Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
angeblich angeschlossene Hardware

angeblich angeschlossene Hardware


Plagegeister aller Art und deren Bekämpfung: angeblich angeschlossene Hardware

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.10.2014, 21:37   #1
antimalware1
 
angeblich angeschlossene Hardware - Standard

angeblich angeschlossene Hardware


Nabend
Angeblich wurde gerade eben eine Hardware bei mir angeschlossen , jedoch habe ich dies nicht getan und windows hat auch nur den sound gespielt .
Mein Computer macht in letzer Zeit öfters mucken obwohl er neuinstalliert wurde habe alle Partitionen platt gemacht und trotzdem ist manchmal immer etwas !

Hoffe ihr könnt mir helfen
MFG

FRST LOG:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2014
Ran by julian at 2014-10-03 22:32:33
Running from C:\Users\julian\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

14-09-2014 18:10:35 avast! antivirus system restore point
14-09-2014 18:55:22 Windows Update
26-09-2014 14:07:42 Installed 7-Zip 9.20 (x64 edition)
26-09-2014 14:10:29 Installed 7-Zip 9.20 (x64 edition)
26-09-2014 14:12:36 Gerätetreiber-Paketinstallation: Fuzhou Rockchip
26-09-2014 14:12:57 Gerätetreiber-Paketinstallation: Google, Inc.
26-09-2014 14:20:17 Gerätetreiber-Paketinstallation: Fuzhou Rockchip
26-09-2014 14:20:36 Gerätetreiber-Paketinstallation: Google, Inc.
26-09-2014 14:21:06 Gerätetreiber-Paketinstallation: Fuzhou Rockchip
26-09-2014 14:21:27 Gerätetreiber-Paketinstallation: Google, Inc.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1470E719-7853-45E4-AE05-491F2D82CD83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-14] (Google Inc.)
Task: {40D2F2D6-8F30-4060-9EF7-5E45044D3528} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-14] (Google Inc.)
Task: {EF049330-3F82-4A06-A44E-42D7F0E9EEB0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-14] (AVAST Software)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-29 14:37 - 2000-01-01 02:00 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-14 20:11 - 2014-09-14 20:11 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-10-03 20:13 - 2014-10-03 20:13 - 02858496 _____ () C:\Program Files\AVAST Software\Avast\defs\14100300\algo.dll
2014-09-14 20:11 - 2014-09-14 20:11 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-356799422-3664943170-1113897160-500 - Administrator - Disabled)
Gast (S-1-5-21-356799422-3664943170-1113897160-501 - Limited - Disabled)
julian (S-1-5-21-356799422-3664943170-1113897160-1000 - Administrator - Enabled) => C:\Users\julian
router (S-1-5-21-356799422-3664943170-1113897160-1002 - Limited - Enabled) => C:\Users\router
test (S-1-5-21-356799422-3664943170-1113897160-1001 - Limited - Enabled) => C:\Users\test

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/30/2014 03:23:26 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={00DC3F85-9CE0-4319-A6BF-51A250F46D7F}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 3" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (09/24/2014 00:14:09 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={F377AF54-BB8B-4C1A-BA59-1027602E0E96}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 2" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (09/15/2014 08:17:03 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={FBFE9DF7-422D-4B0F-9DC8-009A8252021D}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 2" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (09/14/2014 08:10:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary fasndpto.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (06/07/2010 05:39:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -546.

Error: (06/07/2010 05:39:41 AM) (Source: ESENT) (EventID: 412) (User: )
Description: Catalog Database (300)Catalog Database: Die Kopfzeile der Protokolldatei C:\Windows\system32\CatRoot2\edb.log konnte nicht gelesen werden. Fehler -546.

Error: (06/07/2010 05:39:41 AM) (Source: ESENT) (EventID: 412) (User: )
Description: Catalog Database (300)Catalog Database: Die Kopfzeile der Protokolldatei C:\Windows\system32\CatRoot2\edb.log konnte nicht gelesen werden. Fehler -546.


System errors:
=============
Error: (10/03/2014 09:28:27 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{476E112B-07AA-4351-87CE-AB5576CA8E5B} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (09/30/2014 03:32:28 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{476E112B-07AA-4351-87CE-AB5576CA8E5B} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (09/30/2014 03:32:02 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{476E112B-07AA-4351-87CE-AB5576CA8E5B} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (09/27/2014 11:48:51 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/24/2014 00:12:09 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{1B29B552-9F18-4D77-BD23-0C85BC2FF37D} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (09/19/2014 08:10:17 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{1B29B552-9F18-4D77-BD23-0C85BC2FF37D} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (09/15/2014 08:17:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (09/15/2014 08:17:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.

Error: (09/14/2014 08:38:21 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{3D48623F-5BCD-4925-A5B0-357FE79484BD} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (09/14/2014 08:27:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {49BD2028-1523-11D1-AD79-00C04FD8FDFF}


Microsoft Office Sessions:
=========================
Error: (09/30/2014 03:23:26 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {00DC3F85-9CE0-4319-A6BF-51A250F46D7F}julian-PC\testVPN-Verbindung 30

Error: (09/24/2014 00:14:09 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {F377AF54-BB8B-4C1A-BA59-1027602E0E96}julian-PC\testVPN-Verbindung 20

Error: (09/15/2014 08:17:03 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {FBFE9DF7-422D-4B0F-9DC8-009A8252021D}julian-PC\testVPN-Verbindung 20

Error: (09/14/2014 08:10:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary fasndpto.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (06/07/2010 05:39:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -546

Error: (06/07/2010 05:39:41 AM) (Source: ESENT) (EventID: 412) (User: )
Description: Catalog Database300Catalog Database: C:\Windows\system32\CatRoot2\edb.log-546

Error: (06/07/2010 05:39:41 AM) (Source: ESENT) (EventID: 412) (User: )
Description: Catalog Database300Catalog Database: C:\Windows\system32\CatRoot2\edb.log-546


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 30%
Total physical RAM: 3892.55 MB
Available physical RAM: 2719.27 MB
Total Pagefile: 7783.25 MB
Available Pagefile: 6497.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.72 GB) (Free:391.09 GB) NTFS
Drive d: (Volume) (Fixed) (Total:14.65 GB) (Free:12.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0002B5CB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2014
Ran by julian (administrator) on JULIAN-PC on 03-10-2014 22:31:53
Running from C:\Users\julian\Desktop
Loaded Profile: julian (Available profiles: julian & test & router)
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-14] (AVAST Software)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-14]

Chrome: 
=======
CHR HomePage: Default -> 4556B648D0C7087BCEAAFCA479C9A8F8C4D3E5058F7001E73BEF5D6470C01DF5
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> A58BEDA775F5A1E22DCF8AE67CEE084F046F2E6BE5B891BD2F1751FCCA7533FF
CHR DefaultSearchProvider: Default -> 87D65E3A805B12569DCE452D90EC9259C6316490DDDE8301369CFB752CB677A4
CHR DefaultSearchURL: Default -> 42ED4287B2CB72F39AEBC821121D385FAF0D2DFBDB3EFF1DAC7398B5DFED46D1
CHR Profile: C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-26]
CHR Extension: (avast! Online Security) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-26]
CHR Extension: (Google Wallet) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-14] (AVAST Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-14] ()
S3 Rockusb; C:\Windows\System32\DRIVERS\rockusb.sys [66704 2013-09-09] (Fuzhou Rockchip Electronics Co,Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 22:31 - 2014-10-03 22:32 - 00006021 _____ () C:\Users\julian\Desktop\FRST.txt
2014-10-03 22:31 - 2014-10-03 22:31 - 00000000 ____D () C:\FRST
2014-10-03 22:31 - 2014-10-03 22:30 - 02109440 _____ (Farbar) C:\Users\julian\Desktop\FRST64.exe
2014-10-03 22:29 - 2014-10-03 22:30 - 02109440 _____ (Farbar) C:\Users\test\Downloads\FRST64.exe
2014-10-03 22:16 - 2014-10-03 22:16 - 00000000 ____D () C:\Users\test\AppData\Local\Vitalwerks
2014-10-03 22:11 - 2014-10-03 22:11 - 00473365 _____ () C:\Users\test\Downloads\xRAT.2.0.RELEASE1.zip
2014-10-03 21:12 - 2014-10-03 21:12 - 00748246 _____ ( ) C:\Users\test\Downloads\reshack_setup.exe
2014-10-03 21:12 - 2014-10-03 21:12 - 00748246 _____ ( ) C:\Users\test\Downloads\reshack_setup (1).exe
2014-10-03 21:12 - 2014-10-03 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
2014-10-03 21:12 - 2014-10-03 21:12 - 00000000 ____D () C:\Program Files (x86)\Resource Hacker
2014-10-03 21:10 - 2014-10-03 21:10 - 00860736 _____ () C:\Users\test\Downloads\hexedit.zip
2014-10-03 21:10 - 2014-10-03 21:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX
2014-10-03 21:10 - 2014-10-03 21:10 - 00000000 ____D () C:\Program Files (x86)\Hex-Editor MX
2014-10-03 20:54 - 2014-10-03 20:56 - 00000000 ____D () C:\Users\test\Desktop\ThemidaDemo32_64
2014-10-03 20:54 - 2014-10-03 20:54 - 00000016 _____ () C:\ProgramData\mntemp
2014-10-03 20:53 - 2014-10-03 20:52 - 20590603 _____ () C:\Users\test\Desktop\ThemidaDemo32_64.zip
2014-10-03 20:49 - 2014-10-03 20:52 - 20590603 _____ () C:\Users\test\Downloads\ThemidaDemo32_64.zip
2014-10-03 20:43 - 2014-10-03 20:43 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2014-10-03 20:43 - 2014-10-03 20:43 - 00000000 ____D () C:\Users\julian\AppData\Local\Vitalwerks
2014-10-03 20:43 - 2014-10-03 20:43 - 00000000 ____D () C:\Program Files (x86)\No-IP
2014-10-03 20:42 - 2014-10-03 20:42 - 00239648 _____ () C:\Users\test\Downloads\DUCSetup_v4_1_0.exe
2014-10-03 20:38 - 2014-10-03 20:38 - 00511848 _____ () C:\Users\test\Downloads\xRAT.2.0.RELEASE2.zip
2014-09-30 15:16 - 2014-09-30 15:16 - 00057560 _____ () C:\Users\router\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-27 11:42 - 2014-09-27 11:42 - 00000000 ____D () C:\Users\router\AppData\Local\Eastman Kodak Company
2014-09-26 22:44 - 2014-09-26 22:44 - 00001946 _____ () C:\Users\Public\Desktop\PrintProjects.lnk
2014-09-26 22:44 - 2014-09-26 22:44 - 00000000 ____D () C:\Users\julian\AppData\Local\Eastman_Kodak_Company
2014-09-26 22:44 - 2014-09-26 22:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects
2014-09-26 22:43 - 2014-09-26 22:44 - 00000000 ____D () C:\Program Files (x86)\PrintProjects
2014-09-26 22:43 - 2014-09-26 22:43 - 00000000 ____D () C:\Users\test\AppData\Local\Eastman Kodak Company
2014-09-26 22:43 - 2014-09-26 22:43 - 00000000 ____D () C:\ProgramData\Visan
2014-09-26 22:43 - 2014-09-26 22:43 - 00000000 ____D () C:\ProgramData\PrintProjects
2014-09-26 22:43 - 2014-09-26 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
2014-09-26 22:38 - 2014-09-26 22:38 - 00000000 ____D () C:\Windows\SysWOW64\kodak
2014-09-26 22:32 - 2014-09-26 22:36 - 00000000 ____D () C:\Program Files (x86)\Kodak
2014-09-26 22:29 - 2014-09-26 22:29 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Temp
2014-09-26 22:27 - 2014-09-26 22:29 - 10464648 _____ (Eastman Kodak Company) C:\Users\test\Downloads\aio_install.exe
2014-09-26 22:25 - 2014-09-26 22:25 - 00035328 _____ () C:\Users\test\Downloads\FirmwareFlashLauncher.exe
2014-09-26 22:23 - 2014-10-03 21:27 - 00000000 ____D () C:\ProgramData\Kodak
2014-09-26 22:23 - 2014-09-26 22:23 - 00000000 ____D () C:\Windows\system32\kodak
2014-09-26 22:20 - 2014-09-26 22:20 - 00142585 _____ () C:\Users\test\Documents\Blatt.xps
2014-09-26 22:18 - 2014-09-26 22:18 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-09-26 20:45 - 2014-09-26 20:44 - 00201038 _____ () C:\Users\julian\Desktop\RK3188Loader(L)_V2.13.bin
2014-09-26 20:44 - 2014-09-26 20:44 - 00201038 _____ () C:\Users\test\Downloads\RK3188Loader(L)_V2.13.bin
2014-09-26 20:13 - 2014-09-26 20:13 - 00000000 ____D () C:\Users\julian\Desktop\Oma_DevelopTool_Refresh
2014-09-26 20:11 - 2014-09-26 20:11 - 00546536 _____ () C:\Users\julian\Desktop\Oma_DevelopTool_Refresh.7z
2014-09-26 20:10 - 2014-09-26 20:11 - 00546536 _____ () C:\Users\test\Downloads\Oma_DevelopTool_Refresh.7z
2014-09-26 16:19 - 2014-09-26 16:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-09-26 16:11 - 2014-09-26 16:11 - 00000000 ____D () C:\Users\julian\Desktop\Oma_RK31_tolino_tab8.9_JB_4.2.2_v1.0
2014-09-26 16:11 - 2013-09-09 15:56 - 00066704 _____ (Fuzhou Rockchip Electronics Co,Ltd.) C:\Windows\system32\Drivers\rockusb.sys
2014-09-26 16:10 - 2014-09-26 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-26 16:10 - 2014-09-26 16:10 - 00000000 ____D () C:\Program Files\7-Zip
2014-09-26 16:09 - 2014-09-26 16:06 - 352564223 _____ () C:\Users\julian\Desktop\Oma_RK31_tolino_tab8.9_JB_4.2.2_v1.0.7z
2014-09-26 16:09 - 2014-09-26 16:05 - 01376768 _____ () C:\Users\julian\Desktop\7z920-x64.msi
2014-09-26 16:04 - 2014-09-26 16:05 - 01376768 _____ () C:\Users\test\Downloads\7z920-x64.msi
2014-09-26 15:16 - 2014-09-26 16:06 - 352564223 _____ () C:\Users\test\Downloads\Oma_RK31_tolino_tab8.9_JB_4.2.2_v1.0.7z
2014-09-25 18:20 - 2014-09-25 18:20 - 00527265 _____ () C:\Users\router\Downloads\xRAT.2.0.RELEASE3.zip
2014-09-24 12:17 - 2014-09-24 12:17 - 00000000 _____ () C:\Users\test\Desktop\8 57.txt
2014-09-24 12:01 - 2014-09-24 12:02 - 08205226 _____ () C:\Users\router\Downloads\Firmware_Speedport_W723V_TypA_1.01.001 (1).bin
2014-09-19 19:55 - 2014-09-19 19:57 - 08205226 _____ () C:\Users\router\Downloads\Firmware_Speedport_W723V_TypA_1.01.001.bin
2014-09-19 19:52 - 2014-09-19 19:52 - 00001439 _____ () C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-19 19:52 - 2014-09-19 19:52 - 00001405 _____ () C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-19 19:52 - 2014-09-19 19:52 - 00000020 ___SH () C:\Users\router\ntuser.ini
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\Vorlagen
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\Startmenü
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\Netzwerkumgebung
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\Lokale Einstellungen
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\Eigene Dateien
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\Druckumgebung
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\Documents\Eigene Musik
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\Documents\Eigene Bilder
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\AppData\Local\Verlauf
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\AppData\Local\Anwendungsdaten
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 _SHDL () C:\Users\router\Anwendungsdaten
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 ____D () C:\Users\router\AppData\Roaming\AVAST Software
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 ____D () C:\Users\router\AppData\Local\VirtualStore
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 ____D () C:\Users\router\AppData\Local\Google
2014-09-19 19:52 - 2014-09-19 19:52 - 00000000 ____D () C:\Users\router
2014-09-19 19:52 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-19 19:52 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-14 20:55 - 2014-08-25 06:53 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 20:47 - 2014-09-14 20:47 - 00057560 _____ () C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-14 20:42 - 2014-09-14 20:43 - 00016944 _____ () C:\Users\test\Desktop\CF-Auto-Root-m0-m0xx-gti9300.zip.torrent
2014-09-14 20:42 - 2014-09-14 20:42 - 13557850 _____ () C:\Users\test\Desktop\CF-Auto-Root-m0-m0xx-gti9300.zip
2014-09-14 20:40 - 2014-09-14 20:42 - 13557850 _____ () C:\Users\test\Downloads\CF-Auto-Root-m0-m0xx-gti9300.zip
2014-09-14 20:36 - 2014-09-14 20:36 - 00000000 ____D () C:\Users\test\Desktop\uTorrentPortable
2014-09-14 20:35 - 2014-09-14 20:35 - 02357624 _____ (PortableApps.com) C:\Users\test\Desktop\uTorrentPortable_3.4.2.33870_online.paf.exe
2014-09-14 20:34 - 2014-09-14 20:35 - 02357624 _____ (PortableApps.com) C:\Users\test\Downloads\uTorrentPortable_3.4.2.33870_online.paf.exe
2014-09-14 20:28 - 2014-09-14 20:28 - 00000000 ____D () C:\Users\test\AppData\Roaming\AVAST Software
2014-09-14 20:27 - 2014-10-03 21:10 - 00000000 ____D () C:\Users\test\AppData\Local\VirtualStore
2014-09-14 20:27 - 2014-10-03 21:08 - 00000000 ____D () C:\Users\test
2014-09-14 20:27 - 2014-09-26 16:09 - 00000000 ____D () C:\Users\test\AppData\Local\Google
2014-09-14 20:27 - 2014-09-14 20:27 - 00001439 _____ () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-14 20:27 - 2014-09-14 20:27 - 00001405 _____ () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-14 20:27 - 2014-09-14 20:27 - 00000020 ___SH () C:\Users\test\ntuser.ini
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\Vorlagen
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\Startmenü
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\Netzwerkumgebung
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\Lokale Einstellungen
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\Eigene Dateien
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\Druckumgebung
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\Documents\Eigene Musik
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\Documents\Eigene Bilder
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\AppData\Local\Verlauf
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\AppData\Local\Anwendungsdaten
2014-09-14 20:27 - 2014-09-14 20:27 - 00000000 _SHDL () C:\Users\test\Anwendungsdaten
2014-09-14 20:27 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-14 20:27 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-14 20:25 - 2014-09-14 20:25 - 00000542 _____ () C:\Windows\PFRO.log
2014-09-14 20:22 - 2014-09-14 20:22 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-14 20:22 - 2014-09-14 20:22 - 00000000 ____D () C:\Users\julian\AppData\Roaming\AVAST Software
2014-09-14 20:22 - 2014-09-14 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-14 20:22 - 2014-09-14 20:22 - 00000000 ____D () C:\Intel
2014-09-14 20:21 - 2014-09-26 16:07 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-14 20:21 - 2014-09-14 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-14 20:21 - 2010-06-07 01:29 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-14 20:11 - 2014-10-03 22:30 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-14 20:11 - 2014-10-03 22:22 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-14 20:11 - 2014-09-15 20:17 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-09-14 20:11 - 2014-09-15 20:17 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-09-14 20:11 - 2014-09-14 20:22 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-14 20:11 - 2014-09-14 20:22 - 00000000 ____D () C:\Users\julian\AppData\Local\Google
2014-09-14 20:11 - 2014-09-14 20:21 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-14 20:11 - 2014-09-14 20:11 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-14 20:11 - 2014-09-14 20:11 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-14 20:11 - 2014-09-14 20:11 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-14 20:11 - 2014-09-14 20:11 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-14 20:11 - 2014-09-14 20:11 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-14 20:11 - 2014-09-14 20:11 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-14 20:11 - 2014-09-14 20:11 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-14 20:11 - 2014-09-14 20:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-14 20:11 - 2014-09-14 20:11 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-14 20:11 - 2014-09-14 20:11 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-14 20:10 - 2014-09-14 20:11 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-14 20:10 - 2014-09-14 20:10 - 00057560 _____ () C:\Users\julian\AppData\Local\GDIPFONTCACHEV1.DAT

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-03 22:31 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 22:31 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 22:26 - 2010-06-07 05:43 - 00110795 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 22:26 - 2009-07-14 06:51 - 00018769 _____ () C:\Windows\setupact.log
2014-10-03 21:31 - 2009-10-24 18:10 - 00680010 _____ () C:\Windows\system32\perfh010.dat
2014-10-03 21:31 - 2009-10-24 18:10 - 00124006 _____ () C:\Windows\system32\perfc010.dat
2014-10-03 21:31 - 2009-10-24 18:01 - 00684954 _____ () C:\Windows\system32\perfh00C.dat
2014-10-03 21:31 - 2009-10-24 18:01 - 00127070 _____ () C:\Windows\system32\perfc00C.dat
2014-10-03 21:31 - 2009-10-24 17:51 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2014-10-03 21:31 - 2009-10-24 17:51 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2014-10-03 21:31 - 2009-07-14 07:13 - 03085342 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-03 21:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-14 20:10 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\restore

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2010-06-07 05:38

==================== End Of Log ============================

Code:
ATTFilter
Users shortcut scan result (x64) Version: 02-10-2014
Ran by julian at 2014-10-03 22:33:04
Running from C:\Users\julian\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker\Resource Hacker.lnk -> C:\Program Files (x86)\Resource Hacker\ResHacker.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects\ PrintProjects deinstallieren.lnk -> C:\Program Files (x86)\PrintProjects\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects\PrintProjects.lnk -> C:\Program Files (x86)\PrintProjects\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\KODAK AiO*Drucker-Tools.lnk -> C:\Program Files (x86)\Kodak\AiO\Center\AiOPrinterTools.exe (Eastman Kodak Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\Kodak Druckereinrichtungs-Dienstprogramm.lnk -> C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe (Eastman Kodak Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX\Hex-Editor MX entfernen.lnk -> C:\Program Files (x86)\Hex-Editor MX\unins000.exe (Jordan Russell)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX\Hex-Editor MX Hilfe.lnk -> C:\Program Files (x86)\Hex-Editor MX\hexeditmx.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX\Hex-Editor MX.lnk -> C:\Program Files (x86)\Hex-Editor MX\HexeditMX.exe (NEXT-Soft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX\Lizenzvertrag.lnk -> C:\Program Files (x86)\Hex-Editor MX\lizenz.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast! Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\Links\Desktop.lnk -> C:\Users\julian\Desktop ()
Shortcut: C:\Users\julian\Links\Downloads.lnk -> C:\Users\julian\Downloads ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\DUC.lnk -> C:\Program Files (x86)\No-IP\DUC40.exe ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\License.lnk -> C:\Program Files (x86)\No-IP\License.txt ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\Uninstall.lnk -> C:\Program Files (x86)\No-IP\Uninstall.exe ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\avast! Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\PrintProjects.lnk -> C:\Program Files (x86)\PrintProjects\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\Users\router\Links\Desktop.lnk -> C:\Users\julian\Desktop ()
Shortcut: C:\Users\router\Links\Downloads.lnk -> C:\Users\julian\Downloads ()
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\router\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\test\Links\Desktop.lnk -> C:\Users\julian\Desktop ()
Shortcut: C:\Users\test\Links\Downloads.lnk -> C:\Users\julian\Downloads ()
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\KODAK AiO*Statusmonitor.lnk -> C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\KODAK All-in-One Software deinstallieren.lnk -> C:\ProgramData\Kodak\Installer\Setup.exe (Eastman Kodak Company) -> /Web /x {E0F274B7-592B-4669-8FB8-8D9825A09858} CompanyName="Eastman Kodak Company" /code 1031
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\router\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\router\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\router\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\Benutzerhandbuch.url -> hxxp://www.kodak.com/go/manuals?pq-locale=de_DE#aioprinters
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\KODAK Mobile Solutions.url -> hxxp://www.kodak.com/go/mobileprinting
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\julian\Favorites\Links\Web Slice-Katalog.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\router\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\router\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\router\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\router\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\router\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\router\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\router\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\router\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\router\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\router\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\router\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\router\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\router\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\router\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\router\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\router\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\router\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\router\Favorites\Links\Web Slice-Katalog.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\test\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\test\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\test\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\test\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\test\Favorites\Links\Web Slice-Katalog.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315

==================== End of log =============================

Alt 03.10.2014, 21:53   #2
schrauber
/// the machine
/// TB-Ausbilder
 
angeblich angeschlossene Hardware - Standard

angeblich angeschlossene Hardware


hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________
Alt 03.10.2014, 21:57   #3
antimalware1
 
angeblich angeschlossene Hardware - Standard

angeblich angeschlossene Hardware


Hi
siehst nach einem Rootkit aus ?
Bitte das Thema nicht löschen !!!
Kann erst Sonntag Abend oder Montag Abend wieder online und werde dann den Scan durchführen !

Danke schon im vorraus für deine Hilfe


MFG
__________________
Alt 04.10.2014, 14:35   #4
schrauber
/// the machine
/// TB-Ausbilder
 
angeblich angeschlossene Hardware - Standard

angeblich angeschlossene Hardware


ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu angeblich angeschlossene Hardware
adware, antivirus, askbar, avast, computer, cpu, defender, explorer, fehler, helper, home, homepage, iexplore.exe, installation, internet, netzwerk, performance, rundll, scan, security, server, services.exe, software, svchost.exe, system, tablet, windows


« UDS:DangerousObject.Multi.Generic | Phishing-Mail von amazon »


Ähnliche Themen: angeblich angeschlossene Hardware


  1. ungeeignete Hardware für Win 10
    Diskussionsforum - 27.09.2015 (14)
  2. Hardware Defekt?
    Netzwerk und Hardware - 06.04.2013 (4)
  3. Hardware defekt?
    Netzwerk und Hardware - 27.01.2013 (5)
  4. Angeschlossene Geräte im Router nicht nachvollziehbar?
    Überwachung, Datenschutz und Spam - 30.12.2012 (13)
  5. Hardware installation
    Alles rund um Windows - 24.11.2012 (1)
  6. hardware frage
    Netzwerk und Hardware - 03.10.2011 (12)
  7. Angeblich neue Hardware gefunden
    Netzwerk und Hardware - 19.08.2011 (4)
  8. Angeschlossene Pc's Weltweit?
    Diskussionsforum - 05.03.2010 (4)
  9. Hardware Firewall
    Antiviren-, Firewall- und andere Schutzprogramme - 04.09.2009 (4)
  10. Hardware umbenennen?
    Alles rund um Windows - 18.07.2009 (0)
  11. Hardware-Malware
    Diskussionsforum - 08.11.2008 (37)
  12. 2 Fragen zu Hardware
    Netzwerk und Hardware - 04.02.2007 (8)
  13. Probleme mit Hardware?!
    Mülltonne - 28.10.2005 (1)
  14. hardware firewall
    Antiviren-, Firewall- und andere Schutzprogramme - 15.06.2005 (8)
  15. hardware-kauf
    Alles rund um Mac OSX & Linux - 09.09.2004 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema angeblich angeschlossene Hardware - Nabend Angeblich wurde gerade eben eine Hardware bei mir angeschlossen , jedoch habe ich dies nicht getan und windows hat auch nur den sound gespielt . Mein Computer macht in - angeblich angeschlossene Hardware...
Archiv
Du betrachtest: angeblich angeschlossene Hardware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131