11-29 12:21 - 2016-11-29 13:02 - 00000000 ____D C:\Users\Michael\Desktop\mbar 2016-11-29 12:06 - 2016-11-29 12:06 - 01496584 _____ C:\Users\Michael\Downloads\Malwarebytes Anti Rootkit - CHIP-Installer.exe 2016-11-29 11:19 - 2016-11-29 12:24 - 00135078 _____ C:\Windows\ntbtlog.txt 2016-11-28 20:45 - 2016-11-29 13:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-11-28 20:44 - 2016-11-29 12:21 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-11-28 20:44 - 2016-11-28 20:44 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2016-11-28 20:44 - 2016-11-28 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2016-11-28 20:44 - 2016-11-28 20:44 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2016-11-28 20:44 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-11-28 20:44 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-11-28 20:25 - 2016-11-28 20:25 - 01496584 _____ C:\Users\Michael\Downloads\SpyBot Search Destroy - CHIP-Installer.exe 2016-11-28 20:23 - 2016-11-28 20:23 - 01496584 _____ C:\Users\Michael\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2016-11-28 19:14 - 2016-11-28 19:57 - 00000000 ____D C:\Windows\pss 2016-11-28 17:40 - 2016-11-28 17:40 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-11-28 17:13 - 2016-11-28 17:17 - 00000000 _____ C:\Recovery.txt 2016-11-20 02:58 - 2016-11-20 22:55 - 00058880 ____H C:\Users\Michael\Desktop\~WRL1358.tmp 2016-11-10 16:25 - 2016-11-10 16:25 - 00010363 _____ C:\Users\Michael\AppData\Local\recently-used.xbel 2016-11-10 16:20 - 2016-11-10 16:20 - 00048248 _____ C:\Users\Michael\Documents\zeichen 1.pdf 2016-11-10 16:14 - 2016-11-10 16:26 - 00000000 ____D C:\Users\Michael\.gimp-2.8 2016-11-10 14:39 - 2016-10-28 22:04 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-11-10 14:39 - 2016-10-28 22:04 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-11-09 19:56 - 2016-10-27 19:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-11-09 19:56 - 2016-10-27 19:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-11-09 19:56 - 2016-10-27 18:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-11-09 19:56 - 2016-10-27 16:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-11-09 19:56 - 2016-10-22 17:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-11-09 19:55 - 2016-11-02 21:48 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-11-09 19:55 - 2016-11-02 21:48 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-11-09 19:55 - 2016-11-02 15:03 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-11-09 19:55 - 2016-11-02 15:00 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-11-09 19:55 - 2016-10-27 19:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-11-09 19:55 - 2016-10-27 19:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-11-09 19:55 - 2016-10-27 19:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-11-09 19:55 - 2016-10-27 19:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-11-09 19:55 - 2016-10-27 19:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2016-11-09 19:55 - 2016-10-27 19:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-11-09 19:55 - 2016-10-27 18:57 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2016-11-09 19:55 - 2016-10-27 18:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-11-09 19:55 - 2016-10-27 18:47 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-11-09 19:55 - 2016-10-27 18:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-11-09 19:55 - 2016-10-27 18:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-11-09 19:55 - 2016-10-27 18:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-11-09 19:55 - 2016-10-27 18:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-11-09 19:55 - 2016-10-27 18:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-11-09 19:55 - 2016-10-27 17:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-11-09 19:55 - 2016-10-25 15:11 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-11-09 19:55 - 2016-10-22 18:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-11-09 19:55 - 2016-10-22 18:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-11-09 19:55 - 2016-10-22 18:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-11-09 19:55 - 2016-10-22 18:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-11-09 19:55 - 2016-10-22 17:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-11-09 19:55 - 2016-10-22 17:57 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2016-11-09 19:55 - 2016-10-22 17:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-11-09 19:55 - 2016-10-22 17:51 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2016-11-09 19:55 - 2016-10-22 17:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-11-09 19:55 - 2016-10-22 17:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-11-09 19:55 - 2016-10-22 17:45 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-11-09 19:55 - 2016-10-22 17:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-11-09 19:55 - 2016-10-22 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-11-09 19:55 - 2016-10-22 17:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-11-09 19:55 - 2016-10-22 17:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-11-09 19:55 - 2016-10-22 17:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-11-09 19:55 - 2016-10-13 20:06 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2016-11-09 19:55 - 2016-10-13 20:06 - 01124376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2016-11-09 19:55 - 2016-10-12 09:01 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys 2016-11-09 19:55 - 2016-10-11 21:21 - 00497448 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll 2016-11-09 19:55 - 2016-10-11 21:21 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll 2016-11-09 19:55 - 2016-10-11 19:34 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll 2016-11-09 19:55 - 2016-10-11 18:47 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\input.dll 2016-11-09 19:55 - 2016-10-11 17:55 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll 2016-11-09 19:55 - 2016-10-10 22:17 - 00444248 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-11-09 19:55 - 2016-10-10 22:17 - 00333656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-11-09 19:55 - 2016-10-09 23:59 - 00551256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys 2016-11-09 19:55 - 2016-10-09 00:12 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-11-09 19:55 - 2016-10-08 23:53 - 03754496 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll 2016-11-09 19:55 - 2016-10-08 23:21 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-11-09 19:55 - 2016-10-08 23:18 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll 2016-11-09 19:55 - 2016-10-08 23:07 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2016-11-09 19:55 - 2016-10-08 23:02 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-11-09 19:55 - 2016-10-08 22:49 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll 2016-11-09 19:55 - 2016-10-08 22:21 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2016-11-09 19:55 - 2016-10-08 02:34 - 01660040 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-11-09 19:55 - 2016-10-08 02:34 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-11-09 19:55 - 2016-10-04 21:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys 2016-11-09 19:55 - 2016-10-04 21:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-11-09 19:55 - 2016-10-04 21:08 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll 2016-11-09 19:55 - 2016-10-04 21:08 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-11-09 19:55 - 2016-09-09 23:52 - 00921944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys 2016-11-09 19:55 - 2016-09-09 23:14 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2016-11-09 19:55 - 2016-09-09 15:15 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll 2016-11-09 19:55 - 2016-09-09 15:09 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll 2016-11-09 19:55 - 2016-09-09 15:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll 2016-11-09 19:55 - 2016-09-09 15:03 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\iscsiwmi.dll 2016-11-09 19:55 - 2016-09-09 15:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsiwmi.dll 2016-11-09 19:55 - 2016-09-09 14:38 - 00446124 _____ C:\Windows\system32\ApnDatabase.xml 2016-11-09 19:55 - 2016-09-03 19:20 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\iscsidsc.dll 2016-11-09 19:55 - 2016-09-03 19:06 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\iscsiexe.dll 2016-11-09 19:55 - 2016-09-03 18:21 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsidsc.dll 2016-11-09 19:55 - 2016-09-03 17:12 - 00512512 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv 2016-11-09 19:55 - 2016-09-03 17:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll 2016-11-09 19:55 - 2016-09-03 16:58 - 00397824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv 2016-11-09 19:55 - 2016-09-02 15:05 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll 2016-11-09 19:55 - 2016-09-02 15:05 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll 2016-11-09 19:55 - 2016-09-01 15:33 - 00377856 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll 2016-11-09 19:55 - 2016-09-01 15:33 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll 2016-11-09 19:55 - 2016-09-01 15:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll 2016-11-09 19:55 - 2016-08-30 15:11 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll 2016-11-09 19:55 - 2016-08-30 03:45 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll 2016-11-09 19:55 - 2016-08-30 03:18 - 00871936 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll 2016-11-09 19:55 - 2016-08-30 03:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xolehlp.dll 2016-11-09 19:55 - 2016-08-30 03:03 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll 2016-11-09 19:55 - 2016-08-22 14:34 - 01628672 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2016-11-08 16:45 - 2016-11-08 16:45 - 00000000 ____D C:\Users\Michael\AppData\Local\gegl-0.3 2016-11-08 16:43 - 2016-11-08 16:43 - 00000000 ____D C:\Users\Michael\AppData\Local\lensfun 2016-11-08 16:42 - 2016-11-08 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gimp-2.8 2016-11-08 16:42 - 2016-11-08 16:43 - 00000000 ____D C:\Program Files\Gimp-2.8 2016-11-08 16:42 - 2016-11-08 16:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gimp-2.8 2016-10-30 21:17 - 2016-10-30 21:35 - 00000000 ____D C:\Users\Michael\Oben Drucken Autumn 2016-10-30 12:27 - 2016-10-30 12:55 - 00000000 ____D C:\Users\Michael\Crazy_Pe - Schwerkraft Artwork und Lizenz 2016-10-25 09:30 - 2016-10-25 09:30 - 00003168 _____ C:\Windows\System32\Tasks\{6CD95F92-4929-4FE1-863F-877157F4A16C} 2016-10-25 09:27 - 2016-10-25 09:27 - 00000000 ____D C:\Program Files\DIFX 2016-10-17 19:36 - 2016-10-17 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 2016-10-12 19:11 - 2016-09-13 00:48 - 00085680 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-10-12 19:11 - 2016-09-09 14:38 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-10-12 19:11 - 2016-09-09 14:38 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-10-12 19:11 - 2016-09-09 14:38 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-10-12 19:11 - 2016-09-09 14:38 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-10-12 19:11 - 2016-09-09 14:38 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-10-12 19:11 - 2016-09-09 14:38 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2016-10-12 19:11 - 2016-09-09 14:38 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-10-12 19:11 - 2016-09-09 14:38 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-10-12 19:11 - 2016-08-27 20:44 - 22360288 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-10-12 19:11 - 2016-08-27 20:44 - 02755504 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2016-10-12 19:11 - 2016-08-27 20:44 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe 2016-10-12 19:11 - 2016-08-27 19:26 - 19789232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2016-10-12 19:11 - 2016-08-27 19:26 - 02411048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2016-10-12 19:11 - 2016-08-27 19:26 - 00113656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe 2016-10-12 19:11 - 2016-08-27 17:09 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll 2016-10-12 19:11 - 2016-08-27 16:55 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll 2016-10-12 12:45 - 2016-08-27 17:33 - 02881536 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll 2016-10-12 12:45 - 2016-08-27 17:11 - 01049600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll 2016-10-12 12:45 - 2016-08-12 22:47 - 15431168 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2016-10-12 12:45 - 2016-08-12 21:52 - 13317120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2016-10-12 12:45 - 2016-07-30 18:12 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll 2016-10-12 12:44 - 2016-10-01 01:22 - 07444312 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-10-12 12:44 - 2016-09-08 15:00 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2016-10-12 12:44 - 2016-09-07 23:07 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2016-10-12 12:44 - 2016-09-07 22:59 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2016-10-12 12:44 - 2016-08-20 23:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-10-12 12:44 - 2016-08-20 23:12 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-10-12 12:44 - 2016-08-12 02:58 - 02315496 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2016-10-12 12:44 - 2016-08-12 02:58 - 01946176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2016-10-12 12:44 - 2016-08-03 16:42 - 01317888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll 2016-10-12 12:44 - 2016-08-03 16:36 - 01102848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll 2016-10-12 12:44 - 2016-07-30 17:36 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll 2016-10-12 12:43 - 2016-09-14 02:53 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-10-12 12:43 - 2016-09-08 15:00 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2016-10-12 12:43 - 2016-09-07 22:59 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2016-10-12 12:43 - 2016-09-07 22:57 - 01560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2016-10-12 12:43 - 2016-08-25 21:50 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll 2016-10-12 12:43 - 2016-08-25 20:40 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll 2016-10-12 12:43 - 2016-08-11 18:17 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe 2016-10-12 12:43 - 2016-08-11 06:46 - 00420184 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys 2016-10-12 12:42 - 2016-09-17 19:16 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll 2016-10-12 12:42 - 2016-09-17 18:21 - 00089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll 2016-10-12 12:42 - 2016-09-14 02:53 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2016-10-12 12:42 - 2016-09-14 02:53 - 01490112 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-10-12 12:42 - 2016-09-14 02:53 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2016-10-12 12:42 - 2016-09-12 23:03 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll 2016-10-12 12:42 - 2016-09-12 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll 2016-10-12 12:42 - 2016-09-08 21:41 - 00121176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys 2016-10-12 12:42 - 2016-09-07 22:56 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2016-10-12 12:42 - 2016-08-13 01:05 - 09323008 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2016-10-12 12:42 - 2016-08-13 01:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys 2016-10-12 12:42 - 2016-08-13 01:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys 2016-10-12 12:42 - 2016-08-13 01:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys 2016-10-12 12:42 - 2016-08-12 23:35 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll 2016-10-12 12:42 - 2016-08-12 23:19 - 09323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2016-10-12 12:42 - 2016-08-12 22:17 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll 2016-10-12 12:42 - 2016-08-11 19:33 - 00096256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys 2016-10-12 12:42 - 2016-08-11 19:33 - 00083456 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys 2016-10-12 12:42 - 2016-08-11 19:33 - 00023040 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys 2016-10-12 12:42 - 2016-08-03 16:36 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll 2016-10-12 12:42 - 2016-08-03 16:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll 2016-10-12 12:42 - 2016-07-26 14:40 - 00162850 _____ C:\Windows\SysWOW64\C_932.NLS 2016-10-12 12:42 - 2016-07-26 14:40 - 00162850 _____ C:\Windows\system32\C_932.NLS 2016-10-12 12:42 - 2016-07-23 19:18 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll 2016-10-12 12:42 - 2016-07-23 19:12 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll 2016-10-10 21:52 - 2016-11-10 16:25 - 00000000 ____D C:\Users\Michael\AppData\Local\gtk-2.0 2016-10-10 21:52 - 2016-10-10 21:52 - 00000000 ____D C:\Users\Michael\.thumbnails 2016-10-10 21:47 - 2016-10-10 21:47 - 00000000 ____D C:\Users\Michael\AppData\Local\gegl-0.2 2016-10-10 21:47 - 2016-10-10 21:47 - 00000000 ____D C:\Users\Michael\AppData\Local\fontconfig 2016-10-10 20:23 - 2016-10-10 20:23 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-10-10 20:23 - 2016-10-10 20:23 - 00000000 ____D C:\Users\Michael\Tracing 2016-10-10 20:23 - 2016-10-10 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-10-10 20:22 - 2016-10-10 20:23 - 00000000 ____D C:\ProgramData\Skype 2016-10-03 19:21 - 2016-10-03 22:28 - 00000986 _____ C:\Users\Michael\Rebina Text.txt 2016-09-13 21:05 - 2016-07-09 17:10 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll 2016-09-13 21:05 - 2016-07-08 23:35 - 00101208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2016-09-13 21:05 - 2016-07-08 15:17 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll 2016-09-13 21:05 - 2016-07-08 15:17 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll 2016-09-13 21:05 - 2016-07-07 23:32 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys 2016-09-13 21:05 - 2016-07-07 23:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll 2016-09-13 21:05 - 2016-07-07 23:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll 2016-09-13 21:05 - 2016-07-07 23:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll 2016-09-13 21:05 - 2016-07-07 22:04 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll 2016-09-13 21:05 - 2016-07-07 21:59 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL 2016-09-13 21:05 - 2016-07-07 21:44 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll 2016-09-13 21:05 - 2016-07-07 21:41 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll 2016-09-13 21:05 - 2016-07-07 21:34 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll 2016-09-13 21:05 - 2016-07-07 21:29 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll 2016-09-13 21:05 - 2016-07-07 21:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll 2016-09-13 21:05 - 2016-07-07 21:23 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll 2016-09-13 21:05 - 2016-07-07 21:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll 2016-09-13 21:05 - 2016-07-07 21:11 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll 2016-09-13 21:05 - 2016-07-07 20:35 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll 2016-09-13 21:05 - 2016-07-07 20:14 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll 2016-09-13 21:05 - 2016-07-04 06:09 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2016-09-13 21:05 - 2016-07-04 04:45 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe 2016-09-13 21:05 - 2016-07-04 04:33 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll 2016-09-13 21:05 - 2016-07-04 04:02 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2016-09-13 21:05 - 2016-07-04 03:19 - 03547136 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2016-09-13 21:05 - 2016-07-01 21:39 - 00197352 _____ (Microsoft Corporation) C:\Windows\system32\dssenh.dll 2016-09-13 21:05 - 2016-07-01 21:39 - 00157016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dssenh.dll 2016-09-13 21:05 - 2016-01-10 18:08 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll 2016-09-13 21:02 - 2016-08-21 00:45 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll 2016-09-13 21:02 - 2016-08-21 00:22 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-09-13 21:02 - 2016-08-21 00:05 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll 2016-09-13 21:02 - 2016-08-20 23:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-09-13 21:02 - 2016-08-20 23:42 - 07795712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll 2016-09-13 21:02 - 2016-08-20 23:27 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2016-09-13 21:02 - 2016-08-09 23:47 - 00803176 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2016-09-13 21:02 - 2016-08-09 23:47 - 00611576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2016-09-13 21:02 - 2016-08-04 15:17 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-09-13 21:02 - 2016-08-03 19:06 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2016-09-13 21:02 - 2016-08-03 19:05 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2016-09-13 20:59 - 2016-08-22 17:06 - 00179248 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-09-13 20:59 - 2016-08-22 17:06 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-09-13 20:59 - 2016-08-21 02:03 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-09-13 20:59 - 2016-08-21 02:01 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-09-13 20:59 - 2016-08-21 02:01 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-09-13 20:59 - 2016-08-20 23:55 - 00104960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-09-13 20:54 - 2016-08-14 20:34 - 01541248 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2016-09-13 20:54 - 2016-08-14 17:14 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2016-09-13 20:54 - 2016-08-13 08:40 - 01737080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-09-13 20:54 - 2016-08-13 01:04 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-09-13 20:54 - 2016-08-11 17:26 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll 2016-09-13 20:54 - 2016-08-11 17:17 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll 2016-09-13 20:54 - 2016-08-11 17:16 - 00455680 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll 2016-09-05 21:51 - 2016-09-05 21:51 - 00000000 ____D C:\Users\Michael\AppData\Local\Apple Computer 2016-09-05 19:28 - 2016-09-05 19:28 - 00000000 ____D C:\Users\Michael\AppData\Local\calibre-cache 2016-09-05 19:27 - 2016-09-05 19:28 - 00000000 ____D C:\Users\Michael\Documents\Calibre-Bibliothek 2016-09-05 19:27 - 2016-09-05 19:28 - 00000000 ____D C:\Users\Michael\AppData\Roaming\calibre ==================== Drei Monate: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2016-11-29 13:39 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-11-29 13:39 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness 2016-11-29 13:32 - 2014-04-28 12:50 - 00300140 _____ C:\Windows\system32\perfh01F.dat 2016-11-29 13:32 - 2014-04-28 12:50 - 00046700 _____ C:\Windows\system32\perfc01F.dat 2016-11-29 13:32 - 2014-04-28 12:44 - 00351792 _____ C:\Windows\system32\perfh010.dat 2016-11-29 13:32 - 2014-04-28 12:44 - 00047466 _____ C:\Windows\system32\perfc010.dat 2016-11-29 13:32 - 2014-04-28 12:38 - 00765582 _____ C:\Windows\system32\perfh007.dat 2016-11-29 13:32 - 2014-04-28 12:38 - 00159366 _____ C:\Windows\system32\perfc007.dat 2016-11-29 13:32 - 2014-03-18 16:26 - 02512228 _____ C:\Windows\system32\PerfStringBackup.INI 2016-11-29 13:32 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf 2016-11-29 13:27 - 2015-04-16 11:49 - 00000000 ____D C:\Users\Michael\OneDrive 2016-11-29 13:25 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-11-29 13:25 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-11-29 12:22 - 2015-04-20 12:33 - 00000000 ____D C:\Users\Michael\Studium 2016-11-29 10:59 - 2015-04-16 11:47 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2257497389-2768460267-1156638137-1001 2016-11-29 10:48 - 2014-04-28 13:08 - 00000000 ____D C:\Windows\de 2016-11-29 10:06 - 2015-04-16 11:50 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{85956A22-FDE5-4A07-9008-9877FA47FD20} 2016-11-28 21:05 - 2015-06-02 22:39 - 00000000 ____D C:\Program Files (x86)\Avira 2016-11-28 20:50 - 2015-05-11 16:03 - 00001130 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-11-28 20:48 - 2016-03-20 17:19 - 00015146 _____ C:\Users\Michael\AppData\Local\Citavi Picker Internet Explorer Protocol.txt 2016-11-28 20:19 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache 2016-11-28 20:08 - 2015-11-10 15:12 - 00000000 ____D C:\Users\Michael\Documents\Citavi 5 2016-11-28 20:05 - 2015-06-02 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-11-28 20:05 - 2015-06-02 22:39 - 00000000 ____D C:\ProgramData\Avira 2016-11-28 19:52 - 2015-04-16 11:41 - 00000000 ____D C:\Users\Michael 2016-11-28 19:48 - 2014-10-20 18:12 - 00000000 ___HD C:\Windows\system32\WLANProfiles 2016-11-28 19:48 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender 2016-11-28 19:48 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\Dism 2016-11-28 19:36 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-11-28 19:36 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\registration 2016-11-28 19:35 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Macromed 2016-11-28 19:35 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions 2016-11-28 19:35 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\Sysprep 2016-11-28 19:34 - 2014-10-20 18:11 - 00000000 ____D C:\ProgramData\Package Cache 2016-11-28 19:34 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-11-28 19:33 - 2015-04-16 12:06 - 00000000 __RHD C:\MSOCache 2016-11-28 16:47 - 2015-04-22 23:03 - 02487296 ___SH C:\Users\Michael\Desktop\Thumbs.db 2016-11-19 17:04 - 2015-04-16 11:41 - 00000000 ____D C:\Users\Michael\AppData\Local\Packages 2016-11-17 12:01 - 2015-05-11 16:12 - 00002211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-11-17 12:01 - 2015-05-11 16:12 - 00002199 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-11-16 13:01 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-11-16 13:00 - 2015-04-16 12:00 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-11-10 14:37 - 2013-08-22 15:44 - 00381616 _____ C:\Windows\system32\FNTCACHE.DAT 2016-11-10 00:55 - 2015-05-04 17:49 - 00000000 ____D C:\Windows\system32\MRT 2016-11-10 00:55 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData 2016-11-10 00:50 - 2014-04-24 17:12 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-11-10 00:34 - 2015-06-02 22:11 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-11-10 00:32 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp 2016-11-08 17:33 - 2016-08-18 12:37 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype 2016-11-06 17:17 - 2015-06-02 22:11 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-11-02 22:37 - 2015-05-11 16:01 - 00000000 ____D C:\Users\Michael\AppData\Local\Google ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2016-03-27 02:07 - 2016-04-27 12:05 - 0000033 _____ () C:\Users\Michael\AppData\Roaming\AdobeWLCMCache.dat 2016-03-20 17:19 - 2016-11-28 20:48 - 0015146 _____ () C:\Users\Michael\AppData\Local\Citavi Picker Internet Explorer Protocol.txt 2016-11-10 16:25 - 2016-11-10 16:25 - 0010363 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel 2014-10-20 18:08 - 2014-10-20 18:08 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Einige Dateien in TEMP: ==================== C:\Users\Michael\AppData\Local\Temp\AppLauncher.exe C:\Users\Michael\AppData\Local\Temp\avgnt.exe C:\Users\Michael\AppData\Local\Temp\FreemakeVideoConverterFull.exe C:\Users\Michael\AppData\Local\Temp\McCSPInstall.dll C:\Users\Michael\AppData\Local\Temp\mccspuninstall.exe C:\Users\Michael\AppData\Local\Temp\pdf24-creator-update.exe C:\Users\Michael\AppData\Local\Temp\SetupHomeStudentRetail.x86.de-DE_HomeStudentRetail_6T8RN-RDTDD-TQR2C-6JCJW-J8CXQ_act_1_.exe ==================== Bamital & volsnap ====================== (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert ==================== BCD ================================ Start-Manager fr Firmware -------------------------- Bezeichner {fwbootmgr} displayorder {bootmgr} {be86ab18-5854-11e4-8276-806e6f6e6963} {be86ab1a-5854-11e4-8276-806e6f6e6963} {be86ab1d-5854-11e4-8276-806e6f6e6963} {be86ab19-5854-11e4-8276-806e6f6e6963} timeout 2 Windows-Start-Manager --------------------- Bezeichner {bootmgr} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\bootmgfw.efi description Windows Boot Manager locale de-DE inherit {globalsettings} integrityservices Enable default {current} resumeobject {599cff6b-cbce-11e3-919c-afa3f6fb9888} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Firmwareanwendung (101fffff) ---------------------------- Bezeichner {3b80a664-b585-11e6-b084-806e6f6e6963} description EFI USB Device (HL-DT-STDVDRAM GP50NB40) Firmwareanwendung (101fffff) ---------------------------- Bezeichner {be86ab18-5854-11e4-8276-806e6f6e6963} description EFI USB Device Firmwareanwendung (101fffff) ---------------------------- Bezeichner {be86ab19-5854-11e4-8276-806e6f6e6963} description EFI DVD/CDROM Firmwareanwendung (101fffff) ---------------------------- Bezeichner {be86ab1a-5854-11e4-8276-806e6f6e6963} description EFI Network Firmwareanwendung (101fffff) ---------------------------- Bezeichner {be86ab1b-5854-11e4-8276-806e6f6e6963} description EFI Network 0 for IPv4 (7C-D3-0A-00-21-D3) Firmwareanwendung (101fffff) ---------------------------- Bezeichner {be86ab1c-5854-11e4-8276-806e6f6e6963} description EFI Network 0 for IPv6 (7C-D3-0A-00-21-D3) Firmwareanwendung (101fffff) ---------------------------- Bezeichner {be86ab1d-5854-11e4-8276-806e6f6e6963} description Internal EFI Shell Windows-Startladeprogramm ------------------------- Bezeichner {current} device partition=C: path \Windows\system32\winload.efi description Windows 8.1 locale de-DE inherit {bootloadersettings} recoverysequence {5f35740c-970e-11e4-8284-a08869b1b5f1} integrityservices Enable recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \Windows resumeobject {599cff6b-cbce-11e3-919c-afa3f6fb9888} nx OptIn bootmenupolicy Standard Windows-Startladeprogramm ------------------------- Bezeichner {5f35740c-970e-11e4-8284-a08869b1b5f1} device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{5f35740d-970e-11e4-8284-a08869b1b5f1} path \windows\system32\winload.efi description Windows Recovery Environment locale en-GB inherit {bootloadersettings} displaymessage Recovery osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{5f35740d-970e-11e4-8284-a08869b1b5f1} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Windows-Startladeprogramm ------------------------- Bezeichner {8d7f0cc6-879e-47f6-a767-0ed8fd3b0659} device ramdisk=[\Device\HarddiskVolume4]\Sources\boot.wim,{572bcd56-ffa7-11d9-aae0-0007e994107d} path \windows\system32\winload.efi description MEDION Recovery Environment osdevice ramdisk=[\Device\HarddiskVolume4]\Sources\boot.wim,{572bcd56-ffa7-11d9-aae0-0007e994107d} systemroot \windows nx OptIn winpe Yes Wiederaufnahme aus dem Ruhezustand ---------------------------------- Bezeichner {599cff6b-cbce-11e3-919c-afa3f6fb9888} device partition=C: path \Windows\system32\winresume.efi description Windows Resume Application locale de-DE inherit {resumeloadersettings} recoverysequence {5f35740c-970e-11e4-8284-a08869b1b5f1} recoveryenabled Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Windows-Speichertestprogramm ---------------------------- Bezeichner {memdiag} device partition=\Device\HarddiskVolume2 path \EFI\Microsoft\Boot\memtest.efi description Windows Memory Diagnostic locale de-DE inherit {globalsettings} badmemoryaccess Yes EMS-Einstellungen ----------------- Bezeichner {emssettings} bootems No Debuggereinstellungen --------------------- Bezeichner {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-Defekte ----------- Bezeichner {badmemory} Globale Einstellungen --------------------- Bezeichner {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Startladeprogramm-Einstellungen ------------------------------- Bezeichner {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisoreinstellungen ------------------- Bezeichner {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Einstellungen zur Ladeprogrammfortsetzung ----------------------------------------- Bezeichner {resumeloadersettings} inherit {globalsettings} Ger„teoptionen -------------- Bezeichner {572bcd56-ffa7-11d9-aae0-0007e994107d} description Ramdisk Options ramdisksdidevice partition=\Device\HarddiskVolume4 ramdisksdipath \boot\boot.sdi Ger„teoptionen -------------- Bezeichner {5f35740d-970e-11e4-8284-a08869b1b5f1} description Windows Recovery ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \Recovery\WindowsRE\boot.sdi LastRegBack: 2016-11-29 10:59 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-11-2016 durchgeführt von Michael (29-11-2016 13:44:15) Gestartet von C:\Users\Michael\Downloads Windows 8.1 (Update) (X64) (2015-04-16 10:41:19) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-2257497389-2768460267-1156638137-500 - Administrator - Disabled) Gast (S-1-5-21-2257497389-2768460267-1156638137-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2257497389-2768460267-1156638137-1003 - Limited - Enabled) Michael (S-1-5-21-2257497389-2768460267-1156638137-1001 - Administrator - Enabled) => C:\Users\Michael ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Ashampoo Burning Studio 11 v.11.0.4 (HKLM-x32\...\Ashampoo Burning Studio 11_is1) (Version: 11.0.4 - Ashampoo GmbH & Co. KG) Ashampoo Core Tuner 2 v.2.0.1 (HKLM-x32\...\Ashampoo Core Tuner 2_is1) (Version: 2.01 - Ashampoo GmbH & Co. KG) Ashampoo GetBack Photo v.1.0.1 (HKLM-x32\...\Ashampoo GetBack Photo_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG) Ashampoo HDD Control 2 v.2.1.0 (HKLM-x32\...\Ashampoo HDD Control 2_is1) (Version: 2.1.0 - Ashampoo GmbH & Co. KG) Ashampoo Music Studio 4 v.4.0.1 (HKLM-x32\...\Ashampoo Music Studio 4_is1) (Version: 4.0.1 - Ashampoo GmbH & Co. KG) Ashampoo Photo Commander 10 v.10.1.3 (HKLM-x32\...\Ashampoo Photo Commander 10_is1) (Version: 10.1.3 - Ashampoo GmbH & Co. KG) Ashampoo Photo Optimizer 5 v.5.1.2 (HKLM-x32\...\Ashampoo Photo Optimizer 5_is1) (Version: 5.1.2 - Ashampoo GmbH & Co. KG) Ashampoo Slideshow Studio HD 2 v.2.0.5 (HKLM-x32\...\Ashampoo Slideshow Studio HD 2_is1) (Version: 2.0.5 - Ashampoo GmbH & Co. KG) Ashampoo Snap 5 v.5.1.5 (HKLM-x32\...\Ashampoo Snap 5_is1) (Version: 5.1.5 - Ashampoo GmbH & Co. KG) Ashampoo UnInstaller 4 v.4.30 (HKLM-x32\...\Ashampoo UnInstaller 4_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG) Ashampoo Video Styler v.1.0.1 (HKLM-x32\...\Ashampoo Video Styler_is1) (Version: 1.0.1 - Ashampoo GmbH & Co. KG) Ashampoo WinOptimizer 9 v.9.04.31 (HKLM-x32\...\Ashampoo WinOptimizer 9_is1) (Version: 9.04.31 - Ashampoo GmbH & Co. KG) Avira (HKLM-x32\...\{a5e00a72-db4a-4f77-8874-d1265b8fcd7e}) (Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG) Hidden Canon iP4700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series) (Version: - ) Citavi 5 (HKLM-x32\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.2.0.8 - Swiss Academic Software) CyberLink Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) CyberLink PowerDirector 11 (Version: 11.0.0.3910 - CyberLink Corp.) Hidden CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.3019 - CyberLink Corp.) CyberLink PowerRecover (Version: 5.7.0.3019 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc) ETDWare X64 11.2.3.2_WHQL (HKLM\...\Elantech) (Version: 11.2.3.2 - ELAN Microelectronic Corp.) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fotoğraf Galerisi (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Freemake Video Converter Version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation) Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Gimp 2.8 (HKLM-x32\...\Gimp-2.8) (Version: 2.8 - Partha Bagchi) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden IBM SPSS Statistics 23 (HKLM\...\{C3BA73A4-2A45-4036-8541-4F5F8146078B}) (Version: 23.0.0.0 - IBM Corp) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{01BFBBA5-F5D4-48A2-86AD-F8A3DF0D4FE6}) (Version: 16.10.0.0136 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1414.3) (HKLM\...\{302600C1-6BDF-4FD1-1403-148929CC1385}) (Version: 17.0.1403.0442 - Intel Corporation) Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{12e0ee45-4218-4b40-aa8f-6d86d214bdae}) (Version: 17.1.1 - Intel Corporation) Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Office Home and Student 2013 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 15.0.4875.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2257497389-2768460267-1156638137-1001\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4875.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4875.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4875.1001 - Microsoft Corporation) Hidden PDF24 Creator 7.9.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.) simplifast (HKLM-x32\...\simplitec POWER SUITE_is1) (Version: 1.5.3.6 - simplitec GmbH) Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.) TOPSIM - General Management - Participant (HKLM-x32\...\TOPSIM - General Management - Participant) (Version: 13.1 - TATA Interactive Systems GmbH) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows-Treiberpaket - OLYMPUS IMAGING CORP. (VNUSB) VNUSB (09/29/2009 2.0.0.0) (HKLM\...\75BD84FDFF77342C2A347F729669CBD84CE11B04) (Version: 09/29/2009 2.0.0.0 - OLYMPUS IMAGING CORP.) WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-2257497389-2768460267-1156638137-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll () CustomCLSID: HKU\S-1-5-21-2257497389-2768460267-1156638137-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {10786935-B07B-45F9-B2F8-F080FD76B83A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {19C56472-033C-4247-B28A-7F4427BEBC3C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated) Task: {1B75392B-F6C9-4FF0-8096-4D9738163654} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-11] (Google Inc.) Task: {293B16F2-A044-4D4B-BA6F-04230C4BEECD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-11] (Google Inc.) Task: {3C797406-5799-4BC4-86B5-D1094E8B85F0} - System32\Tasks\{6CD95F92-4929-4FE1-863F-877157F4A16C} => pcalua.exe -a "C:\Users\Michael\AppData\Local\Temp\Temp1_DigitalWavePlayer.zip\R0990_40 (D)\Setup.exe" <==== ACHTUNG Task: {400E73B1-33D5-4203-9F1E-8233BD9C4BB5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation) Task: {4DE62A77-DDF2-437A-9918-A48E7E914B3E} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2014-04-07] (Dolby Laboratories Inc.) Task: {5E75C08F-560F-41B4-946C-90A4726DEE43} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-11-10] (Microsoft Corporation) Task: {952FFF6F-0E07-46EE-A432-C260576EFBF5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-10-04] (Microsoft Corporation) Task: {B8E183A3-6D3E-4017-B8ED-961F95433CE5} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe [2014-05-27] (CyberLink Corp.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_4024208882_de-de.lnk -> hxxp://web.de ShortcutWithArgument: C:\Users\Michael\Desktop\LIFESTORE.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.medion.com/lifestore ShortcutWithArgument: C:\Users\Michael\Desktop\MEDION Serviceportal.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.medionservice.de ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.medion.com ShortcutWithArgument: C:\Users\Public\Desktop\eBay.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://rover.ebay.com/rover/1/707-154514-44482-13/4 ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============== 2014-10-20 16:21 - 2011-08-22 13:44 - 01421216 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe 2014-10-20 16:20 - 2012-07-30 10:48 - 01518504 _____ () C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe 2015-04-16 12:00 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-10-20 16:34 - 2013-03-06 14:42 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2014-04-07 16:13 - 2014-04-07 16:13 - 00052096 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll 2016-03-20 17:19 - 2016-03-03 09:34 - 00073216 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe 2016-11-17 12:01 - 2016-11-08 21:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll 2016-11-17 12:01 - 2016-11-08 21:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll 2016-09-20 15:11 - 2016-09-20 15:11 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll 2016-08-18 12:37 - 2016-08-18 12:37 - 01383616 _____ () C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\Windows:nlsPreferences [386] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.) ==================== Internet Explorer Vertrauenswürdig/Eingeschränkt =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) ==================== Hosts Inhalt: =============================== (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Andere Bereiche ============================ (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-2257497389-2768460267-1156638137-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\OEM\wallpaper.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == HKLM\...\StartupApproved\Run32: => "mcpltui_exe" HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8" HKLM\...\StartupApproved\Run32: => "PowerDVD12Agent" HKLM\...\StartupApproved\Run32: => "YouCam Service" HKU\S-1-5-21-2257497389-2768460267-1156638137-1001\...\StartupApproved\Run: => "Skype" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) =============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{3153B440-1248-49D1-92C5-B47D986ECBAA}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{6129196D-1EF3-4C3A-A6F5-990358F7408F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{5E2E9CC6-4069-4829-8BEB-C9F07010D114}] => (Allow) LPort=2869 FirewallRules: [{F64ED3B4-9E6B-4C6B-A84F-C64FB79F82C8}] => (Allow) LPort=1900 FirewallRules: [{12ACDFAE-1D0D-45BC-A35A-082C5301F429}] => (Allow) C:\Program Files\CyberLink\PowerDirector11\PDR10.EXE FirewallRules: [{A167722C-5ABE-45D0-8C15-3A48AEF715B7}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{D4ED8AC9-3717-4BAB-B5CE-D3D9C5C77934}] => (Allow) C:\Users\Michael\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{B4F8BBBE-83A1-47FB-A22B-12C3A384D6EB}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{EED017B5-DE08-4F5A-842A-0F8F2F65F182}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.com FirewallRules: [{79AA226E-5AAD-4D76-AC12-9ED1231BE0A7}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.com FirewallRules: [{FF12F2D5-088F-4D36-B330-77CE66E3314F}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\WinWrapIDE.exe FirewallRules: [{00D2E5B6-945B-4A31-A4F7-8F5872F309BE}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\WinWrapIDE.exe FirewallRules: [{D5CB596A-C5DA-40ED-A98B-7612879A987C}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.exe FirewallRules: [{8F1FB6F3-018E-40C9-909A-887040F9B17F}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\23\stats.exe FirewallRules: [TCP Query User{20548CE2-3E6C-4278-9DFA-5D4951D25B82}C:\users\michael\appdata\local\temp\rarsfx0\medion-finder.exe] => (Allow) C:\users\michael\appdata\local\temp\rarsfx0\medion-finder.exe FirewallRules: [UDP Query User{4AEDCB45-51D1-4AC4-B296-069B20193EFA}C:\users\michael\appdata\local\temp\rarsfx0\medion-finder.exe] => (Allow) C:\users\michael\appdata\local\temp\rarsfx0\medion-finder.exe FirewallRules: [TCP Query User{DB19092B-4612-40B7-8ECD-F3841EB82E32}C:\program files\ibm\spss\statistics\23\stats.exe] => (Allow) C:\program files\ibm\spss\statistics\23\stats.exe FirewallRules: [UDP Query User{5DCD2FC8-C6A1-4294-8127-126F0752AB37}C:\program files\ibm\spss\statistics\23\stats.exe] => (Allow) C:\program files\ibm\spss\statistics\23\stats.exe FirewallRules: [TCP Query User{4AEBC6C9-2C6B-4FE6-B131-392B83F239DF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{1D7B3F06-F5B2-4D6C-B874-D13BA11D67B7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{340F3B92-AAD6-47FB-A12D-1EA7D0BDAF89}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{A83D840B-CF9C-47E4-BD9D-4C347DA2B085}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{2CE74ADD-3B16-4352-B6D1-1C5B6193F239}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Wiederherstellungspunkte ========================= 10-11-2016 00:14:32 Windows Update 20-11-2016 02:39:39 Geplanter Prüfpunkt 28-11-2016 20:14:35 Geplanter Prüfpunkt ==================== Fehlerhafte Geräte im Gerätemanager ============= ==================== Fehlereinträge in der Ereignisanzeige: ========================= Applikationsfehler: ================== Error: (11/29/2016 01:27:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Avira.Systray.exe, Version: 1.1.42.10415, Zeitstempel: 0x55951d10 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18340, Zeitstempel: 0x5736541b Ausnahmecode: 0xe0434352 Fehleroffset: 0x00014878 ID des fehlerhaften Prozesses: 0xa5c Startzeit der fehlerhaften Anwendung: 0x01d24a3be1fc7f11 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 28ee49ff-b62f-11e6-82d1-a08869b1b5f1 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (11/29/2016 01:27:09 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.Systray.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: NLog.NLogConfigurationException Stapel: bei NLog.Config.XmlLoggingConfiguration.Initialize(System.Xml.XmlReader, System.String, Boolean) bei NLog.Config.XmlLoggingConfiguration..ctor(System.String) bei NLog.LogFactory.get_Configuration() bei NLog.LogFactory.GetLogger(LoggerCacheKey) bei NLog.LogFactory.GetLogger(System.String) bei NLog.LogManager.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei Avira.OE.Systray.Program.Main(System.String[]) Error: (11/29/2016 01:25:58 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe.Config" in Zeile 0. Ungültige XML-Syntax. Error: (11/29/2016 11:16:21 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2005) (User: NT-AUTORITÄT) Description: There was an error communicating to the Orion DCS server Error: (11/29/2016 11:14:20 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2005) (User: NT-AUTORITÄT) Description: There was an error communicating to the Orion DCS server Error: (11/29/2016 10:49:57 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Avira.Systray.exe, Version: 1.1.42.10415, Zeitstempel: 0x55951d10 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18340, Zeitstempel: 0x5736541b Ausnahmecode: 0xe0434352 Fehleroffset: 0x00014878 ID des fehlerhaften Prozesses: 0x1798 Startzeit der fehlerhaften Anwendung: 0x01d24a25ece6c622 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 2f1ab807-b619-11e6-82cf-a08869b1b5f1 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (11/29/2016 10:49:55 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.Systray.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: NLog.NLogConfigurationException Stapel: bei NLog.Config.XmlLoggingConfiguration.Initialize(System.Xml.XmlReader, System.String, Boolean) bei NLog.Config.XmlLoggingConfiguration..ctor(System.String) bei NLog.LogFactory.get_Configuration() bei NLog.LogFactory.GetLogger(LoggerCacheKey) bei NLog.LogFactory.GetLogger(System.String) bei NLog.LogManager.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei Avira.OE.Systray.Program.Main(System.String[]) Error: (11/29/2016 10:48:47 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe.Config" in Zeile 0. Ungültige XML-Syntax. Error: (11/28/2016 09:07:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Avira.Systray.exe, Version: 1.1.42.10415, Zeitstempel: 0x55951d10 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.18340, Zeitstempel: 0x5736541b Ausnahmecode: 0xe0434352 Fehleroffset: 0x00014878 ID des fehlerhaften Prozesses: 0x177c Startzeit der fehlerhaften Anwendung: 0x01d249b30f28f7bd Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\KERNELBASE.dll Berichtskennung: 560caf4d-b5a6-11e6-82ce-a08869b1b5f1 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (11/28/2016 09:07:48 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: Avira.Systray.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet. Ausnahmeinformationen: NLog.NLogConfigurationException Stapel: bei NLog.Config.XmlLoggingConfiguration.Initialize(System.Xml.XmlReader, System.String, Boolean) bei NLog.Config.XmlLoggingConfiguration..ctor(System.String) bei NLog.LogFactory.get_Configuration() bei NLog.LogFactory.GetLogger(LoggerCacheKey) bei NLog.LogFactory.GetLogger(System.String) bei NLog.LogManager.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetLogger(System.String) bei Avira.OE.WinCore.Utility.LoggerFacade.GetCurrentClassLogger() bei Avira.OE.WinCore.Lazy`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].get_Value() bei Avira.OE.Systray.Program.Main(System.String[]) Systemfehler: ============= Error: (11/29/2016 01:24:45 PM) (Source: DCOM) (EventID: 10010) (User: SPITT) Description: Der Server "{FC5EEAF6-2001-11DF-ADB9-F4CE462D9137}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (11/29/2016 01:24:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden. Error: (11/29/2016 01:24:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden. Error: (11/29/2016 01:24:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden. Error: (11/29/2016 01:24:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden. Error: (11/29/2016 01:24:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden. Error: (11/29/2016 01:24:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: Der Abhängigkeitsdienst oder die Abhängigkeitsgruppe konnte nicht gestartet werden. Error: (11/29/2016 01:24:19 PM) (Source: DCOM) (EventID: 10010) (User: SPITT) Description: Der Server "{F9717507-6651-4EDB-BFF7-AE615179BCCF}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (11/29/2016 01:24:19 PM) (Source: DCOM) (EventID: 10005) (User: SPITT) Description: Fehler "1084" in DCOM, als der Dienst "ShellHWDetection" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: {DD522ACC-F821-461A-A407-50B198B896DC} Error: (11/29/2016 01:24:06 PM) (Source: DCOM) (EventID: 10005) (User: SPITT) Description: Fehler "1084" in DCOM, als der Dienst "WSearch" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: {9E175B68-F52A-11D8-B9A5-505054503030} ==================== Speicherinformationen =========================== Prozessor: Intel(R) Celeron(R) CPU N2807 @ 1.58GHz Prozentuale Nutzung des RAM: 53% Installierter physikalischer RAM: 3987.2 MB Verfügbarer physikalischer RAM: 1858.06 MB Summe virtueller Speicher: 4755.2 MB Verfügbarer virtueller Speicher: 2056.78 MB ==================== Laufwerke ================================ Drive c: (Boot) (Fixed) (Total:404.05 GB) (Free:338.14 GB) NTFS Drive d: (Recover) (Fixed) (Total:60 GB) (Free:42.66 GB) NTFS Drive e: (INTENSO) (Removable) (Total:14.83 GB) (Free:14.83 GB) FAT32 ==================== MBR & Partitionstabelle ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== Ende von Addition.txt ============================
__________________ Spittfaia & Rebina - Doppelt aufs Maul DIE FREEDOWNLOAD EP 12 Tracks direkt auf http://spittfaia.lima-city.de/spiitload.html währe cool wenn sie jemand lädt |
30.11.2016, 10:43 | #2 |
| USB VirusCode:
ATTFilter Untersuchungsergebnis der Verknüpfungen des Benutzers (x64) Version: 27-11-2016 durchgeführt von Michael (29-11-2016 13:46:28) Gestartet von C:\Users\Michael\Downloads Start-Modus: Normal ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics\Python 2.7 for IBM SPSS Statistics 23\Python (Befehlszeile).lnk -> C:\Program Files\IBM\SPSS\Statistics\23\statisticspython.bat () Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_4024208882_de-de.lnk -> hxxp://web.de Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{56EC47AA-5813-4FF6-8E75-544026FBEA83}\AppleSoftwareUpdateIco.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk -> C:\Windows\Camera\Camera.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk -> C:\Windows\FileManager\FileManager.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk -> C:\Windows\System32\GfxUIEx.exe (Intel Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk -> C:\Windows\FileManager\PhotosApp.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk -> C:\Windows\WinStore\WinStore.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOPSIM - General Management - Participant\TOPSIM - General Management - Participant.lnk -> C:\TOPSIM\GM\TLN\Toptln.exe (TATA Interactive Systems) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOPSIM - General Management - Participant\Uninstall.lnk -> C:\Windows\System32\GkSui20.EXE (Keine Datei) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec\simplifast.lnk -> C:\Program Files (x86)\simplitec\simplifast\PowerSuiteStart.exe (simplitec GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime - Bitte lesen.lnk -> C:\Windows\Installer\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}\RichText.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}\QTPlayer.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24\PDF24.lnk -> C:\Program Files (x86)\PDF24\pdf24-Launcher.exe (Geek Software GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\An OneNote 2013 senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\excel.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenote.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\powerpnt.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\winword.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013-Tools\Office 2013 Upload Center.lnk -> C:\Program Files\Microsoft Office 15\root\office15\msouc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013-Tools\Office 2013-Spracheinstellungen.lnk -> C:\Program Files\Microsoft Office 15\root\office15\setlang.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware Notifications.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics\IBM SPSS Statistics 23.lnk -> C:\Program Files\IBM\SPSS\Statistics\23\stats.exe (IBM Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics\Python 2.7 for IBM SPSS Statistics 23\Python-Handbücher.lnk -> C:\Program Files\IBM\SPSS\Statistics\23\Python\Doc\python276.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema\HomeCinema.lnk -> C:\Program Files (x86)\CyberLink\Media Suite\PS.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema\start menu\HomeCinema\CyberLink PhotoDirector 4.lnk -> C:\Program Files (x86)\CyberLink\PhotoDirector4\PhotoDirector4.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema\CyberLink YouCam 5\CyberLink YouCam 5.lnk -> C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema\CyberLink PowerDVD Copy 1.5\CyberLink PowerDVD Copy 1.5.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD Copy\PowerDVDCopy.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema\CyberLink PowerDVD 12\CyberLink PowerDVD 12.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLaunchPolicy.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema\CyberLink PowerDirector 11\CyberLink PowerDirector 11 (64-bit).lnk -> C:\Program Files\CyberLink\PowerDirector11\PDR11.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema\CyberLink Power2Go 8\CyberLink Power2Go 8.lnk -> C:\Program Files (x86)\CyberLink\Power2Go8\Power2Go8.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema\CyberLink Power2Go 8\Desktop Burning Gadget.lnk -> C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema\CyberLink Power2Go 8\ISO Viewer.lnk -> C:\Program Files (x86)\CyberLink\Power2Go8\IsoViewer8.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema\CyberLink Power2Go 8\Virtual Drive.lnk -> C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema\CyberLink LabelPrint 2.5\CyberLink LabelPrint 2.5.lnk -> C:\Program Files (x86)\CyberLink\LabelPrint\LabelPrint.exe (CyberLink Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gimp-2.8\Gimp-2.8.lnk -> C:\Program Files\Gimp-2.8\Gimp-2.8.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gimp-2.8\Uninstall.lnk -> C:\Program Files\Gimp-2.8\gimpuninst.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gimp-2.8\Website.lnk -> C:\Program Files\Gimp-2.8\Gimp.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake\Freemake Video Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe (Freemake) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover\PowerRecover.lnk -> C:\Program Files\CyberLink\PowerRecover\PowerRecover.exe (CyberLink) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 5\Citavi 5.lnk -> C:\Program Files (x86)\Citavi 5\bin\Citavi.exe (Swiss Academic Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira.lnk -> 0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\Michael\Documents () Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee LiveSafe - Internet Security.lnk -> C:\Program Files\mcafee.com\agent\mcagent.exe (Keine Datei) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\Michael\Pictures () Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-304 Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Help.lnk -> C:\Windows\HelpPane.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\Studium\Bachelor\Bachelorarbeit Desktop\PDF24.lnk -> C:\Program Files (x86)\PDF24\pdf24-Launcher.exe (Geek Software GmbH) Shortcut: C:\Users\Michael\Studium\Bachelor\Alte Dropboxsachen\Bachelor Dropbox\4. semester\füge- und umformtechnik\FuU\FUT_4_2014 (2) - Verknüpfung.lnk -> C:\Users\Michael\Downloads\FUT_4_2014 (2).pdf (Keine Datei) Shortcut: C:\Users\Michael\Links\Desktop.lnk -> C:\Users\Michael\Desktop () Shortcut: C:\Users\Michael\Links\Downloads.lnk -> C:\Users\Michael\Downloads () Shortcut: C:\Users\Michael\Links\RecentPlaces.lnk -> L ᐁ À 䘀 耟穭⊇㞡䘚낑�깚馼 ć ꀀz 匱卐뜥䟯ယ怂麌곫1 ἀ က 娀甀氀攀琀稀琀 戀攀猀甀挀栀琀 ⴀ Ѐ Systemordner 匱卐檦⡣锽ᇒ횵쀀�퀘e ἀ ⤀ 㨀㨀笀㈀㈀㠀㜀㜀䄀㘀䐀ⴀ㌀㜀䄀ⴀ㐀㘀䄀ⴀ㤀䈀 ⴀ䐀䈀䐀䄀㔀䄀䄀䔀䈀䌀㤀㤀紀 Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Word\Quellenliste%202016%20Autumn305568280254288149\Quellenliste%202016%20Autumn.doc.lnk -> C:\Users\Michael\Desktop\Quellenliste 2016 Autumn.doc (Keine Datei) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Word\Q-4%20de%20Clerq%20Belausteguigoitia305567912109434506\Q-4%20de%20Clerq%20Belausteguigoitia.docx.lnk -> C:\Users\Michael\Desktop\Autumn Quellendruck 2016\Q-4 de Clerq Belausteguigoitia.docx (Keine Datei) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Word\Q-23%20Hass%20Intrapreneurship305568250544838063\Q-23%20Hass%20Intrapreneurship.docx.lnk -> C:\Users\Michael\Desktop\Autumn Quellendruck 2016\Q-23 Hass Intrapreneurship.docx (Keine Datei) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Word\Q-20%20Belausteguigoitia%20Empresas%20Familiares%2305568154054905113\Q-20%20Belausteguigoitia%20Empresas%20Familiares%20PAPER.docx.lnk -> C:\Users\Michael\Desktop\Autumn Quellendruck 2016\Q-20 Belausteguigoitia Empresas Familiares PAPER.docx (Keine Datei) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Word\Q-10%20circio305568153296635139\Q-10%20circio.docx.lnk -> C:\Users\Michael\Desktop\Autumn Quellendruck 2016\Q-10 circio.docx (Keine Datei) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\Michael\Documents () Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\McAfee LiveSafe - Internet Security.lnk -> C:\Program Files\mcafee.com\agent\mcagent.exe (Keine Datei) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\Michael\Pictures () Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-304 Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Help.lnk -> C:\Windows\HelpPane.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake\Uninstall\Uninstall Freemake Video Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Video Converter\Uninstall\unins000.exe () Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\SendTo\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\SendTo\PDF24.lnk -> C:\Program Files (x86)\PDF24\pdf24-DocTool.exe (Geek Software GmbH) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HomeCinema.lnk -> C:\Program Files (x86)\CyberLink\Media Suite\PS.exe (CyberLink Corp.) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\ConnectedSearch\History\set_1903583335_de-de.lnk -> C:\Windows\system32\DeviceCenter.dll,-1 (Keine Datei) Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\ConnectedSearch\History\set_2149248830_de-de.lnk -> C:\Windows\system32\imageres.dll,-166 (Keine Datei) Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\ConnectedSearch\History\set_917739370_de-de.lnk -> 0x4C0000000114020000000000C0000000000000468100000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000451A35021F00E501D5DFA323D701040000000000D30100003153505305D5CDD59C2E1B10939708002B2CF9AE3701000012000000004100750074006F004C006900730074000000420000001E000000700072006F007000340032003900340039003600370032003900350000000000F0000000AEA54E38E1AD8A4E8A9B7BEA78FFF1E9060000800000000001000000020000800100000001000000010000000100000000000000160014001F808CF3D45EFFD3614DB5066820320AEBFE0000000000000000000000000000000000000000000001000000010000800100000004006900740065006D00000000000000000000000000000000000000000000000000000000000000000000000000000000001E1ADE7F318BA54993B86BE14CFA4943FFFFFFFFFFFFFFFFFFFFFFFF00000000010000000800530065007400740069006E0067007300000000000000000000000000000000000000000000000000000000003900000024000000004100750074006F006C0069007300740043006100630068006500540069006D0065000000140000000EEE4987000000004700000022000000004100750074006F006C00690073007400430061006300680065004B006500790000001F0000000A000000530065007400740069006E00670073003000000000000000000000000000741A595E96DFD3488D671733BCEE28BA671B730433D90A4590E64ACD2E9408FE2A0000001300EFBE00000020000000000000000000000000000000000000000000000000010000000B020E180000081881191410DE17200000000000000000000000000000000000000000000000000000000000000100003A00000031535053901C6949177E1A10A91C08002B2ECDA911000000030000000003000000883600000D0000001500000000010000000000000049010000315350535FC7B55AE115654D924A04754567243C0D0000000600000000010000006900000005000000001F0000002B000000530065007400740069006E0067007300470072006F007500700052006500730074006F007200650052006500730074006F007200650041006400760061006E006300650064005300740061007200740075007000000000006100000003000000001F00000027000000530079007300740065006D00530065007400740069006E00670073005F0053007400610072007400750070005F0041006400760061006E006300650064005300740061007200740075007000000000004900000004000000001F0000001B000000530065007400740069006E0067007300500061006700650052006500730074006F007200650052006500730074006F0072006500000000000D00000002000000000100000000000000430000003153505355284C9F799F394BA8D0E1D42DE1D5F30D0000001400000000010000000D0000000500000000010000000D00000003000000000100000000000000A90000003153505374A08D6B5C3BBC43886F0A2CDCE00B6F8D00000064000000001F0000003D0000004100410041005F00530079007300740065006D00530065007400740069006E00670073005F0053007400610072007400750070005F0041006400760061006E0063006500640053007400610072007400750070002E00730065007400740069006E00670063006F006E00740065006E0074002D006D007300000000000000000055000000315350533C0AF1E4E6495D408288A23BD4EEAA6C3900000064000000001F000000130000002E00730065007400740069006E00670063006F006E00740065006E0074002D006D00730000000000000000002D00000031535053AADB6F004F861C4DA8E8E62772E454FE110000000D00000000130000000000000000000000080C000031535053A66A63283D95D211B5D600C04FD918D07901000018000000001F000000B300000043003A005C00550073006500720073005C004D00690063006800610065006C005C0041007000700044006100740061005C004C006F00630061006C005C005000610063006B0061006700650073005C00770069006E0064006F00770073002E0069006D006D0065007200730069007600650063006F006E00740072006F006C00700061006E0065006C005F006300770035006E003100680032007400780079006500770079005C004C006F00630061006C00530074006100740065005C0049006E00640065007800650064005C00530065007400740069006E00670073005C00640065002D00440045005C004100410041005F00530079007300740065006D00530065007400740069006E00670073005F0053007400610072007400750070005F0041006400760061006E0063006500640053007400610072007400750070002E00730065007400740069006E00670063006F006E00740065006E0074002D006D007300000000001100000019000000001300000004000000390000000B000000001F000000130000002E00730065007400740069006E00670063006F006E00740065006E0074002D006D00730000000000290A0000200000000011100000160A000014001F808CF3D45EFFD3614DB5066820320AEBFE000A0000FA097CAAB184E0091000550182E1DBDC18438D458BE69AFFB74A2D00000031535053901C6949177E1A10A91C08002B2ECDA9110000000300000000030000008836000000000000A90000003153505374A08D6B5C3BBC43886F0A2CDCE00B6F8D00000064000000001F0000003D0000004100410041005F00530079007300740065006D00530065007400740069006E00670073005F0053007400610072007400750070005F0041006400760061006E0063006500640053007400610072007400750070002E00730065007400740069006E00670063006F006E00740065006E0074002D006D007300000000000000000099010000315350534C58E0E388B75A4ABB207F5A44C9ACDD7D01000007000000001F000000B600000043003A005C00420065006E00750074007A00650072005C004D00690063006800610065006C005C0041007000700044006100740061005C004C006F00630061006C005C005000610063006B0061006700650073005C00770069006E0064006F00770073002E0069006D006D0065007200730069007600650063006F006E00740072006F006C00700061006E0065006C005F006300770035006E003100680032007400780079006500770079005C004C006F00630061006C00530074006100740065005C0049006E00640065007800650064005C00530065007400740069006E00670073005C00640065002D00440045005C004100410041005F00530079007300740065006D00530065007400740069006E00670073005F0053007400610072007400750070005F0041006400760061006E0063006500640053007400610072007400750070002E00730065007400740069006E00670063006F006E00740065006E0074002D006D0073000000000000007403000031535053E0859FF2F94F6810AB9108002B27B3D96501000019000000001F1000000C000000080000005400720065006900620065007200000004000000650069006E0000000A0000007300690067006E0069006500720065006E000000090000005300690067006E006100740075007200000000002200000054007200650069006200650072007300690067006E006100740075007200200054007200650069006200650072007300690067006E00610074007500720065006E0000001500000061006B0074006900760069006500720065006E00200061006B007400690076006900650072007400000000000C000000650069006E0073006300680061006C00740065006E0000000F0000006400720069007600650072002000640072006900760065007200730000000000030000006F006E0000000000080000007300690067006E0069006E00670000000B0000007400750072006E0020007400750072006E00730000000000050000007500650066006900000000006500000006000000001F0000002A0000004F007000740069006F006E0065006E0020006600FC0072002000640065006E00200065007200770065006900740065007200740065006E002000530074006100720074002000E4006E006400650072006E000000A500000018000000001F100000050000000E00000062006F006F00740065006E00200062006F006F007400650074000000100000007300740061007200740065006E002000730074006100720074006500740000000B00000062006F006F007400200062006F006F0074007300000000000D000000730074006100720074002000730074006100720074007300000000000800000073007400610072007400750070000000E90000001A000000001F100000070000000B0000004D006F0064007500730020004D006F0064006900000000001000000073006900630068006500720020007300690063006800650072006500720000001A0000006100620067006500730069006300680065007200740020006100620067006500730069006300680065007200740065007200000005000000620069006F00730000000000090000006600690072006D007700610072006500000000000B0000006D006F006400650020006D006F00640065007300000000000B00000073006100660065002000730061006600650072000000000000000000A70000003153505330F125B7EF471A10A5F102608C9EEBAC650000000A000000001F0000002A0000004F007000740069006F006E0065006E0020006600FC0072002000640065006E00200065007200770065006900740065007200740065006E002000530074006100720074002000E4006E006400650072006E000000110000000D000000001300000020000000150000000E0000000040000000CC262E599E88CE01000000002F010000315350535FC7B55AE115654D924A04754567243C6100000003000000001F00000027000000530079007300740065006D00530065007400740069006E00670073005F0053007400610072007400750070005F0041006400760061006E006300650064005300740061007200740075007000000000006900000005000000001F0000002B000000530065007400740069006E0067007300470072006F007500700052006500730074006F007200650052006500730074006F007200650041006400760061006E006300650064005300740061007200740075007000000000004900000004000000001F0000001B000000530065007400740069006E0067007300500061006700650052006500730074006F007200650052006500730074006F00720065000000000000000000CE01000031535053A66A63283D95D211B5D600C04FD918D0390000000B000000001F000000130000002E00730065007400740069006E00670063006F006E00740065006E0074002D006D00730000000000790100001E000000001F000000B300000043003A005C00550073006500720073005C004D00690063006800610065006C005C0041007000700044006100740061005C004C006F00630061006C005C005000610063006B0061006700650073005C00770069006E0064006F00770073002E0069006D006D0065007200730069007600650063006F006E00740072006F006C00700061006E0065006C005F006300770035006E003100680032007400780079006500770079005C004C006F00630061006C00530074006100740065005C0049006E00640065007800650064005C00530065007400740069006E00670073005C00640065002D00440045005C004100410041005F00530079007300740065006D00530065007400740069006E00670073005F0053007400610072007400750070005F0041006400760061006E0063006500640053007400610072007400750070002E00730065007400740069006E00670063006F006E00740065006E0074002D006D007300000000000000000055000000315350533C0AF1E4E6495D408288A23BD4EEAA6C3900000064000000001F000000130000002E00730065007400740069006E00670063006F006E00740065006E0074002D006D00730000000000000000000000000000000000000000000000350200003153505340E83E1E2BBC6C4782372ACD1A839B220D0000000300000000010000007901000008000000001F000000B300000043003A005C00550073006500720073005C004D00690063006800610065006C005C0041007000700044006100740061005C004C006F00630061006C005C005000610063006B0061006700650073005C00770069006E0064006F00770073002E0069006D006D0065007200730069007600650063006F006E00740072006F006C00700061006E0065006C005F006300770035006E003100680032007400780079006500770079005C004C006F00630061006C00530074006100740065005C0049006E00640065007800650064005C00530065007400740069006E00670073005C00640065002D00440045005C004100410041005F00530079007300740065006D00530065007400740069006E00670073005F0053007400610072007400750070005F0041006400760061006E0063006500640053007400610072007400750070002E00730065007400740069006E00670063006F006E00740065006E0074002D006D007300000000007500000011000000001F000000310000007B00310036003800350044003400410042002D0041003500310042002D0034004100460031002D0041003400450035002D004300450045003800370030003000320034003300310044007D002E004D006500720067006500200041006E0079000000000011000000140000000003000000010000000D0000000C0000000001000000000000009B03000031535053E0859FF2F94F6810AB9108002B27B3D9A500000018000000001F100000050000000E00000062006F006F00740065006E00200062006F006F007400650074000000100000007300740061007200740065006E002000730074006100720074006500740000000B00000062006F006F007400200062006F006F0074007300000000000D0000007300740061007200740020007300740061007200740073000000000008000000730074006100720074007500700000000D0000001100000000010000000D0000000500000000010000000D000000020000000001000000E90000001A000000001F100000070000000B0000004D006F0064007500730020004D006F0064006900000000001000000073006900630068006500720020007300690063006800650072006500720000001A0000006100620067006500730069006300680065007200740020006100620067006500730069006300680065007200740065007200000005000000620069006F00730000000000090000006600690072006D007700610072006500000000000B0000006D006F006400650020006D006F00640065007300000000000B0000007300610066006500200073006100660065007200000000006500000006000000001F0000002A0000004F007000740069006F006E0065006E0020006600FC0072002000640065006E00200065007200770065006900740065007200740065006E002000530074006100720074002000E4006E006400650072006E0000006501000019000000001F1000000C000000080000005400720065006900620065007200000004000000650069006E0000000A0000007300690067006E0069006500720065006E000000090000005300690067006E006100740075007200000000002200000054007200650069006200650072007300690067006E006100740075007200200054007200650069006200650072007300690067006E00610074007500720065006E0000001500000061006B0074006900760069006500720065006E00200061006B007400690076006900650072007400000000000C000000650069006E0073006300680061006C00740065006E0000000F0000006400720069007600650072002000640072006900760065007200730000000000030000006F006E0000000000080000007300690067006E0069006E00670000000B0000007400750072006E0020007400750072006E00730000000000050000007500650066006900000000000000000029000000315350534D0BD48669903C44819A2A54090DCCEC0D000000040000000001000000000000002900000031535053E05ACF415AF70648BD8759C7D9248EB90D0000006400000000010000000000000099010000315350534C58E0E388B75A4ABB207F5A44C9ACDD7D01000007000000001F000000B600000043003A005C00420065006E00750074007A00650072005C004D00690063006800610065006C005C0041007000700044006100740061005C004C006F00630061006C005C005000610063006B0061006700650073005C00770069006E0064006F00770073002E0069006D006D0065007200730069007600650063006F006E00740072006F006C00700061006E0065006C005F006300770035006E003100680032007400780079006500770079005C004C006F00630061006C00530074006100740065005C0049006E00640065007800650064005C00530065007400740069006E00670073005C00640065002D00440045005C004100410041005F00530079007300740065006D00530065007400740069006E00670073005F0053007400610072007400750070005F0041006400760061006E0063006500640053007400610072007400750070002E00730065007400740069006E00670063006F006E00740065006E0074002D006D0073000000000000002D00000031535053C0E85BCF6C23D34ABACECD608A2748D71100000064000000000B000000FFFF000000000000A70000003153505330F125B7EF471A10A5F102608C9EEBAC110000000D000000001300000020000000150000000E0000000040000000CC262E599E88CE01650000000A000000001F0000002A0000004F007000740069006F006E0065006E0020006600FC0072002000640065006E00200065007200770065006900740065007200740065006E002000530074006100720074002000E4006E006400650072006E00000000000000290000003153505302D5CDD59C2E1B10939708002B2CF9AE0D0000001A0000000001000000000000002900000031535053B1166D44AD8D7048A748402EA43D788C0D0000006400000000010000000000000000000000000000008D000000090000A08100000031535053E0859FF2F94F6810AB9108002B27B3D96500000002000000001F0000002A0000004F007000740069006F006E0065006E0020006600FC0072002000640065006E00200065007200770065006900740065007200740065006E002000530074006100720074002000E4006E006400650072006E000000000000000000000000000000 Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\ConnectedSearch\History\txt_148288566_de-DE.lnk -> 䰀 ĔȀ 쀀 F耀 Ā 蘂 ऀ*䄀 ㅓ偓鿲累栐ꮑࠀ⬧동─ Ȁ word 2013 9Ȁ1卐卸杈祯䳞䶼反奃ᆯ餝Ȁ ἀ ԁ 笀∀猀椀稀攀琀栀爀攀猀栀漀氀搀∀㨀 Ⰰ∀眀攀戀∀㨀嬀笀∀䌀伀一匀吀∀㨀ⴀ㌀⸀㘀㌀㔀㐀㜀㤀㌀㘀㐀㜀㠀㠀㠀紀崀Ⰰ∀愀瀀瀀猀∀㨀嬀笀∀䌀伀一匀吀∀㨀⸀㜀㤀㈀㠀 㐀㌀㘀㠀㠀㠀㤀㤀紀崀Ⰰ∀搀漀挀甀洀攀渀琀猀∀㨀嬀笀∀䌀伀一匀吀∀㨀ⴀ㐀⸀㐀㈀㈀ 㐀㈀㘀 㘀㔀㈀㘀紀崀Ⰰ∀猀攀琀琀椀渀最猀∀㨀嬀笀∀䌀伀一匀吀∀㨀ⴀ㐀⸀㐀㌀ 㐀㜀㠀㤀㜀㐀㈀㠀紀崀Ⰰ∀洀甀猀椀挀∀㨀嬀笀∀䌀伀一匀吀∀㨀ⴀ㐀⸀㐀㈀㈀ 㐀㈀㘀 㘀㔀㈀㘀紀崀Ⰰ∀瀀栀漀琀漀猀愀渀搀瘀椀搀攀漀猀∀㨀嬀笀∀䌀伀一匀吀∀㨀ⴀ㐀⸀㐀㈀㈀ 㐀㈀㘀 㘀㔀㈀㘀紀崀紀 Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\ConnectedSearch\History\txt_175671290_de-de.lnk -> 0x4C0000000114020000000000C00000000000004680000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000008A020000090000A04500000031535053E0859FF2F94F6810AB9108002B27B3D92900000002000000001F0000000C0000006F0066006600690063006500200032003000310033000000000000003902000031535053786748796F4CDE4DBC53CD594311AF991D02000002000000001F000000050100007B002200730069007A0065007400680072006500730068006F006C00640022003A0030002C00220077006500620022003A005B007B00220043004F004E005300540022003A002D0033002E00360038003800310035003600390039003900310032003200330035007D005D002C002200610070007000730022003A005B007B00220043004F004E005300540022003A0032002E00320030003700370039003000380039003700390039003300330039007D005D002C00220064006F00630075006D0065006E007400730022003A005B007B00220043004F004E005300540022003A002D0037002E00370031003500300031003500340033003700380036003100350037007D005D002C002200730065007400740069006E006700730022003A005B007B00220043004F004E005300540022003A002D0036002E00370035003100340034003400350031003100370035003700320037007D005D002C0022006D00750073006900630022003A005B007B00220043004F004E005300540022003A002D0037002E00370031003500300031003500340033003700380036003100350037007D005D002C002200700068006F0074006F00730061006E00640076006900640065006F00730022003A005B007B00220043004F004E005300540022003A002D0037002E00370031003500300031003500340033003700380036003100350037007D005D007D0000000000000000000000000000000000 Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\ConnectedSearch\History\txt_1946896466_de-DE.lnk -> 0x4C0000000114020000000000C00000000000004680000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000008A020000090000A04500000031535053E0859FF2F94F6810AB9108002B27B3D92900000002000000001F0000000C0000006E006F006300680020006D0061006300680065006E000000000000003902000031535053786748796F4CDE4DBC53CD594311AF991D02000002000000001F000000050100007B002200730069007A0065007400680072006500730068006F006C00640022003A0030002C00220077006500620022003A005B007B00220043004F004E005300540022003A002D0035002E00310031003300300036003700330031003900380038003300310033007D005D002C002200610070007000730022003A005B007B00220043004F004E005300540022003A0031002E00370032003400340030003900330033003100330038003500350031007D005D002C00220064006F00630075006D0065006E007400730022003A005B007B00220043004F004E005300540022003A002D0036002E00310036003200300032003400350034003500300030003900380038007D005D002C002200730065007400740069006E006700730022003A005B007B00220043004F004E005300540022003A002D0034002E00390033003700300035003000310038003800350034003300390039007D005D002C0022006D00750073006900630022003A005B007B00220043004F004E005300540022003A002D0036002E00310036003200300032003400350034003500300030003900380038007D005D002C002200700068006F0074006F00730061006E00640076006900640065006F00730022003A005B007B00220043004F004E005300540022003A002D0036002E00310036003200300032003400350034003500300030003900380038007D005D007D0000000000000000000000000000000000 Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\ConnectedSearch\History\txt_2877127897_de-DE.lnk -> 䰀 ĔȀ 쀀 F耀 Ā 蘂 ऀ*䄀 ㅓ偓鿲累栐ꮑࠀ⬧동─ Ȁ gimpp-2.8 9Ȁ1卐卸杈祯䳞䶼反奃ᆯ餝Ȁ ἀ ԁ 笀∀猀椀稀攀琀栀爀攀猀栀漀氀搀∀㨀 Ⰰ∀眀攀戀∀㨀嬀笀∀䌀伀一匀吀∀㨀ⴀ㌀⸀㠀㠀㐀㔀 ㌀㜀㐀㔀㘀㈀紀崀Ⰰ∀愀瀀瀀猀∀㨀嬀笀∀䌀伀一匀吀∀㨀⸀㔀㔀㈀㐀㌀㔀㜀㈀ 㔀㔀㤀㘀㈀紀崀Ⰰ∀搀漀挀甀洀攀渀琀猀∀㨀嬀笀∀䌀伀一匀吀∀㨀ⴀ㘀⸀㠀㜀㔀㜀㔀 㤀㘀㐀㜀㈀㐀㠀紀崀Ⰰ∀猀攀琀琀椀渀最猀∀㨀嬀笀∀䌀伀一匀吀∀㨀ⴀ㐀⸀㜀㤀㔀㈀㠀㐀㔀㈀㘀㘀㠀㜀㤀紀崀Ⰰ∀洀甀猀椀挀∀㨀嬀笀∀䌀伀一匀吀∀㨀ⴀ㘀⸀㠀㜀㔀㜀㔀 㤀㘀㐀㜀㈀㐀㠀紀崀Ⰰ∀瀀栀漀琀漀猀愀渀搀瘀椀搀攀漀猀∀㨀嬀笀∀䌀伀一匀吀∀㨀ⴀ㘀⸀㠀㜀㔀㜀㔀 㤀㘀㐀㜀㈀㐀㠀紀崀紀 Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\ConnectedSearch\History\txt_3277058365_de-de.lnk -> 0x4C0000000114020000000000C000000000000046800000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000075000000090000A06900000031535053E0859FF2F94F6810AB9108002B27B3D94D00000002000000001F0000001D000000730063007200650065006E00730068006F0074002000740061007300740065006E006B006F006D00620069006E006100740069006F006E0000000000000000000000000000000000 Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\ConnectedSearch\History\txt_3444208954_de-DE.lnk -> 0x4C0000000114020000000000C000000000000046800000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000086020000090000A04500000031535053E0859FF2F94F6810AB9108002B27B3D92900000002000000001F0000000C0000006A00650074006C006F00670020006C006F0067006F000000000000003502000031535053786748796F4CDE4DBC53CD594311AF991902000002000000001F000000040100007B002200730069007A0065007400680072006500730068006F006C00640022003A0030002C00220077006500620022003A005B007B00220043004F004E005300540022003A002D0034002E00390032003500310032003600300036003100330038003300340033007D005D002C002200610070007000730022003A005B007B00220043004F004E005300540022003A0031002E00370035003300380037003300340035003800330036003300380035007D005D002C00220064006F00630075006D0065006E007400730022003A005B007B00220043004F004E005300540022003A002D0035002E00390031003700320037003500350035003500360030003600310033007D005D002C002200730065007400740069006E006700730022003A005B007B00220043004F004E005300540022003A002D0034002E0030003800360030003400300035003100360036003900300036007D005D002C0022006D00750073006900630022003A005B007B00220043004F004E005300540022003A002D0035002E00390031003700320037003500350035003500360030003600310033007D005D002C002200700068006F0074006F00730061006E00640076006900640065006F00730022003A005B007B00220043004F004E005300540022003A002D0035002E00390031003700320037003500350035003500360030003600310033007D005D007D000000000000000000000000000000 Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\ConnectedSearch\History\txt_3628538299_de-de.lnk -> 0x4C0000000114020000000000C00000000000004680000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000005D000000090000A05100000031535053E0859FF2F94F6810AB9108002B27B3D93500000002000000001F00000011000000770069006E0064006F0077007300200064006500660065006E0064006500720000000000000000000000000000000000 Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\ConnectedSearch\History\txt_70009955_de-DE.lnk -> 0x4C0000000114020000000000C000000000000046800000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000076000000090000A03900000031535053E0859FF2F94F6810AB9108002B27B3D91D00000002000000001F00000006000000770077006F00720064000000000000003100000031535053786748796F4CDE4DBC53CD594311AF991500000002000000001F0000000100000000000000000000000000000000000000 Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\ConnectedSearch\History\txt_707065874_de-de.lnk -> 0x4C0000000114020000000000C000000000000046800000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000082020000090000A03D00000031535053E0859FF2F94F6810AB9108002B27B3D92100000002000000001F000000080000007300630061006E006E00650072000000000000003902000031535053786748796F4CDE4DBC53CD594311AF991D02000002000000001F000000050100007B002200730069007A0065007400680072006500730068006F006C00640022003A0030002C00220077006500620022003A005B007B00220043004F004E005300540022003A002D0033002E00370037003700330036003800310031003300320035003000340037007D005D002C002200610070007000730022003A005B007B00220043004F004E005300540022003A0031002E00310035003300340035003800300037003000390032003000390031007D005D002C00220064006F00630075006D0065006E007400730022003A005B007B00220043004F004E005300540022003A002D0034002E00390034003400340037003100370038003700340034003000310038007D005D002C002200730065007400740069006E006700730022003A005B007B00220043004F004E005300540022003A002D0032002E00360036003900320039003600300033003500330039003500360035007D005D002C0022006D00750073006900630022003A005B007B00220043004F004E005300540022003A002D0034002E00390034003400340037003100370038003700340034003000310038007D005D002C002200700068006F0074006F00730061006E00640076006900640065006F00730022003A005B007B00220043004F004E005300540022003A002D0034002E00390034003400340037003100370038003700340034003000310038007D005D007D0000000000000000000000000000000000 Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\ConnectedSearch\History\txt_927816978_de-DE.lnk -> 0x4C0000000114020000000000C00000000000004680000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000009A020000090000A05500000031535053E0859FF2F94F6810AB9108002B27B3D93900000002000000001F0000001300000073007000730073002000530074006100740069007300740069006300730020003200330000000000000000003902000031535053786748796F4CDE4DBC53CD594311AF991D02000002000000001F000000060100007B002200730069007A0065007400680072006500730068006F006C00640022003A0030002C00220077006500620022003A005B007B00220043004F004E005300540022003A002D0035002E00300038003300380039003300320035003500380033003400370036007D005D002C002200610070007000730022003A005B007B00220043004F004E005300540022003A0030002E003900370034003000340036003600300033003600370035003800390031007D005D002C00220064006F00630075006D0065006E007400730022003A005B007B00220043004F004E005300540022003A002D0038002E00340037003200390030003300370036003300370038003400360033007D005D002C002200730065007400740069006E006700730022003A005B007B00220043004F004E005300540022003A002D0036002E00370035003400380036003600390036003400370039003300330034007D005D002C0022006D00750073006900630022003A005B007B00220043004F004E005300540022003A002D0038002E00340037003200390030003300370036003300370038003400360033007D005D002C002200700068006F0074006F00730061006E00640076006900640065006F00730022003A005B007B00220043004F004E005300540022003A002D0038002E00340037003200390030003300370036003300370038003400360033007D005D007D000000000000000000000000000000 Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Simplesurance.Medion-GerteschutzbySchutzklick_5n8dntnpqexmm\App.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\SCHUFAHoldingAG.SCHUFA-IdentSafeSpecial_tpk8v36tk93y2\App.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxLIVEGames_8wekyb3d8bbwe\Microsoft.XboxLIVEGames.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsScan_8wekyb3d8bbwe\App.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsReadingList_8wekyb3d8bbwe\Microsoft.WindowsReadingList.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Calendar.lnk -> 0x4C0000000114020000000000C00000000000004680000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000007A060000090000A0D10200003153505355284C9F799F394BA8D0E1D42DE1D5F37500000011000000001F000000320000006D006900630072006F0073006F00660074002E00770069006E0064006F007700730063006F006D006D0075006E00690063006100740069006F006E00730061007000700073005F003800770065006B007900620033006400380062006200770065000000110000000E000000001300000001000000A100000015000000001F000000470000006D006900630072006F0073006F00660074002E00770069006E0064006F007700730063006F006D006D0075006E00690063006100740069006F006E00730061007000700073005F00310037002E0035002E0039003600300030002E00320030003900310031005F007800360034005F005F003800770065006B0079006200330064003800620062007700650000000000B500000005000000001F000000510000006D006900630072006F0073006F00660074002E00770069006E0064006F007700730063006F006D006D0075006E00690063006100740069006F006E00730061007000700073005F003800770065006B0079006200330064003800620062007700650021004D006900630072006F0073006F00660074002E00570069006E0064006F00770073004C006900760065002E00430061006C0065006E0064006100720000000000D90000000F000000001F0000006400000043003A005C00500072006F006700720061006D002000460069006C00650073005C00570069006E0064006F007700730041007000700073005C006D006900630072006F0073006F00660074002E00770069006E0064006F007700730063006F006D006D0075006E00690063006100740069006F006E00730061007000700073005F00310037002E0035002E0039003600300030002E00320030003900310031005F007800360034005F005F003800770065006B00790062003300640038006200620077006500000000000000AE020000315350534D0BD48669903C44819A2A54090DCCEC510000000C000000001F000000200000004D006F006400650072006E00430061006C0065006E006400610072005C00430061006C0065006E006400610072004C006F0067006F002E0070006E0067000000550000000F000000001F000000210000004D006F006400650072006E00430061006C0065006E006400610072005C00430061006C0065006E00640061007200420061006400670065002E0070006E006700000000005D00000002000000001F000000250000004D006F006400650072006E00430061006C0065006E006400610072005C00430061006C0065006E0064006100720053006D0061006C006C004C006F0067006F002E0070006E00670000000000590000000D000000001F000000240000004D006F006400650072006E00430061006C0065006E006400610072005C00430061006C0065006E0064006100720057006900640065004C006F0067006F002E0070006E0067000000110000000400000000130000005133ABFF5D00000013000000001F000000250000004D006F006400650072006E00430061006C0065006E006400610072005C00430061006C0065006E006400610072004C0061007200670065004C006F0067006F002E0070006E0067000000000011000000050000000013000000FFFFFFFF110000000E0000000013000000AD0000004D0000000B000000001F0000001D0000006D0073002D007200650073006F0075007200630065003A00630061006C0065006E006400610072004100700070005400690074006C006500000000005900000014000000001F000000240000004D006F006400650072006E00430061006C0065006E006400610072005C00430061006C0065006E00640061007200540069006E0079004C006F0067006F002E0070006E006700000000000000690000003153505330F125B7EF471A10A5F102608C9EEBAC4D0000000A000000001F0000001D0000006D0073002D007200650073006F0075007200630065003A00630061006C0065006E006400610072004100700070005400690074006C00650000000000000000002D00000031535053B377ED0D14C66C45AE5B285B38D7B01B1100000015000000001300000012000000000000005900000031535053904F1E8459FF164D8947E81BBFFAB36D3D00000002000000001F000000160000004D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000000000000000000000000000 Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.Mail.lnk -> 0x4C0000000114020000000000C0000000000000468000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000A3060000090000A0C90200003153505355284C9F799F394BA8D0E1D42DE1D5F37500000011000000001F000000320000006D006900630072006F0073006F00660074002E00770069006E0064006F007700730063006F006D006D0075006E00690063006100740069006F006E00730061007000700073005F003800770065006B007900620033006400380062006200770065000000110000000E000000001300000001000000A100000015000000001F000000470000006D006900630072006F0073006F00660074002E00770069006E0064006F007700730063006F006D006D0075006E00690063006100740069006F006E00730061007000700073005F00310037002E0035002E0039003600300030002E00320030003900310031005F007800360034005F005F003800770065006B0079006200330064003800620062007700650000000000AD00000005000000001F0000004D0000006D006900630072006F0073006F00660074002E00770069006E0064006F007700730063006F006D006D0075006E00690063006100740069006F006E00730061007000700073005F003800770065006B0079006200330064003800620062007700650021004D006900630072006F0073006F00660074002E00570069006E0064006F00770073004C006900760065002E004D00610069006C0000000000D90000000F000000001F0000006400000043003A005C00500072006F006700720061006D002000460069006C00650073005C00570069006E0064006F007700730041007000700073005C006D006900630072006F0073006F00660074002E00770069006E0064006F007700730063006F006D006D0075006E00690063006100740069006F006E00730061007000700073005F00310037002E0035002E0039003600300030002E00320030003900310031005F007800360034005F005F003800770065006B0079006200330064003800620062007700650000000000000076020000315350534D0BD48669903C44819A2A54090DCCEC490000000C000000001F0000001C0000004D006F006400650072006E004D00610069006C005C005200650073005C004D00610069006C004C006F0067006F002E0070006E00670000004D0000000F000000001F0000001D0000004D006F006400650072006E004D00610069006C005C005200650073005C004D00610069006C00420061006400670065002E0070006E006700000000005500000002000000001F000000210000004D006F006400650072006E004D00610069006C005C005200650073005C004D00610069006C0053006D0061006C006C004C006F0067006F002E0070006E00670000000000510000000D000000001F000000200000004D006F006400650072006E004D00610069006C005C005200650073005C004D00610069006C0057006900640065004C006F0067006F002E0070006E0067000000110000000400000000130000000072C6FF5500000013000000001F000000210000004D006F006400650072006E004D00610069006C005C005200650073005C004D00610069006C004C0061007200670065004C006F0067006F002E0070006E0067000000000011000000050000000013000000FFFFFFFF110000000E0000000013000000A9000000450000000B000000001F000000190000006D0073002D007200650073006F0075007200630065003A006D00610069006C004100700070005400690074006C006500000000005100000014000000001F000000200000004D006F006400650072006E004D00610069006C005C005200650073005C004D00610069006C00540069006E0079004C006F0067006F002E0070006E006700000000000000610000003153505330F125B7EF471A10A5F102608C9EEBAC450000000A000000001F000000190000006D0073002D007200650073006F0075007200630065003A006D00610069006C004100700070005400690074006C00650000000000000000007100000031535053B87D4086F79DCD48B986F999ADC197315500000002000000001F000000210000006D0073002D007200650073006F0075007200630065003A006D00610069006C00530068006100720065004400650073006300720069007000740069006F006E0000000000000000002D00000031535053B377ED0D14C66C45AE5B285B38D7B01B1100000015000000001300000012000000000000005900000031535053904F1E8459FF164D8947E81BBFFAB36D3D00000002000000001F000000160000004D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000000000000000000000000000 Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\Microsoft.WindowsLive.People.lnk -> 0x4C0000000114020000000000C000000000000046800000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000072060000090000A0CD0200003153505355284C9F799F394BA8D0E1D42DE1D5F37500000011000000001F000000320000006D006900630072006F0073006F00660074002E00770069006E0064006F007700730063006F006D006D0075006E00690063006100740069006F006E00730061007000700073005F003800770065006B007900620033006400380062006200770065000000110000000E000000001300000001000000A100000015000000001F000000470000006D006900630072006F0073006F00660074002E00770069006E0064006F007700730063006F006D006D0075006E00690063006100740069006F006E00730061007000700073005F00310037002E0035002E0039003600300030002E00320030003900310031005F007800360034005F005F003800770065006B0079006200330064003800620062007700650000000000B100000005000000001F0000004F0000006D006900630072006F0073006F00660074002E00770069006E0064006F007700730063006F006D006D0075006E00690063006100740069006F006E00730061007000700073005F003800770065006B0079006200330064003800620062007700650021004D006900630072006F0073006F00660074002E00570069006E0064006F00770073004C006900760065002E00500065006F0070006C00650000000000D90000000F000000001F0000006400000043003A005C00500072006F006700720061006D002000460069006C00650073005C00570069006E0064006F007700730041007000700073005C006D006900630072006F0073006F00660074002E00770069006E0064006F007700730063006F006D006D0075006E00690063006100740069006F006E00730061007000700073005F00310037002E0035002E0039003600300030002E00320030003900310031005F007800360034005F005F003800770065006B0079006200330064003800620062007700650000000000000019020000315350534D0BD48669903C44819A2A54090DCCEC410000000C000000001F000000180000004D006F006400650072006E00500065006F0070006C0065005C00500065006F0070006C0065002E0070006E00670000004D00000002000000001F0000001D0000004D006F006400650072006E00500065006F0070006C0065005C00500065006F0070006C00650053006D0061006C006C002E0070006E00670000000000490000000D000000001F0000001C0000004D006F006400650072006E00500065006F0070006C0065005C00500065006F0070006C00650057006900640065002E0070006E006700000011000000040000000013000000D24726FF4D00000013000000001F0000001D0000004D006F006400650072006E00500065006F0070006C0065005C00500065006F0070006C0065004C0061007200670065002E0070006E0067000000000011000000050000000013000000FFFFFFFF110000000E0000000013000000A10000005D0000000B000000001F000000250000006D0073002D007200650073006F0075007200630065003A002F002F002F0073007400720069006E00670073002F00700065006F0070006C0065004100700070004E0061006D006500000000004900000014000000001F0000001C0000004D006F006400650072006E00500065006F0070006C0065005C00500065006F0070006C006500540069006E0079002E0070006E006700000000000000790000003153505330F125B7EF471A10A5F102608C9EEBAC5D0000000A000000001F000000250000006D0073002D007200650073006F0075007200630065003A002F002F002F0073007400720069006E00670073002F00700065006F0070006C0065004100700070004E0061006D00650000000000000000008100000031535053B87D4086F79DCD48B986F999ADC197316500000002000000001F0000002A0000006D0073002D007200650073006F0075007200630065003A002F002F002F0073007400720069006E00670073002F0072006100530068006100720065004400650073006300720069007000740069006F006E000000000000002D00000031535053B377ED0D14C66C45AE5B285B38D7B01B1100000015000000001300000012000000000000005900000031535053904F1E8459FF164D8947E81BBFFAB36D3D00000002000000001F000000160000004D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000000000000000000000000000 Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCalculator_8wekyb3d8bbwe\App.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsAlarms_8wekyb3d8bbwe\App.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Taptiles_8wekyb3d8bbwe\App.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Studios.Wordament_8wekyb3d8bbwe\Wordament.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Studios.PinballFx2_8wekyb3d8bbwe\Pinball.App.lnk -> 0x4C0000000114020000000000C0000000000000468000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000CA040000090000A05D0200003153505355284C9F799F394BA8D0E1D42DE1D5F36900000011000000001F0000002B0000004D006900630072006F0073006F00660074002E00530074007500640069006F0073002E00500069006E00620061006C006C004600780032005F003800770065006B0079006200330064003800620062007700650000000000110000000E0000000013000000010000008500000015000000001F0000003A0000004D006900630072006F0073006F00660074002E00530074007500640069006F0073002E00500069006E00620061006C006C004600780032005F0031002E0038002E0031002E003900350037005F007800380036005F005F003800770065006B0079006200330064003800620062007700650000008100000005000000001F000000370000004D006900630072006F0073006F00660074002E00530074007500640069006F0073002E00500069006E00620061006C006C004600780032005F003800770065006B007900620033006400380062006200770065002100500069006E00620061006C006C002E0041007000700000000000C10000000F000000001F0000005700000043003A005C00500072006F006700720061006D002000460069006C00650073005C00570069006E0064006F007700730041007000700073005C004D006900630072006F0073006F00660074002E00530074007500640069006F0073002E00500069006E00620061006C006C004600780032005F0031002E0038002E0031002E003900350037005F007800380036005F005F003800770065006B007900620033006400380062006200770065000000000000000000AF010000315350534D0BD48669903C44819A2A54090DCCEC650000000C000000001F0000002A00000064006100740061005F00770069006E0038005C006100730073006500740073005C007000610063006B006100670065005C006C006F0067006F005F0031003500300078003100350030002E0070006E00670000006D00000002000000001F0000002E00000064006100740061005F00770069006E0038005C006100730073006500740073005C007000610063006B006100670065005C0073006D0061006C006C005F006C006F0067006F005F00330030007800330030002E0070006E0067000000650000000D000000001F0000002A00000064006100740061005F00770069006E0038005C006100730073006500740073005C007000610063006B006100670065005C0077006900640065005F0033003100300078003100350030002E0070006E006700000011000000040000000013000000000000FF11000000050000000013000000FFFFFFFF110000000E000000001300000021000000290000000B000000001F0000000C000000500069006E00620061006C006C002000460058003200000000000000450000003153505330F125B7EF471A10A5F102608C9EEBAC290000000A000000001F0000000C000000500069006E00620061006C006C0020004600580032000000000000005100000031535053904F1E8459FF164D8947E81BBFFAB36D3500000002000000001F000000120000004D006900630072006F0073006F00660074002000530074007500640069006F0073000000000000001C00000031535053B377ED0D14C66C45AE5B285B38D7B01B000000000000000000000000 Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.SkypeApp_kzf8qxf38zg5c\App.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Reader_8wekyb3d8bbwe\Microsoft.Reader.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Office.OneNote_8wekyb3d8bbwe\microsoft.onenoteim.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\App.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftMinesweeper_8wekyb3d8bbwe\App.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftMahjong_8wekyb3d8bbwe\MicrosoftMahjong.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.HelpAndTips_8wekyb3d8bbwe\HelpAndTips.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.FreshPaint_8wekyb3d8bbwe\Microsoft.FreshPaint.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingWeather_8wekyb3d8bbwe\App.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingTravel_8wekyb3d8bbwe\AppexTravel.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingSports_8wekyb3d8bbwe\AppexSports.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingNews_8wekyb3d8bbwe\AppexNews.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingMaps_8wekyb3d8bbwe\AppexMaps.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingHealthAndFitness_8wekyb3d8bbwe\AppexHealthAndFitness.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFoodAndDrink_8wekyb3d8bbwe\AppexFoodAndDrink.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFinance_8wekyb3d8bbwe\AppexFinance.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Adera-Lite_8wekyb3d8bbwe\App.lnk -> 0x4C0000000114020000000000C000000000000046800000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000007040000090000A0150200003153505355284C9F799F394BA8D0E1D42DE1D5F35900000011000000001F000000230000004D006900630072006F0073006F00660074002E00410064006500720061002D004C006900740065005F003800770065006B0079006200330064003800620062007700650000000000110000000E0000000013000000010000007900000015000000001F000000340000004D006900630072006F0073006F00660074002E00410064006500720061002D004C006900740065005F0031002E0032002E0030002E00320035003900320037005F007800380036005F005F003800770065006B0079006200330064003800620062007700650000006100000005000000001F000000270000004D006900630072006F0073006F00660074002E00410064006500720061002D004C006900740065005F003800770065006B00790062003300640038006200620077006500210041007000700000000000B50000000F000000001F0000005100000043003A005C00500072006F006700720061006D002000460069006C00650073005C00570069006E0064006F007700730041007000700073005C004D006900630072006F0073006F00660074002E00410064006500720061002D004C006900740065005F0031002E0032002E0030002E00320035003900320037005F007800380036005F005F003800770065006B0079006200330064003800620062007700650000000000000000001F010000315350534D0BD48669903C44819A2A54090DCCEC310000000C000000001F0000000F000000490063006F006E0073005C004C006F0067006F002E0070006E006700000000003900000002000000001F00000014000000490063006F006E0073005C0053006D0061006C006C004C006F0067006F002E0070006E0067000000390000000D000000001F00000013000000490063006F006E0073005C0057006900640065004C006F0067006F002E0070006E00670000000000110000000400000000130000000B152FFF11000000050000000013000000FFFFFFFF110000000E0000000013000000000000002D0000000B000000001F0000000D0000004100640065007200610020002D0020004C006900740065000000000000000000490000003153505330F125B7EF471A10A5F102608C9EEBAC2D0000000A000000001F0000000D0000004100640065007200610020002D0020004C0069007400650000000000000000005100000031535053904F1E8459FF164D8947E81BBFFAB36D3500000002000000001F000000120000004D006900630072006F0073006F00660074002000530074007500640069006F0073000000000000002D00000031535053B377ED0D14C66C45AE5B285B38D7B01B1100000015000000001300000003000000000000000000000000000000 Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\HRS-DasHotelportal.HRSHotels_9fyfrt8mxth8m\App.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\eBayInc.eBay_1618n3s9xq8tw\App.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\D305113D.MedionMediathek_ka6x32c4zxtnt\App.lnk -> L ᐁ À 䘀€ э ꀀ> 匱卐瞳෭옔䕬宮嬨휸᮰ ጀ ऀ ᄀ ᔀ Q 匱卐뜥䟯ယ怂麌곫5 ἀ ᄀ 䴀攀搀椀漀渀 䴀攀搀椀愀琀栀攀欀 偓啓䰨禟㦟ꡋⷔ헡懳 ᄀ ' D305113D.MedionMediathek_ka6x32c4zxtnt i ἀ ⬀ 䐀㌀ 㔀㌀䐀⸀䴀攀搀椀漀渀䴀攀搀椀愀琀栀攀欀开欀愀㘀砀㌀㈀挀㐀稀砀琀渀琀℀䄀瀀瀀 ᄀ ʻ 匱卐୍蛔適䐼骁吪ഉ5 ἀ ᄀ 䴀攀搀椀漀渀 䴀攀搀椀愀琀栀攀欀 ᄀ Ѐ ꠖ½ ἀ 嘀 䌀㨀尀唀猀攀爀猀尀䴀椀挀栀愀攀氀尀䄀瀀瀀䐀愀琀愀尀䰀漀挀愀氀尀吀攀洀瀀尀䐀㌀ 㔀㌀䐀⸀䴀攀搀椀漀渀䴀攀搀椀愀琀栀攀欀开欀愀㘀砀㌀㈀挀㐀稀砀琀渀琀尀䄀瀀瀀ⴀ猀氀⸀瀀渀最 봀 ఀ U C:\Users\Michael\AppData\Local\Temp\D305113D.MedionMediathek_ka6x32c4zxtnt\App-l.png ½ ἀ 嘀 䌀㨀尀唀猀攀爀猀尀䴀椀挀栀愀攀氀尀䄀瀀瀀䐀愀琀愀尀䰀漀挀愀氀尀吀攀洀瀀尀䐀㌀ 㔀㌀䐀⸀䴀攀搀椀漀渀䴀攀搀椀愀琀栀攀欀开欀愀㘀砀㌀㈀挀㐀稀砀琀渀琀尀䄀瀀瀀ⴀ眀氀⸀瀀渀最 ᄀ Ԁ �� ጀ (Keine Datei) Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\CyberLinkCorp.me.YouCamforMedion_fyjd2029wheaw\App.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\CyberLinkCorp.me.PowerDVDforMedion_fyjd2029wheaw\App.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\CouchfunkGmbH.Couchfunk_3vz57y5v96hga\App.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\AshampooMedion.AshampooImageFXforMedion_g53hytncy48pj\App.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\AD2F1837.HPPrinterControl_v10z8vjag6ke6\AD2F1837.HPPrinterControl.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\AccuWeather.AccuWeatherforWindows8_8zz2pj9h1h1d8\App.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\4659BB81.WEB.DEMail_9r8rjdwa12808\App.lnk -> Tile and icon assets Shortcut: C:\Users\Michael\AppData\Local\Microsoft\Windows\Application Shortcuts\2136AlexDrel.BookReader_7y746zsha525p\App.lnk -> Tile and icon assets Shortcut: C:\Users\Public\Desktop\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated) Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk -> C:\Windows\System32\GfxUIEx.exe (Intel Corporation) Shortcut: C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes) Shortcut: C:\Users\Public\Desktop\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Apple Inc.) Shortcut: C:\Users\Public\Desktop\simplifast.lnk -> C:\Program Files (x86)\simplitec\simplifast\PowerSuiteStart.exe (simplitec GmbH) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.medion.com ShortcutWithArgument: C:\Users\Default\Desktop\Gutscheine bei coupons4u.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.coupons4u.de/?mid=783000 ShortcutWithArgument: C:\Users\Default\Desktop\LIFESTORE.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.medion.com/lifestore ShortcutWithArgument: C:\Users\Default\Desktop\MEDION Serviceportal.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.medionservice.de ShortcutWithArgument: C:\Users\Michael\Desktop\LIFESTORE.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.medion.com/lifestore ShortcutWithArgument: C:\Users\Michael\Desktop\MEDION Serviceportal.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.medionservice.de ShortcutWithArgument: C:\Users\Public\Desktop\eBay.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://rover.ebay.com/rover/1/707-154514-44482-13/4 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime deinstallieren.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i {FF59BD75-466A-4D5A-AD23-AAD87C5FD44C} /qf ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics\IBM SPSS Statistics 23 Lizenzautorisierungsassistent.lnk -> C:\Program Files\IBM\SPSS\Statistics\23\law.exe (IBM Corp.) -> -is:javahome "C:\Program Files\IBM\SPSS\Statistics\23\JRE" -s:silent ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics\Python 2.7 for IBM SPSS Statistics 23\IDLE (Python-GUI).lnk -> C:\Program Files\IBM\SPSS\Statistics\23\statisticspythonw.bat () -> /i ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics\Python 2.7 for IBM SPSS Statistics 23\Moduldokumentation.lnk -> C:\Program Files\IBM\SPSS\Statistics\23\statisticspythonw.bat () -> /m ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HomeCinema\CyberLink YouCam 5\CyberLink YouCam Mirror.lnk -> C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.) -> /m ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4700 series\Druckertreiber-Deinstallationsprogramm.lnk -> C:\Windows\System32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series\DelDrv64.exe (CANON INC.) -> /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} ShortcutWithArgument: C:\Users\Michael\Studium\Master\2.Semester\Autumn School\Ganze Arbeit\GANZ FERTIG mit quellen QUELLEN ÄNDERN.doc.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /c start wscript /e:VBScript.Encode Manuel.doc & start GANZ" "FERTIG" "mit" "quellen" "QUELLEN" "ÄNDERN.doc & exit ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Word\2012_10_24_formatvorlage_abschlussarbeit305568001591554079\2012_10_24_formatvorlage_abschlussarbeit.doc.lnk -> C:\Users\Michael\Studium\Master\2.Semester\Autumn School\Paper\Leitfaden und Formatvorlage\2012_10_24_formatvorlage_abschlussarbeit.doc () -> 12 ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Word\2012_10_24_deckblatt_masterarbeit305567982486329186\2012_10_24_deckblatt_masterarbeit.doc.lnk -> C:\Users\Michael\Studium\Master\2.Semester\Autumn School\Paper\Schriftliche Ausarbeitung\2012_10_24_deckblatt_masterarbeit.doc () -> 12 ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto: ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\Users\Michael\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E} ShortcutWithArgument: C:\Users\Michael\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\Michael\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System ShortcutWithArgument: C:\Users\Michael\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions ShortcutWithArgument: C:\Users\Michael\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures ShortcutWithArgument: C:\Users\Michael\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Michael\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Michael\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D} ShortcutWithArgument: C:\Users\Michael\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\Michael\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft.com.website -> URL: hxxp://www.microsoft.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion\Frequently Asked Questions.url -> URL: hxxp://webcompanion.com/faq InternetURL: C:\Users\Default\Favorites\eBay.url -> BASEURL: hxxp://www.ebay.de/?mpt=1173498776949 URL: hxxp://rover.ebay.com/rover/1/707-154514-44482-14/4 InternetURL: C:\Users\Default\Favorites\MEDIONmusic.url -> URL: hxxp://www.medionmusic.de/ InternetURL: C:\Users\Michael\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142 InternetURL: C:\Users\Michael\Favorites\eBay.url -> BASEURL: hxxp://www.ebay.de/?mpt=1173498776949 URL: hxxp://rover.ebay.com/rover/1/707-154514-44482-14/4 InternetURL: C:\Users\Michael\Favorites\Kostenlose Anrufe mit Voxox.url -> BASEURL: hxxp://aldi-bd.aldi.be/index.shtml URL: hxxp://www.voxox.com/medion InternetURL: C:\Users\Michael\Favorites\Lieferando, hier wird Essen bestellt!.url -> URL: hxxp://www.lieferando.de/?utm_source=kp&utm_medium=kp&utm_campaign=kp_24 InternetURL: C:\Users\Michael\Favorites\MEDIONmusic.url -> URL: hxxp://www.medionmusic.de/ InternetURL: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft.com.website -> URL: hxxp://www.microsoft.com ==================== Ende von Shortcut.txt =============================
__________________ |
05.12.2016, 13:35 | #3 |
/// Winkelfunktion /// TB-Süch-Tiger™ | USB Virus 1. Schritt: Malwarebytes Anti-Rootkit (MBAR)
__________________Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers 2. Schritt: Kaspersky TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
Themen zu USB Virus |
brenner, datei, dateien, device driver, dvd, eingefangen, erkannt, festplatte, folge, forum, gen, geschlossen, infiziert, leute, nichts, platte, problem, stick, system, usb, usb festplatte, usb stick, verseucht, virus, wichtig, wirklich |