Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   angeblich angeschlossene Hardware (https://www.trojaner-board.de/159358-angeblich-angeschlossene-hardware.html)

antimalware1 03.10.2014 21:37
angeblich angeschlossene Hardware
 
Nabend
Angeblich wurde gerade eben eine Hardware bei mir angeschlossen , jedoch habe ich dies nicht getan und windows hat auch nur den sound gespielt .
Mein Computer macht in letzer Zeit öfters mucken obwohl er neuinstalliert wurde habe alle Partitionen platt gemacht und trotzdem ist manchmal immer etwas !

Hoffe ihr könnt mir helfen
MFG

FRST LOG:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2014
Ran by julian at 2014-10-03 22:32:33
Running from C:\Users\julian\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-09-2014 18:10:35 avast! antivirus system restore point
14-09-2014 18:55:22 Windows Update
26-09-2014 14:07:42 Installed 7-Zip 9.20 (x64 edition)
26-09-2014 14:10:29 Installed 7-Zip 9.20 (x64 edition)
26-09-2014 14:12:36 Gerätetreiber-Paketinstallation: Fuzhou Rockchip
26-09-2014 14:12:57 Gerätetreiber-Paketinstallation: Google, Inc.
26-09-2014 14:20:17 Gerätetreiber-Paketinstallation: Fuzhou Rockchip
26-09-2014 14:20:36 Gerätetreiber-Paketinstallation: Google, Inc.
26-09-2014 14:21:06 Gerätetreiber-Paketinstallation: Fuzhou Rockchip
26-09-2014 14:21:27 Gerätetreiber-Paketinstallation: Google, Inc.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1470E719-7853-45E4-AE05-491F2D82CD83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-14] (Google Inc.)
Task: {40D2F2D6-8F30-4060-9EF7-5E45044D3528} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-14] (Google Inc.)
Task: {EF049330-3F82-4A06-A44E-42D7F0E9EEB0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-14] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-29 14:37 - 2000-01-01 02:00 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-14 20:11 - 2014-09-14 20:11 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-03 20:13 - 2014-10-03 20:13 - 02858496 _____ () C:\Program Files\AVAST Software\Avast\defs\14100300\algo.dll
2014-09-14 20:11 - 2014-09-14 20:11 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-356799422-3664943170-1113897160-500 - Administrator - Disabled)
Gast (S-1-5-21-356799422-3664943170-1113897160-501 - Limited - Disabled)
julian (S-1-5-21-356799422-3664943170-1113897160-1000 - Administrator - Enabled) => C:\Users\julian
router (S-1-5-21-356799422-3664943170-1113897160-1002 - Limited - Enabled) => C:\Users\router
test (S-1-5-21-356799422-3664943170-1113897160-1001 - Limited - Enabled) => C:\Users\test

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/30/2014 03:23:26 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={00DC3F85-9CE0-4319-A6BF-51A250F46D7F}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 3" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (09/24/2014 00:14:09 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={F377AF54-BB8B-4C1A-BA59-1027602E0E96}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 2" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (09/15/2014 08:17:03 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={FBFE9DF7-422D-4B0F-9DC8-009A8252021D}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 2" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (09/14/2014 08:10:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary fasndpto.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/07/2010 05:39:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -546.

Error: (06/07/2010 05:39:41 AM) (Source: ESENT) (EventID: 412) (User: )
Description: Catalog Database (300)Catalog Database: Die Kopfzeile der Protokolldatei C:\Windows\system32\CatRoot2\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (06/07/2010 05:39:41 AM) (Source: ESENT) (EventID: 412) (User: )
Description: Catalog Database (300)Catalog Database: Die Kopfzeile der Protokolldatei C:\Windows\system32\CatRoot2\edb.log konnte nicht gelesen werden. Fehler -546.


System errors:
=============
Error: (10/03/2014 09:28:27 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{476E112B-07AA-4351-87CE-AB5576CA8E5B} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (09/30/2014 03:32:28 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{476E112B-07AA-4351-87CE-AB5576CA8E5B} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (09/30/2014 03:32:02 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{476E112B-07AA-4351-87CE-AB5576CA8E5B} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (09/27/2014 11:48:51 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/24/2014 00:12:09 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{1B29B552-9F18-4D77-BD23-0C85BC2FF37D} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (09/19/2014 08:10:17 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{1B29B552-9F18-4D77-BD23-0C85BC2FF37D} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (09/15/2014 08:17:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (09/15/2014 08:17:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.

Error: (09/14/2014 08:38:21 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{3D48623F-5BCD-4925-A5B0-357FE79484BD} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (09/14/2014 08:27:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {49BD2028-1523-11D1-AD79-00C04FD8FDFF}


Microsoft Office Sessions:
=========================
Error: (09/30/2014 03:23:26 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {00DC3F85-9CE0-4319-A6BF-51A250F46D7F}julian-PC\testVPN-Verbindung 30

Error: (09/24/2014 00:14:09 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {F377AF54-BB8B-4C1A-BA59-1027602E0E96}julian-PC\testVPN-Verbindung 20

Error: (09/15/2014 08:17:03 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {FBFE9DF7-422D-4B0F-9DC8-009A8252021D}julian-PC\testVPN-Verbindung 20

Error: (09/14/2014 08:10:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary fasndpto.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/07/2010 05:39:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -546

Error: (06/07/2010 05:39:41 AM) (Source: ESENT) (EventID: 412) (User: )
Description: Catalog Database300Catalog Database: C:\Windows\system32\CatRoot2\edb.log-546

Error: (06/07/2010 05:39:41 AM) (Source: ESENT) (EventID: 412) (User: )
Description: Catalog Database300Catalog Database: C:\Windows\system32\CatRoot2\edb.log-546


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 30%
Total physical RAM: 3892.55 MB
Available physical RAM: 2719.27 MB
Total Pagefile: 7783.25 MB
Available Pagefile: 6497.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.72 GB) (Free:391.09 GB) NTFS
Drive d: (Volume) (Fixed) (Total:14.65 GB) (Free:12.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0002B5CB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by julian (administrator) on JULIAN-PC on 03-10-2014 22:31:53
Running from C:\Users\julian\Desktop
Loaded Profile: julian (Available profiles: julian & test & router)
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-14] (AVAST Software)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-14]

Chrome:
=======
CHR HomePage: Default -> 4556B648D0C7087BCEAAFCA479C9A8F8C4D3E5058F7001E73BEF5D6470C01DF5
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> A58BEDA775F5A1E22DCF8AE67CEE084F046F2E6BE5B891BD2F1751FCCA7533FF
CHR DefaultSearchProvider: Default -> 87D65E3A805B12569DCE452D90EC9259C6316490DDDE8301369CFB752CB677A4
CHR DefaultSearchURL: Default -> 42ED4287B2CB72F39AEBC821121D385FAF0D2DFBDB3EFF1DAC7398B5DFED46D1
CHR Profile: C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-26]
CHR Extension: (avast! Online Security) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-26]
CHR Extension: (Google Wallet) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-14] (AVAST Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-14] ()
S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [66704 2013-09-09] (Fuzhou Rockchip Electronics Co,Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 22:31 - 2014-10-03 22:32 - 00006021 _____ () C:\Users\julian\Desktop\FRST.txt
2014-10-03 22:31 - 2014-10-03 22:31 - 00000000 ____D () C:\FRST
2014-10-03 22:31 - 2014-10-03 22:30 - 02109440 _____ (Farbar) C:\Users\julian\Desktop\FRST64.exe
2014-10-03 22:29 - 2014-10-03 22:30 - 02109440 _____ (Farbar) C:\Users\test\Downloads\FRST64.exe
2014-10-03 22:16 - 2014-10-03 22:16 - 00000000 ____D () C:\Users\test\AppData\Local\Vitalwerks
2014-10-03 22:11 - 2014-10-03 22:11 - 00473365 _____ () C:\Users\test\Downloads\xRAT.2.0.RELEASE1.zip
2014-10-03 21:12 - 2014-10-03 21:12 - 00748246 _____ ( ) C:\Users\test\Downloads\reshack_setup.exe
2014-10-03 21:12 - 2014-10-03 21:12 - 00748246 _____ ( ) C:\Users\test\Downloads\reshack_setup (1).exe
2014-10-03 21:12 - 2014-10-03 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
2014-10-03 21:12 - 2014-10-03 21:12 - 00000000 ____D () C:\Program Files (x86)\Resource Hacker
2014-10-03 21:10 - 2014-10-03 21:10 - 00860736 _____ () C:\Users\test\Downloads\hexedit.zip
2014-10-03 21:10 - 2014-10-03 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX
2014-10-03 21:10 - 2014-10-03 21:10 - 00000000 ____D () C:\Program Files (x86)\Hex-Editor MX
2014-10-03 20:54 - 2014-10-03 20:56 - 00000000 ____D () C:\Users\test\Desktop\ThemidaDemo32_64
2014-10-03 20:54 - 2014-10-03 20:54 - 00000016 _____ () C:\ProgramData\mntemp
2014-10-03 20:53 - 2014-10-03 20:52 - 20590603 _____ () C:\Users\test\Desktop\ThemidaDemo32_64.zip
2014-10-03 20:49 - 2014-10-03 20:52 - 20590603 _____ () C:\Users\test\Downloads\ThemidaDemo32_64.zip
2014-10-03 20:43 - 2014-10-03 20:43 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2014-10-03 20:43 - 2014-10-03 20:43 - 00000000 ____D () C:\Users\julian\AppData\Local\Vitalwerks
2014-10-03 20:43 - 2014-10-03 20:43 - 00000000 ____D () C:\Program Files (x86)\No-IP
2014-10-03 20:42 - 2014-10-03 20:42 - 00239648 _____ () C:\Users\test\Downloads\DUCSetup_v4_1_0.exe
2014-10-03 20:38 - 2014-10-03 20:38 - 00511848 _____ () C:\Users\test\Downloads\xRAT.2.0.RELEASE2.zip
2014-09-30 15:16 - 2014-09-30 15:16 - 00057560 _____ () C:\Users\router\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-27 11:42 - 2014-09-27 11:42 - 00000000 ____D () C:\Users\router\AppData\Local\Eastman Kodak Company
2014-09-26 22:44 - 2014-09-26 22:44 - 00001946 _____ () C:\Users\Public\Desktop\PrintProjects.lnk
2014-09-26 22:44 - 2014-09-26 22:44 - 00000000 ____D () C:\Users\julian\AppData\Local\Eastman_Kodak_Company
2014-09-26 22:44 - 2014-09-26 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects
2014-09-26 22:43 - 2014-09-26 22:44 - 00000000 ____D () C:\Program Files (x86)\PrintProjects
2014-09-26 22:43 - 2014-09-26 22:43 - 00000000 ____D () C:\Users\test\AppData\Local\Eastman Kodak Company
2014-09-26 22:43 - 2014-09-26 22:43 - 00000000 ____D () C:\ProgramData\Visan
2014-09-26 22:43 - 2014-09-26 22:43 - 00000000 ____D () C:\ProgramData\PrintProjects
2014-09-26 22:43 - 2014-09-26 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
2014-09-26 22:38 - 2014-09-26 22:38 - 00000000 ____D () C:\Windows\SysWOW64\kodak
2014-09-26 22:32 - 2014-09-26 22:36 - 00000000 ____D () C:\Program Files (x86)\Kodak
2014-09-26 22:29 - 2014-09-26 22:29 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Temp
2014-09-26 22:27 - 2014-09-26 22:29 - 10464648 _____ (Eastman Kodak Company) C:\Users\test\Downloads\aio_install.exe
2014-09-26 22:25 - 2014-09-26 22:25 - 00035328 _____ () C:\Users\test\Downloads\FirmwareFlashLauncher.exe
2014-09-26 22:23 - 2014-10-03 21:27 - 00000000 ____D () C:\ProgramData\Kodak
2014-09-26 22:23 - 2014-09-26 22:23 - 00000000 ____D () C:\Windows\system32\kodak
2014-09-26 22:20 - 2014-09-26 22:20 - 00142585 _____ () C:\Users\test\Documents\Blatt.xps
2014-09-26 22:18 - 2014-09-26 22:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-09-26 20:45 - 2014-09-26 20:44 - 00201038 _____ () C:\Users\julian\Desktop\RK3188Loader(L)_V2.13.bin
2014-09-26 20:44 - 2014-09-26 20:44 - 00201038 _____ () C:\Users\test\Downloads\RK3188Loader(L)_V2.13.bin
2014-09-26 20:13 - 2014-09-26 20:13 - 00000000 ____D () C:\Users\julian\Desktop\Oma_DevelopTool_Refresh
2014-09-26 20:11 - 2014-09-26 20:11 - 00546536 _____ () C:\Users\julian\Desktop\Oma_DevelopTool_Refresh.7z
2014-09-26 20:10 - 2014-09-26 20:11 - 00546536 _____ () C:\Users\test\Downloads\Oma_DevelopTool_Refresh.7z
2014-09-26 16:19 - 2014-09-26 16:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-09-26 16:11 - 2014-09-26 16:11 - 00000000 ____D () C:\Users\julian\Desktop\Oma_RK31_tolino_tab8.9_JB_4.2.2_v1.0
2014-09-26 16:11 - 2013-09-09 15:56 - 00066704 _____ (Fuzhou Rockchip Electronics Co,Ltd.) C:\Windows\system32\Drivers\rockusb.sys
2014-09-26 16:10 - 2014-09-26 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-26 16:10 - 2014-09-26 16:10 - 00000000 ____D () C:\Program Files\7-Zip
2014-09-26 16:09 - 2014-09-26 16:06 - 352564223 _____ () C:\Users\julian\Desktop\Oma_RK31_tolino_tab8.9_JB_4.2.2_v1.0.7z
2014-09-26 16:09 - 2014-09-26 16:05 - 01376768 _____ () C:\Users\julian\Desktop\7z920-x64.msi
2014-09-26 16:04 - 2014-09-26 16:05 - 01376768 _____ () C:\Users\test\Downloads\7z920-x64.msi
2014-09-26 15:16 - 2014-09-26 16:06 - 352564223 _____ () C:\Users\test\Downloads\Oma_RK31_tolino_tab8.9_JB_4.2.2_v1.0.7z
2014-09-25 18:20 - 2014-09-25 18:20 - 00527265 _____ () C:\Users\router\Downloads\xRAT.2.0.RELEASE3.zip
2014-09-24 12:17 - 2014-09-24 12:17 - 00000000 _____ () C:\Users\test\Desktop\8 57.txt
2014-09-24 12:01 - 2014-09-24 12:02 - 08205226 _____ () C:\Users\router\Downloads\Firmware_Speedport_W723V_TypA_1.01.001 (1).bin
2014-09-19 19:55 - 2014-09-19 19:57 - 08205226 _____ () C:\Users\router\Downloads\Firmware_Speedport_W723V_TypA_1.01.001.bin
2014-09-19 19:52 - 2014-09-19 19:52 - 00001439 _____ () C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-19 19:52 - 2014-09-19 19:52 - 00001405 _____ () C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-19 19:52 - 2014-09-19 19:52 - 00000020 ___SH () C:\Users\router\ntuser.ini
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\Vorlagen
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\Startmenü
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\Netzwerkumgebung
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\Lokale Einstellungen
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\Eigene Dateien
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\Druckumgebung
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\Documents\Eigene Musik
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\Documents\Eigene Bilder
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\AppData\Local\Verlauf
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\AppData\Local\Anwendungsdaten
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\Anwendungsdaten
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 ____D () C:\Users\router\AppData\Roaming\AVAST Software
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 ____D () C:\Users\router\AppData\Local\VirtualStore
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 ____D () C:\Users\router\AppData\Local\Google
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 ____D () C:\Users\router
2014-09-19 19:52 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-19 19:52 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-14 20:55 - 2014-08-25 06:53 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 20:47 - 2014-09-14 20:47 - 00057560 _____ () C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-14 20:42 - 2014-09-14 20:43 - 00016944 _____ () C:\Users\test\Desktop\CF-Auto-Root-m0-m0xx-gti9300.zip.torrent
2014-09-14 20:42 - 2014-09-14 20:42 - 13557850 _____ () C:\Users\test\Desktop\CF-Auto-Root-m0-m0xx-gti9300.zip
2014-09-14 20:40 - 2014-09-14 20:42 - 13557850 _____ () C:\Users\test\Downloads\CF-Auto-Root-m0-m0xx-gti9300.zip
2014-09-14 20:36 - 2014-09-14 20:36 - 00000000 ____D () C:\Users\test\Desktop\uTorrentPortable
2014-09-14 20:35 - 2014-09-14 20:35 - 02357624 _____ (PortableApps.com) C:\Users\test\Desktop\uTorrentPortable_3.4.2.33870_online.paf.exe
2014-09-14 20:34 - 2014-09-14 20:35 - 02357624 _____ (PortableApps.com) C:\Users\test\Downloads\uTorrentPortable_3.4.2.33870_online.paf.exe
2014-09-14 20:28 - 2014-09-14 20:28 - 00000000 ____D () C:\Users\test\AppData\Roaming\AVAST Software
2014-09-14 20:27 - 2014-10-03 21:10 - 00000000 ____D () C:\Users\test\AppData\Local\VirtualStore
2014-09-14 20:27 - 2014-10-03 21:08 - 00000000 ____D () C:\Users\test
2014-09-14 20:27 - 2014-09-26 16:09 - 00000000 ____D () C:\Users\test\AppData\Local\Google
2014-09-14 20:27 - 2014-09-14 20:27 - 00001439 _____ () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-14 20:27 - 2014-09-14 20:27 - 00001405 _____ () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-14 20:27 - 2014-09-14 20:27 - 00000020 ___SH () C:\Users\test\ntuser.ini
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\Vorlagen
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\Startmenü
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\Netzwerkumgebung
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\Lokale Einstellungen
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\Eigene Dateien
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\Druckumgebung
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\Documents\Eigene Musik
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\Documents\Eigene Bilder
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\AppData\Local\Verlauf
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\AppData\Local\Anwendungsdaten
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\Anwendungsdaten
2014-09-14 20:27 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-14 20:27 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-14 20:25 - 2014-09-14 20:25 - 00000542 _____ () C:\Windows\PFRO.log
2014-09-14 20:22 - 2014-09-14 20:22 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-14 20:22 - 2014-09-14 20:22 - 00000000 ____D () C:\Users\julian\AppData\Roaming\AVAST Software
2014-09-14 20:22 - 2014-09-14 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-14 20:22 - 2014-09-14 20:22 - 00000000 ____D () C:\Intel
2014-09-14 20:21 - 2014-09-26 16:07 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-14 20:21 - 2014-09-14 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-14 20:21 - 2010-06-07 01:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-14 20:11 - 2014-10-03 22:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-14 20:11 - 2014-10-03 22:22 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-14 20:11 - 2014-09-15 20:17 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-14 20:11 - 2014-09-15 20:17 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-14 20:11 - 2014-09-14 20:22 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-14 20:11 - 2014-09-14 20:22 - 00000000 ____D () C:\Users\julian\AppData\Local\Google
2014-09-14 20:11 - 2014-09-14 20:21 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-14 20:11 - 2014-09-14 20:11 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-14 20:11 - 2014-09-14 20:11 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-14 20:11 - 2014-09-14 20:11 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-14 20:11 - 2014-09-14 20:11 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-14 20:11 - 2014-09-14 20:11 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-14 20:11 - 2014-09-14 20:11 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-14 20:11 - 2014-09-14 20:11 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-14 20:11 - 2014-09-14 20:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-14 20:11 - 2014-09-14 20:11 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-14 20:11 - 2014-09-14 20:11 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-14 20:10 - 2014-09-14 20:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-14 20:10 - 2014-09-14 20:10 - 00057560 _____ () C:\Users\julian\AppData\Local\GDIPFONTCACHEV1.DAT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 22:31 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 22:31 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 22:26 - 2010-06-07 05:43 - 00110795 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 22:26 - 2009-07-14 06:51 - 00018769 _____ () C:\Windows\setupact.log
2014-10-03 21:31 - 2009-10-24 18:10 - 00680010 _____ () C:\Windows\system32\perfh010.dat
2014-10-03 21:31 - 2009-10-24 18:10 - 00124006 _____ () C:\Windows\system32\perfc010.dat
2014-10-03 21:31 - 2009-10-24 18:01 - 00684954 _____ () C:\Windows\system32\perfh00C.dat
2014-10-03 21:31 - 2009-10-24 18:01 - 00127070 _____ () C:\Windows\system32\perfc00C.dat
2014-10-03 21:31 - 2009-10-24 17:51 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2014-10-03 21:31 - 2009-10-24 17:51 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2014-10-03 21:31 - 2009-07-14 07:13 - 03085342 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-03 21:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-14 20:10 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2010-06-07 05:38

==================== End Of Log ============================

Code:
Users shortcut scan result (x64) Version: 02-10-2014
Ran by julian at 2014-10-03 22:33:04
Running from C:\Users\julian\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker\Resource Hacker.lnk -> C:\Program Files (x86)\Resource Hacker\ResHacker.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects\ PrintProjects deinstallieren.lnk -> C:\Program Files (x86)\PrintProjects\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects\PrintProjects.lnk -> C:\Program Files (x86)\PrintProjects\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\KODAK AiO*Drucker-Tools.lnk -> C:\Program Files (x86)\Kodak\AiO\Center\AiOPrinterTools.exe (Eastman Kodak Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\Kodak Druckereinrichtungs-Dienstprogramm.lnk -> C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe (Eastman Kodak Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX\Hex-Editor MX entfernen.lnk -> C:\Program Files (x86)\Hex-Editor MX\unins000.exe (Jordan Russell)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX\Hex-Editor MX Hilfe.lnk -> C:\Program Files (x86)\Hex-Editor MX\hexeditmx.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX\Hex-Editor MX.lnk -> C:\Program Files (x86)\Hex-Editor MX\HexeditMX.exe (NEXT-Soft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX\Lizenzvertrag.lnk -> C:\Program Files (x86)\Hex-Editor MX\lizenz.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast! Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\Links\Desktop.lnk -> C:\Users\julian\Desktop ()
Shortcut: C:\Users\julian\Links\Downloads.lnk -> C:\Users\julian\Downloads ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\DUC.lnk -> C:\Program Files (x86)\No-IP\DUC40.exe ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\License.lnk -> C:\Program Files (x86)\No-IP\License.txt ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\Uninstall.lnk -> C:\Program Files (x86)\No-IP\Uninstall.exe ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\PrintProjects.lnk -> C:\Program Files (x86)\PrintProjects\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\Users\router\Links\Desktop.lnk -> C:\Users\julian\Desktop ()
Shortcut: C:\Users\router\Links\Downloads.lnk -> C:\Users\julian\Downloads ()
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\test\Links\Desktop.lnk -> C:\Users\julian\Desktop ()
Shortcut: C:\Users\test\Links\Downloads.lnk -> C:\Users\julian\Downloads ()
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\KODAK AiO*Statusmonitor.lnk -> C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\KODAK All-in-One Software deinstallieren.lnk -> C:\ProgramData\Kodak\Installer\Setup.exe (Eastman Kodak Company) -> /Web /x {E0F274B7-592B-4669-8FB8-8D9825A09858} CompanyName="Eastman Kodak Company" /code 1031
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\router\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\router\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\Benutzerhandbuch.url -> hxxp://www.kodak.com/go/manuals?pq-locale=de_DE#aioprinters
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\KODAK Mobile Solutions.url -> hxxp://www.kodak.com/go/mobileprinting
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\julian\Favorites\Links\Web Slice-Katalog.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\router\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\router\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\router\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\router\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\router\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\router\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\router\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\router\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\router\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\router\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\router\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\router\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\router\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\router\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\router\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\router\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\router\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\router\Favorites\Links\Web Slice-Katalog.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\test\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\test\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\test\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\test\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\test\Favorites\Links\Web Slice-Katalog.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315

==================== End of log =============================

schrauber 03.10.2014 21:53
hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

antimalware1 03.10.2014 21:57
Hi
siehst nach einem Rootkit aus ?
Bitte das Thema nicht löschen !!!
Kann erst Sonntag Abend oder Montag Abend wieder online und werde dann den Scan durchführen !

Danke schon im vorraus für deine Hilfe


MFG

schrauber 04.10.2014 14:35
ok :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:10 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129