Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: merkwürdiger startup Eintrag

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.02.2015, 17:55   #1
ichbins2000
 
merkwürdiger startup Eintrag - Standard

merkwürdiger startup Eintrag



Hallo
Nach langer Zeit hat mich anscheinend wieder ein Virus überfallen...

Ich habe einen merkwürdigen startup Eintrag in HKLM .

Wäre dankbar wenn da mal jemand drüberschauen würde


MFG


Code:
ATTFilter
 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02
Ran by julian at 2015-02-12 17:48:27
Running from C:\Users\julian\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3604044926-3834190717-268029489-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.740 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
eMule (HKLM-x32\...\eMule) (Version:  - )
essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.45.4.3 - Marvell)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MyRouter 2.0.8 (HKLM-x32\...\MyRouter) (Version: 2.0.8 - MyRouter, Inc.)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
OpenVPN 2.3.6-I001  (HKLM\...\OpenVPN) (Version: 2.3.6-I001 - )
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1500.0 - SAMSUNG Electronics Co., Ltd.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Virtual Router v1.0 (HKLM-x32\...\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}) (Version: 1.0 - Chris Pietschmann)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

10-02-2015 20:32:42 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
10-02-2015 20:33:51 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
10-02-2015 20:35:04 OpenOffice 4.1.1 wird installiert

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {82C7E1E5-BAF5-4063-98C3-397E81931B35} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-04] (Google Inc.)
Task: {97ED393B-29CD-42AA-8D92-0D40AF04C752} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: {B5000AFD-4954-48E4-BBBB-0AB3903774BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-04] (Google Inc.)
Task: {B5EEE72B-BC40-4276-A2A2-23E9D5A53735} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe

==================== Loaded Modules (whitelisted) ==============

2014-12-04 20:51 - 2000-01-01 01:00 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-02-10 21:19 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-10 21:19 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-10 21:19 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90439091.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\90439091.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3604044926-3834190717-268029489-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\julian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3604044926-3834190717-268029489-500 - Administrator - Disabled)
Gast (S-1-5-21-3604044926-3834190717-268029489-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3604044926-3834190717-268029489-1002 - Limited - Enabled)
julian (S-1-5-21-3604044926-3834190717-268029489-1001 - Administrator - Enabled) => C:\Users\julian
test (S-1-5-21-3604044926-3834190717-268029489-1003 - Limited - Enabled) => C:\Users\test

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2015 09:53:36 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={4DF71C62-4CA5-469F-A3EB-C640C0E7B3EE}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 4" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (02/01/2015 00:11:29 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={1129064A-55C8-42DD-8E1E-517344962378}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 3" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (02/01/2015 00:10:54 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={7F983072-4D60-4716-AA65-4AD38EFCD70A}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 3" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (02/01/2015 00:10:33 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={7AD74A77-24CC-4698-AFEA-C5A4C204F52A}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 3" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (02/01/2015 00:10:00 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={C07A6342-F80C-4D39-AA89-77F73BE59CDC}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 3" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 691.

Error: (02/01/2015 00:09:34 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={124F04D4-DF01-4817-984F-EFB79F6EF0AE}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 3" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 691.

Error: (02/01/2015 00:09:18 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={AC5C2346-9436-4172-8603-D80CCF6D72A9}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 3" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 691.

Error: (02/01/2015 00:09:03 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={7B24F184-4D80-4AC4-B252-DC486F303F69}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 3" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 691.

Error: (01/30/2015 09:47:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VirtualRouterClient.exe, Version: 1.0.0.0, Zeitstempel: 0x51181751
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdfe0
Ausnahmecode: 0xc000041d
Fehleroffset: 0x000000000000aa7d
ID des fehlerhaften Prozesses: 0x500
Startzeit der fehlerhaften Anwendung: 0xVirtualRouterClient.exe0
Pfad der fehlerhaften Anwendung: VirtualRouterClient.exe1
Pfad des fehlerhaften Moduls: VirtualRouterClient.exe2
Berichtskennung: VirtualRouterClient.exe3

Error: (01/30/2015 09:44:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VirtualRouterClient.exe, Version: 1.0.0.0, Zeitstempel: 0x51181751
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdfe0
Ausnahmecode: 0xc000041d
Fehleroffset: 0x000000000000aa7d
ID des fehlerhaften Prozesses: 0x124
Startzeit der fehlerhaften Anwendung: 0xVirtualRouterClient.exe0
Pfad der fehlerhaften Anwendung: VirtualRouterClient.exe1
Pfad des fehlerhaften Moduls: VirtualRouterClient.exe2
Berichtskennung: VirtualRouterClient.exe3


System errors:
=============
Error: (02/12/2015 02:09:08 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{126C256E-D981-4371-AA59-355430EE07DD} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (06/06/2010 11:04:14 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (06/07/2010 01:04:40 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000019 (0x0000000000000020, 0xfffffa8005bf9490, 0xfffffa8005bf94b0, 0x0000000004020003)C:\Windows\MEMORY.DMP060710-21169-01

Error: (06/07/2010 01:04:33 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎12.‎02.‎2015 um 08:10:25 unerwartet heruntergefahren.

Error: (02/12/2015 08:04:47 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{126C256E-D981-4371-AA59-355430EE07DD} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (02/10/2015 10:08:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VirtualRouterService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/10/2015 09:34:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/06/2015 02:34:15 PM) (Source: volsnap) (EventID: 29) (User: )
Description: Die Schattenkopien von Volume "C:" wurde während der Ermittlung abgebrochen.

Error: (02/04/2015 08:30:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/03/2015 08:46:54 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{126C256E-D981-4371-AA59-355430EE07DD} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.


Microsoft Office Sessions:
=========================
Error: (02/10/2015 09:53:36 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {4DF71C62-4CA5-469F-A3EB-C640C0E7B3EE}julian-PC\testVPN-Verbindung 40

Error: (02/01/2015 00:11:29 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {1129064A-55C8-42DD-8E1E-517344962378}julian-PC\testVPN-Verbindung 30

Error: (02/01/2015 00:10:54 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {7F983072-4D60-4716-AA65-4AD38EFCD70A}julian-PC\testVPN-Verbindung 30

Error: (02/01/2015 00:10:33 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {7AD74A77-24CC-4698-AFEA-C5A4C204F52A}julian-PC\testVPN-Verbindung 30

Error: (02/01/2015 00:10:00 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {C07A6342-F80C-4D39-AA89-77F73BE59CDC}julian-PC\testVPN-Verbindung 3691

Error: (02/01/2015 00:09:34 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {124F04D4-DF01-4817-984F-EFB79F6EF0AE}julian-PC\testVPN-Verbindung 3691

Error: (02/01/2015 00:09:18 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {AC5C2346-9436-4172-8603-D80CCF6D72A9}julian-PC\testVPN-Verbindung 3691

Error: (02/01/2015 00:09:03 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {7B24F184-4D80-4AC4-B252-DC486F303F69}julian-PC\testVPN-Verbindung 3691

Error: (01/30/2015 09:47:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VirtualRouterClient.exe1.0.0.051181751KERNELBASE.dll6.1.7600.163854a5bdfe0c000041d000000000000aa7d50001d03ccde0306c7bC:\Program Files (x86)\Virtual Router\VirtualRouterClient.exeC:\Windows\system32\KERNELBASE.dll2e4fa2f2-a8c1-11e4-ac03-e81132051f51

Error: (01/30/2015 09:44:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VirtualRouterClient.exe1.0.0.051181751KERNELBASE.dll6.1.7600.163854a5bdfe0c000041d000000000000aa7d12401d03ccd77426ab8C:\Program Files (x86)\Virtual Router\VirtualRouterClient.exeC:\Windows\system32\KERNELBASE.dllb80833e8-a8c0-11e4-844f-e81132051f51


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 41%
Total physical RAM: 3892.55 MB
Available physical RAM: 2288.09 MB
Total Pagefile: 7783.25 MB
Available Pagefile: 5926.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:154.71 GB) (Free:100.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0005F617)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=154.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=310.9 GB) - (Type=05)

==================== End Of Log ============================
         

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by julian (administrator) on JULIAN-PC on 12-02-2015 17:47:59
Running from C:\Users\julian\Desktop
Loaded Profiles: julian (Available profiles: julian & test)
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Chris Pietschmann (http://pietschsoft.com)) C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKU\S-1-5-21-3604044926-3834190717-268029489-1001\...\Run: [uTorrent] => C:\Users\test\AppData\Roaming\uTorrent\uTorrent.exe [1740880 2015-02-12] (BitTorrent Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3604044926-3834190717-268029489-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/de-de/?ocid=iehp

FireFox:
========
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-04]
CHR Extension: (Google Docs) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-04]
CHR Extension: (Google Drive) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-04]
CHR Extension: (YouTube) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-04]
CHR Extension: (Google-Suche) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-04]
CHR Extension: (Google Tabellen) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-04]
CHR Extension: (Google Wallet) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-04]
CHR Extension: (Google Mail) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
R2 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (http://pietschsoft.com)) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-02-12] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 17:47 - 2015-02-12 17:47 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-02-12 17:47 - 2015-02-12 17:47 - 00000000 ____D () C:\Users\julian\Desktop\FRST-OlderVersion
2015-02-12 17:28 - 2015-02-12 17:28 - 00000518 _____ () C:\Users\test\Desktop\proxies.txt.torrent
2015-02-12 17:27 - 2015-02-12 17:27 - 00000195 _____ () C:\Users\test\Desktop\proxies.txt
2015-02-12 17:05 - 2015-02-12 17:05 - 00000000 ____D () C:\Users\test\Desktop\gptool
2015-02-12 17:04 - 2015-02-12 17:05 - 01581750 _____ () C:\Users\test\Downloads\GPTool.rar
2015-02-12 16:58 - 2015-02-12 17:13 - 00000000 ____D () C:\Users\test\AppData\Roaming\uTorrent
2015-02-12 16:57 - 2015-02-12 16:57 - 01740880 _____ (BitTorrent Inc.) C:\Users\test\Downloads\uTorrent.exe
2015-02-12 16:56 - 2015-02-12 16:56 - 00239648 _____ () C:\Users\test\Downloads\DUCSetup_v4_1_0.exe
2015-02-12 16:56 - 2015-02-12 16:56 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2015-02-12 16:56 - 2015-02-12 16:56 - 00000000 ____D () C:\Users\julian\AppData\Local\Vitalwerks
2015-02-12 16:56 - 2015-02-12 16:56 - 00000000 ____D () C:\Program Files (x86)\No-IP
2015-02-12 16:54 - 2015-02-12 16:54 - 00013331 _____ () C:\Users\test\Desktop\mbam-patched.exe.torrent
2015-02-12 16:48 - 2015-02-12 16:48 - 03389035 _____ () C:\Users\test\Downloads\eMule0.50a-Installer (1).exe
2015-02-12 16:48 - 2015-02-12 16:48 - 00000991 _____ () C:\Users\Public\Desktop\eMule.lnk
2015-02-12 16:48 - 2015-02-12 16:48 - 00000000 ____D () C:\Users\test\Downloads\eMule
2015-02-12 16:48 - 2015-02-12 16:48 - 00000000 ____D () C:\Users\test\AppData\Local\eMule
2015-02-12 16:48 - 2015-02-12 16:48 - 00000000 ____D () C:\Users\julian\AppData\Local\eMule
2015-02-12 16:48 - 2015-02-12 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule
2015-02-12 16:48 - 2015-02-12 16:48 - 00000000 ____D () C:\ProgramData\eMule
2015-02-12 16:48 - 2015-02-12 16:48 - 00000000 ____D () C:\Program Files (x86)\eMule
2015-02-12 16:47 - 2015-02-12 16:47 - 03389035 _____ () C:\Users\test\Downloads\eMule0.50a-Installer.exe
2015-02-12 16:44 - 2015-02-12 16:44 - 21072896 _____ (Microsoft Corporation) C:\Users\test\Desktop\mbam-setup-cracked-2.0.4.1028.EXE
2015-02-12 16:44 - 2015-02-12 16:44 - 20991488 ____R (Microsoft Corporation) C:\Users\test\Desktop\mbam-patched.exe
2015-02-12 16:41 - 2015-02-12 16:41 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\test\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-12 16:41 - 2015-02-12 16:41 - 00000030 _____ () C:\Users\test\Desktop\icon.rc
2015-02-12 16:40 - 2015-02-12 16:41 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\test\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-12 16:12 - 2015-02-12 16:12 - 00000000 ____D () C:\Users\test\AppData\Local\Eastman_Kodak_Company
2015-02-12 15:59 - 2015-02-12 15:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-12 15:59 - 2015-02-12 15:59 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-02-12 15:59 - 2015-02-12 15:59 - 00000000 ____D () C:\Users\test\AppData\Roaming\Adobe
2015-02-12 15:59 - 2015-02-12 15:59 - 00000000 ____D () C:\Users\test\AppData\Local\Adobe
2015-02-12 15:58 - 2015-02-12 16:00 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-12 15:58 - 2015-02-12 15:58 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-12 15:56 - 2015-02-12 15:59 - 00000000 ____D () C:\Users\julian\AppData\Local\Adobe
2015-02-12 14:23 - 2015-02-12 14:23 - 00000000 _____ () C:\Users\test\Desktop\Neues Textdokument.txt
2015-02-12 14:19 - 2015-02-12 14:19 - 00698330 _____ () C:\Users\test\Desktop\ppp.xps
2015-02-12 07:54 - 2015-02-12 07:54 - 00000000 ____D () C:\Users\test\AppData\Local\Eastman Kodak Company
2015-02-10 22:12 - 2015-02-10 22:12 - 00000000 ____D () C:\Users\test\AppData\Roaming\OpenOffice
2015-02-10 22:10 - 2015-02-10 22:10 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Process Hacker 2
2015-02-10 22:07 - 2015-02-10 22:07 - 01932448 _____ (wj32 ) C:\Users\test\Downloads\processhacker-2.33-setup.exe
2015-02-10 22:07 - 2015-02-10 22:07 - 00001841 _____ () C:\Users\julian\Desktop\Process Hacker 2.lnk
2015-02-10 22:07 - 2015-02-10 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2015-02-10 22:07 - 2015-02-10 22:07 - 00000000 ____D () C:\Program Files\Process Hacker 2
2015-02-10 21:06 - 2015-02-10 21:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-02-10 21:05 - 2015-02-10 21:05 - 00000000 ____D () C:\Windows\system32\kodak
2015-02-10 21:04 - 2015-02-10 21:04 - 00000236 _____ () C:\Users\julian\AppData\Local\LaunchHomeCenter.log
2015-02-10 21:01 - 2015-02-10 21:02 - 00000000 ____D () C:\Users\julian\AppData\Local\Eastman_Kodak_Company
2015-02-10 21:01 - 2015-02-10 21:01 - 00002156 _____ () C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
2015-02-10 21:01 - 2015-02-10 21:01 - 00001946 _____ () C:\Users\Public\Desktop\PrintProjects.lnk
2015-02-10 21:01 - 2015-02-10 21:01 - 00000000 ____D () C:\ProgramData\Visan
2015-02-10 21:01 - 2015-02-10 21:01 - 00000000 ____D () C:\ProgramData\PrintProjects
2015-02-10 21:01 - 2015-02-10 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects
2015-02-10 21:01 - 2015-02-10 21:01 - 00000000 ____D () C:\Program Files (x86)\PrintProjects
2015-02-10 21:00 - 2015-02-10 21:00 - 00000000 ____D () C:\Users\julian\AppData\Local\Eastman Kodak Company
2015-02-10 20:59 - 2015-02-10 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
2015-02-10 20:59 - 2015-02-10 20:59 - 00000000 ____D () C:\Windows\SysWOW64\kodak
2015-02-10 20:57 - 2015-02-10 20:58 - 00000000 ____D () C:\Program Files (x86)\Kodak
2015-02-10 20:56 - 2015-02-12 16:12 - 00000000 ____D () C:\ProgramData\Kodak
2015-02-10 20:56 - 2015-02-10 20:56 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Temp
2015-02-10 20:55 - 2015-02-10 20:55 - 10464648 _____ (Eastman Kodak Company) C:\Users\julian\Downloads\aio_install.exe
2015-02-10 20:54 - 2015-02-10 21:01 - 00014683 _____ () C:\Users\julian\Desktop\Lebenslauf.odt
2015-02-10 20:37 - 2015-02-10 20:37 - 00000000 ____D () C:\Users\julian\AppData\Roaming\OpenOffice
2015-02-10 20:36 - 2015-02-10 20:36 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2015-02-10 20:36 - 2015-02-10 20:36 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-02-10 20:35 - 2015-02-10 20:35 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2015-02-10 20:32 - 2015-02-10 20:32 - 00000000 ____D () C:\Users\julian\Desktop\OpenOffice 4.1.1 (de) Installation Files
2015-02-10 20:29 - 2015-02-10 20:32 - 164858324 _____ () C:\Users\julian\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe
2015-02-04 20:21 - 2015-02-04 20:21 - 00000000 ____D () C:\Program Files\HashTab Shell Extension
2015-02-04 20:20 - 2015-02-04 20:21 - 01903054 _____ () C:\Users\test\Downloads\HashTab_v5.2.0.14.zip
2015-02-03 21:52 - 2015-02-03 22:01 - 727711744 _____ () C:\Users\test\Downloads\elementaryos-stable-amd64.20130810.iso
2015-02-03 21:50 - 2015-02-03 21:50 - 01155280 _____ () C:\Users\test\Downloads\Playmate_2014_01.zip
2015-02-03 21:20 - 2015-02-03 21:32 - 1028653056 _____ () C:\Users\test\Downloads\ubuntu-14.04.1-desktop-amd64.iso
2015-02-03 21:17 - 2015-02-03 21:17 - 00039580 _____ () C:\Users\test\Downloads\ubuntu-14.04.1-desktop-amd64.iso (3).torrent
2015-02-03 21:17 - 2015-02-03 21:17 - 00039580 _____ () C:\Users\test\Downloads\ubuntu-14.04.1-desktop-amd64.iso (2).torrent
2015-02-03 21:16 - 2015-02-03 21:16 - 00039580 _____ () C:\Users\test\Downloads\ubuntu-14.04.1-desktop-amd64.iso (1).torrent
2015-02-03 21:08 - 2015-02-03 21:08 - 00240612 _____ () C:\Users\test\Downloads\kali-linux-1.0.9a-i386.torrent
2015-02-03 21:04 - 2015-02-03 21:04 - 00233436 _____ () C:\Users\test\Downloads\kali-linux-1.0.9a-amd64.torrent
2015-01-31 13:14 - 2015-02-01 12:03 - 00000000 ____D () C:\Users\test\Desktop\l517
2015-01-31 13:14 - 2015-01-31 13:14 - 01077336 _____ (Microsoft Corporation) C:\Users\test\Downloads\MSCOMCTL.OCX
2015-01-31 13:13 - 2015-01-31 13:14 - 01183744 _____ (derv82@gmail.com) C:\Users\test\Downloads\L517 v0.994.exe
2015-01-31 12:44 - 2015-01-31 12:44 - 00191515 _____ () C:\Users\test\Downloads\Wodlist.torrent
2015-01-31 12:37 - 2015-01-31 12:37 - 00043472 _____ () C:\Users\test\Downloads\FD62CC1D79F595CBE1DE6356FB13C2165994E469.torrent
2015-01-31 12:30 - 2015-01-31 12:30 - 00033377 _____ () C:\Users\test\Downloads\linuxmint-17.1-kde-64bit.iso.torrent
2015-01-31 12:30 - 2015-01-31 12:30 - 00030797 _____ () C:\Users\test\Downloads\linuxmint-17.1-kde-32bit.iso.torrent
2015-01-31 12:23 - 2015-01-31 12:23 - 00047549 _____ () C:\Users\test\Downloads\[kickass.so]collection.of.wordlist.dictionaries.for.cracking.wifi.wpa.wpa2 (4).torrent
2015-01-31 12:23 - 2015-01-31 12:23 - 00047549 _____ () C:\Users\test\Downloads\[kickass.so]collection.of.wordlist.dictionaries.for.cracking.wifi.wpa.wpa2 (3).torrent
2015-01-31 12:21 - 2015-01-31 12:21 - 00039580 _____ () C:\Users\test\Downloads\ubuntu-14.04.1-desktop-amd64.iso.torrent
2015-01-31 11:55 - 2015-01-31 11:55 - 00013345 _____ () C:\Users\test\Downloads\1.100.000+Wordlist.txt.torrent
2015-01-31 11:33 - 2015-01-31 11:33 - 00017041 _____ () C:\Users\test\Downloads\(demonoid.pw)-25_HD_Nature_Wallpapers_Set_46.TORRENT
2015-01-31 11:32 - 2015-01-31 11:32 - 00000000 ____D () C:\Users\test\AppData\Roaming\java
2015-01-31 11:32 - 2015-01-31 11:32 - 00000000 ____D () C:\Users\test\AppData\Roaming\.minecraft
2015-01-31 11:31 - 2015-01-31 11:32 - 00000000 ____D () C:\Users\test\Desktop\game
2015-01-31 11:31 - 2015-01-31 11:31 - 01294088 _____ (Mojang) C:\Users\test\Desktop\Minecraft.exe
2015-01-31 11:31 - 2015-01-31 11:31 - 00000000 ____D () C:\Users\test\Desktop\tools
2015-01-31 11:31 - 2015-01-31 11:31 - 00000000 ____D () C:\Users\test\Desktop\runtime
2015-01-31 11:07 - 2015-01-31 11:07 - 00018725 _____ () C:\Users\test\Downloads\MONOVA.ORG WPA_Extreme_Wordlist.torrent
2015-01-31 11:03 - 2015-01-31 11:03 - 00017990 _____ () C:\Users\test\Downloads\104472-davajjultimatewordlist-txt-zip-big-wordlist-for-http-bugger.torrent
2015-01-31 11:02 - 2015-01-31 11:02 - 00023702 _____ () C:\Users\test\Downloads\WPA-PSK+WORDLIST+3+Final+%2813+GB%29.rar.torrent
2015-01-30 22:10 - 2015-01-30 22:10 - 00025350 _____ () C:\Users\test\Desktop\Shortcut.txt
2015-01-30 22:02 - 2015-01-30 22:14 - 00000000 ____D () C:\Windupdt
2015-01-30 21:57 - 2015-01-30 21:57 - 00018669 _____ () C:\Users\julian\Desktop\Addition.txt
2015-01-30 21:56 - 2015-02-12 17:48 - 00006641 _____ () C:\Users\julian\Desktop\FRST.txt
2015-01-30 21:56 - 2015-02-12 17:47 - 02134016 _____ (Farbar) C:\Users\julian\Desktop\FRST64.exe
2015-01-30 21:45 - 2015-01-30 21:45 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-01-30 21:44 - 2015-01-30 21:44 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\test\Downloads\tdsskiller44.exe
2015-01-30 21:30 - 2015-01-30 21:27 - 00000311 _____ () C:\Users\julian\Desktop\new.bat
2015-01-30 21:27 - 2015-01-30 21:27 - 00000311 _____ () C:\Users\test\Desktop\new.bat
2015-01-30 21:19 - 2015-01-30 21:19 - 00043281 _____ () C:\Users\test\Downloads\crackstation.txt.gz.torrent
2015-01-30 21:18 - 2015-01-30 21:18 - 00007859 _____ () C:\Users\test\Downloads\plist.txt
2015-01-30 20:46 - 2015-01-30 20:46 - 00000988 _____ () C:\Users\test\Desktop\Bandicam.lnk
2015-01-30 20:46 - 2015-01-30 20:46 - 00000988 _____ () C:\Users\julian\Desktop\Bandicam.lnk
2015-01-30 20:46 - 2015-01-30 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
2015-01-30 20:46 - 2015-01-30 20:46 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2015-01-30 20:46 - 2015-01-30 20:46 - 00000000 ____D () C:\Program Files (x86)\Bandicam
2015-01-30 20:45 - 2015-01-30 20:46 - 09495760 _____ (Bandisoft) C:\Users\test\Downloads\bdcamsetup.exe
2015-01-30 15:25 - 2015-01-30 15:25 - 00047549 _____ () C:\Users\test\Downloads\[kickass.so]collection.of.wordlist.dictionaries.for.cracking.wifi.wpa.wpa2 (2).torrent
2015-01-30 15:25 - 2015-01-30 15:25 - 00047549 _____ () C:\Users\test\Downloads\[kickass.so]collection.of.wordlist.dictionaries.for.cracking.wifi.wpa.wpa2 (1).torrent
2015-01-30 15:21 - 2015-01-30 15:21 - 00005962 _____ () C:\Users\test\Downloads\frootvpn (2).ovpn
2015-01-30 15:20 - 2015-01-30 15:20 - 00005962 _____ () C:\Users\test\Downloads\frootvpn (1).ovpn
2015-01-30 15:19 - 2015-01-30 15:19 - 00000908 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk
2015-01-30 15:18 - 2015-01-30 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-01-30 15:18 - 2015-01-30 15:19 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-01-30 15:18 - 2015-01-30 15:19 - 00000000 ____D () C:\Program Files\OpenVPN
2015-01-30 15:18 - 2015-01-30 15:18 - 03408935 _____ () C:\Users\test\Downloads\openvpn-install-2.3.6.zip
2015-01-30 15:18 - 2015-01-30 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-01-30 15:11 - 2015-01-30 15:11 - 00047549 _____ () C:\Users\test\Downloads\[kickass.so]collection.of.wordlist.dictionaries.for.cracking.wifi.wpa.wpa2.torrent
2015-01-29 20:11 - 2015-01-29 20:11 - 00023086 _____ () C:\Users\test\Downloads\[kickass.so]wpa.wordlists.torrent
2015-01-29 20:04 - 2015-01-29 20:04 - 00000307 _____ () C:\Users\test\Downloads\checkMyTorrentIp.png.torrent
2015-01-29 19:56 - 2015-01-29 19:56 - 00034684 _____ () C:\Users\test\Downloads\[kickass.so]openwall.wordlists.collection.torrent
2015-01-29 19:47 - 2015-01-29 19:47 - 00005962 _____ () C:\Users\test\Downloads\frootvpn.ovpn
2015-01-29 19:43 - 2015-01-29 19:43 - 00030398 _____ () C:\Users\test\Downloads\dsqzro.imp
2015-01-29 07:26 - 2015-01-29 07:27 - 00000000 ____D () C:\Users\test\Desktop\darkcomet
2015-01-29 07:25 - 2015-01-29 07:26 - 89489915 _____ () C:\Users\test\Downloads\RARs DCR.rar
2015-01-28 20:56 - 2015-01-28 20:56 - 00004612 _____ () C:\Users\test\Desktop\Minecraft -Cracked.exe.torrent
2015-01-28 20:56 - 2015-01-28 20:56 - 00000000 ____D () C:\Users\test\Downloads\uTorrentPortable
2015-01-28 20:55 - 2015-01-28 20:56 - 02361928 _____ (PortableApps.com) C:\Users\test\Downloads\uTorrentPortable_3.4.2.38397_online.paf.exe
2015-01-28 20:47 - 2015-01-28 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
2015-01-28 20:47 - 2015-01-28 20:47 - 00000000 ____D () C:\Program Files (x86)\Resource Hacker
2015-01-28 20:46 - 2015-01-28 20:46 - 00748246 _____ ( ) C:\Users\test\Downloads\reshack_setup.exe
2015-01-28 20:45 - 2015-01-28 20:45 - 03459072 _____ () C:\Users\test\Desktop\tr - Kopie.exe
2015-01-28 20:45 - 2015-01-28 20:45 - 03459072 _____ () C:\Users\test\Desktop\Minecraft -Cracked.exe
2015-01-28 20:45 - 2015-01-28 20:45 - 00000000 ____D () C:\Users\test\AppData\Roaming\game
2015-01-28 20:44 - 2015-01-28 20:44 - 01294088 _____ (Mojang) C:\Users\test\Downloads\Minecraft.exe
2015-01-28 20:26 - 2015-01-28 20:26 - 00048128 _____ () C:\Users\test\Downloads\NetflixChecker.exe
2015-01-28 20:22 - 2015-01-28 20:22 - 00033280 _____ (Gif89 Company) C:\Users\test\Downloads\MARCHOSO.OCX
2015-01-28 20:21 - 2015-01-28 20:21 - 00152848 _____ (Microsoft Corporation) C:\Users\test\Downloads\COMDLG32.OCX
2015-01-28 20:21 - 2015-01-28 20:21 - 00152848 _____ (Microsoft Corporation) C:\Users\test\Downloads\COMDLG32 (1).OCX
2015-01-28 20:21 - 2015-01-28 20:21 - 00108336 _____ (Microsoft Corporation) C:\Users\test\Downloads\MSWINSCK.OCX
2015-01-28 20:15 - 2015-01-30 22:07 - 00000000 ____D () C:\Users\test\Desktop\njrat
2015-01-28 20:14 - 2015-01-28 20:22 - 00000000 ____D () C:\Users\test\Desktop\NjRat Protector FREE ByRoda
2015-01-28 20:14 - 2015-01-28 20:14 - 00554816 _____ () C:\Users\test\Downloads\NjRat Protector FREE ByRoda.rar
2015-01-28 19:55 - 2015-02-12 17:44 - 00000000 ____D () C:\Users\test\Desktop\FRST-OlderVersion
2015-01-28 19:55 - 2015-01-28 19:55 - 00000000 ____D () C:\Users\test\AppData\Roaming\Process Hacker 2
2015-01-28 19:54 - 2015-01-28 19:54 - 00000000 ____D () C:\Users\test\Desktop\processhacker
2015-01-28 19:53 - 2015-01-28 19:54 - 02720895 _____ () C:\Users\test\Downloads\processhacker-2.33-bin.zip
2015-01-28 19:52 - 2015-01-28 19:52 - 00000313 _____ () C:\Users\test\Desktop\dummesau.bat
2015-01-28 19:49 - 2015-01-30 22:10 - 00016694 _____ () C:\Users\test\Desktop\Addition.txt
2015-01-28 19:48 - 2015-02-12 17:48 - 00000000 ____D () C:\FRST
2015-01-28 19:48 - 2015-02-12 17:45 - 00033110 _____ () C:\Users\test\Desktop\FRST.txt
2015-01-28 15:13 - 2015-02-12 17:44 - 02134016 _____ (Farbar) C:\Users\test\Desktop\FRST64.exe
2015-01-28 15:13 - 2015-01-28 15:13 - 02129920 _____ (Farbar) C:\Users\test\Downloads\FRST64.exe
2015-01-28 15:11 - 2015-01-28 15:11 - 00000292 _____ () C:\Users\test\Desktop\penis2.bat
2015-01-28 15:05 - 2015-01-28 15:05 - 00000000 ____D () C:\Users\test\AppData\Local\Chris_Pietschmann_(http__
2015-01-28 15:04 - 2015-01-28 15:04 - 00018034 _____ () C:\Users\test\Desktop\penis.bat
2015-01-28 15:00 - 2015-01-28 15:00 - 00000000 ____D () C:\Users\test\Desktop\Worms or Virus Builders
2015-01-28 14:58 - 2015-01-28 14:58 - 34925069 _____ () C:\Users\test\Downloads\Worms or Virus Builders.rar
2015-01-28 14:51 - 2015-01-28 14:51 - 00262144 _____ () C:\Windows\Minidump\012815-16177-01.dmp
2015-01-28 14:51 - 2010-06-07 01:04 - 336989223 _____ () C:\Windows\MEMORY.DMP
2015-01-28 14:51 - 2010-06-07 01:04 - 00000000 ____D () C:\Windows\Minidump
2015-01-28 14:42 - 2015-01-28 14:42 - 00000000 ____D () C:\Users\test\AppData\Local\Neptune
2015-01-28 14:39 - 2015-01-29 07:22 - 00000000 ____D () C:\Users\test\Desktop\Project Neptune v2.0
2015-01-28 14:38 - 2015-01-28 14:38 - 01818180 _____ () C:\Users\test\Downloads\EncryptedArchive.rar
2015-01-28 14:36 - 2015-01-28 14:36 - 01807890 _____ () C:\Users\test\Downloads\setup_akl.zip
2015-01-28 14:36 - 2015-01-28 14:36 - 00000000 ____D () C:\Users\test\AppData\Roaming\WinRAR
2015-01-28 14:31 - 2015-02-12 07:55 - 00063568 _____ () C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-23 21:23 - 2015-01-23 21:23 - 00026174 _____ () C:\Users\julian\Downloads\debian-7.8.0-amd64-CD-1.iso.torrent
2015-01-23 21:13 - 2015-01-23 21:13 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\julian\Downloads\tdsskiller44.exe
2015-01-23 21:10 - 2015-01-23 21:12 - 1028653056 _____ () C:\Users\julian\Downloads\ubuntu-14.04.1-desktop-amd64.iso
2015-01-23 21:10 - 2015-01-23 21:10 - 00039580 _____ () C:\Users\julian\Downloads\ubuntu-14.04.1-desktop-amd64.iso (1).torrent
2015-01-23 21:07 - 2015-01-23 21:07 - 00357237 _____ () C:\Users\julian\Downloads\openSUSE-13.2-DVD-x86_64.iso (1).torrent
2015-01-23 21:06 - 2015-01-23 21:06 - 00357237 _____ () C:\Users\julian\Downloads\openSUSE-13.2-DVD-x86_64.iso.torrent
2015-01-23 20:05 - 2015-01-23 20:05 - 00002212 _____ () C:\Users\Public\Desktop\Google Earth.lnk
2015-01-23 20:05 - 2015-01-23 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2015-01-23 20:04 - 2015-01-23 20:04 - 00880784 _____ (Google Inc.) C:\Users\julian\Downloads\GoogleEarthSetup.exe
2015-01-23 17:54 - 2015-01-23 17:54 - 02059896 _____ () C:\Users\julian\Downloads\winrar-x64-520d.exe
2015-01-23 17:54 - 2015-01-23 17:54 - 00000000 ____D () C:\Users\julian\AppData\Roaming\WinRAR
2015-01-23 17:54 - 2015-01-23 17:54 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-23 17:54 - 2015-01-23 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-01-23 17:54 - 2015-01-23 17:54 - 00000000 ____D () C:\Program Files\WinRAR
2015-01-23 17:39 - 2015-01-23 17:50 - 98046036 ____R () C:\Users\julian\Downloads\wpalist01.rar
2015-01-23 17:34 - 2015-01-23 17:47 - 00000000 ____D () C:\Program Files\PeerBlock
2015-01-23 17:34 - 2015-01-23 17:34 - 00001736 _____ () C:\Users\julian\Desktop\PeerBlock.lnk
2015-01-23 17:34 - 2015-01-23 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
2015-01-23 17:15 - 2015-01-23 17:15 - 00044718 _____ () C:\Users\julian\Downloads\ubuntu-14.10-desktop-amd64.iso.torrent
2015-01-20 19:59 - 2015-01-20 19:59 - 00039580 _____ () C:\Users\julian\Downloads\ubuntu-14.04.1-desktop-amd64.iso.torrent
2015-01-20 19:56 - 2015-01-20 19:56 - 00014134 _____ () C:\Users\julian\Downloads\++demonoid.pw++-Samsung_Galaxy_S3_GAPPS_4_4_kk.TORRENT
2015-01-20 18:31 - 2015-01-20 20:10 - 528838868 _____ () C:\Users\julian\Downloads\WPA-PSK WORDLIST 3 Final (13 GB).rar
2015-01-20 18:28 - 2015-01-20 18:28 - 00027937 _____ () C:\Users\julian\Downloads\NUSHORs_WPA_WORDLIST_v2-((demonoid.pw)).TORRENT
2015-01-20 18:27 - 2015-01-20 18:27 - 00172785 _____ () C:\Users\julian\Downloads\wpa_wordlist_(90GB)-_demonoid.pw_-.TORRENT
2015-01-20 18:24 - 2015-01-20 18:24 - 00028036 _____ () C:\Users\julian\Downloads\[[demonoid.pw]]-Wordlist_Collection.TORRENT
2015-01-14 18:00 - 2015-01-14 18:03 - 257973006 ____R () C:\Users\julian\Downloads\crackstation-human-only.txt.gz
2015-01-14 17:57 - 2015-01-14 17:57 - 46679553 ____R () C:\Users\julian\Downloads\Cracking WPA & WPA2 key with Reaver on Kali Linux No Dictionary Wordlist).mp4
2015-01-14 17:49 - 2015-01-14 17:49 - 00000000 ____D () C:\Users\julian\Downloads\WPA Wordlists
2015-01-14 17:44 - 2015-01-14 17:44 - 02374320 _____ (PeerBlock, LLC ) C:\Users\julian\Downloads\PeerBlock-Setup_v1.2_r693.exe
2015-01-14 17:43 - 2015-01-14 17:43 - 00021049 _____ () C:\Users\julian\Downloads\MONOVA.ORG darksell.com_RESEED_-_Hacker_BruteForce_Wordlist_5_chars_a-z_A-Z.torrent
2015-01-14 17:40 - 2015-01-14 17:40 - 00020970 _____ () C:\Users\julian\Downloads\[www.seedpeer.eu] Darksell Com Reseed Hacker Bruteforce Wordlist 5 Chars A Z A Z.SEEDPEER.torrent
2015-01-14 17:39 - 2015-02-12 16:59 - 00001199 _____ () C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-01-14 17:39 - 2015-02-12 16:59 - 00001175 _____ () C:\Users\julian\Desktop\µTorrent.lnk
2015-01-14 17:38 - 2015-02-12 16:59 - 00000000 ____D () C:\Users\julian\AppData\Roaming\uTorrent
2015-01-14 17:38 - 2015-01-14 17:38 - 01678928 _____ (BitTorrent Inc.) C:\Users\julian\Downloads\uTorrent.exe
2015-01-14 17:38 - 2015-01-14 17:38 - 00000000 ____D () C:\ProgramData\APN
2015-01-14 16:44 - 2015-01-31 12:12 - 00000598 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-14 16:43 - 2015-01-14 16:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-14 16:43 - 2015-01-14 16:43 - 00000000 ____D () C:\Windows\Options
2015-01-14 16:43 - 2015-01-14 16:43 - 00000000 ____D () C:\Program Files (x86)\Atheros
2015-01-14 16:43 - 2012-04-26 23:39 - 00073472 ____N () C:\Windows\system32\athrextx.cat
2015-01-14 16:43 - 2012-04-19 22:56 - 02811392 ____N (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\athrx.sys
2015-01-14 16:43 - 2012-04-19 22:56 - 02811392 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2015-01-14 16:42 - 2015-01-14 16:43 - 00000184 _____ () C:\setup.log
2015-01-14 16:42 - 2015-01-14 16:43 - 00000000 ____D () C:\ProgramData\Atheros
2015-01-14 16:38 - 2015-01-14 16:38 - 00008360 _____ () C:\Windows\ykinstutil.log
2015-01-14 16:38 - 2015-01-14 16:38 - 00000369 ____R () C:\Windows\YukonInstall.log
2015-01-14 16:38 - 2015-01-14 16:38 - 00000000 ____D () C:\Program Files (x86)\Marvell
2015-01-14 16:33 - 2015-01-14 16:33 - 00000000 ____D () C:\Users\julian\AppData\Local\MyRouter_Inc
2015-01-14 16:30 - 2015-01-14 16:33 - 00000000 ____D () C:\Program Files (x86)\MyRouter
2015-01-14 16:30 - 2015-01-14 16:30 - 03309904 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 16:30 - 2015-01-14 16:30 - 00001007 _____ () C:\Users\test\Desktop\MyRouter.lnk
2015-01-14 16:30 - 2015-01-14 16:30 - 00001007 _____ () C:\Users\julian\Desktop\MyRouter.lnk
2015-01-14 16:30 - 2015-01-14 16:30 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyRouter
2015-01-14 16:30 - 2015-01-14 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyRouter
2015-01-14 16:27 - 2009-11-25 12:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-01-14 16:27 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-01-14 16:27 - 2009-11-25 12:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll
2015-01-14 16:27 - 2009-11-25 12:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe
2015-01-14 16:27 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll
2015-01-14 16:27 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe
2015-01-14 16:27 - 2009-11-25 12:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll
2015-01-14 16:27 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll
2015-01-14 16:27 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll
2015-01-14 16:27 - 2009-11-25 12:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll
2015-01-14 16:22 - 2015-01-14 16:22 - 00000000 ____D () C:\Users\julian\AppData\Local\Chris_Pietschmann_(http__
2015-01-14 16:22 - 2015-01-14 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router
2015-01-14 16:22 - 2010-06-06 23:02 - 00000000 ____D () C:\Program Files (x86)\Virtual Router
2015-01-14 16:21 - 2015-01-14 16:21 - 01373696 _____ () C:\Users\julian\Downloads\VirtualRouterInstaller_1.0.msi
2015-01-14 16:05 - 2015-01-14 16:05 - 00000000 ____D () C:\Users\julian\Desktop\I9300XXUGNG3-DBT
2015-01-14 15:58 - 2015-01-14 16:03 - 00000000 ____D () C:\Users\julian\Desktop\backup s3
2015-01-14 15:57 - 2015-01-14 15:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-01-14 15:57 - 2015-01-14 15:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2015-01-14 15:54 - 2015-01-14 15:54 - 00000000 ____D () C:\Users\julian\Desktop\Odin_3.10.0
2015-01-14 15:54 - 2010-09-17 18:42 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2015-01-14 15:54 - 2010-09-17 18:42 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2015-01-14 15:54 - 2010-09-17 18:42 - 00201280 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2015-01-14 15:54 - 2010-09-17 18:42 - 00079680 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2015-01-14 15:53 - 2015-01-14 15:54 - 01004639 _____ () C:\Users\julian\Downloads\Odin_3.10.0.zip
2015-01-14 15:53 - 2015-01-14 15:53 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-14 15:53 - 2015-01-14 15:53 - 00000000 ____D () C:\Program Files\SAMSUNG
2015-01-14 15:52 - 2015-01-14 15:52 - 26551126 _____ () C:\Users\julian\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.zip
2015-01-14 15:51 - 2015-01-14 15:50 - 973773246 _____ () C:\Users\julian\Desktop\I9300XXUGNG3-DBT.zip
2015-01-14 15:34 - 2015-01-14 15:50 - 973773246 _____ () C:\Users\julian\Downloads\I9300XXUGNG3-DBT.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 17:47 - 2014-12-04 20:48 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys
2015-02-12 17:47 - 2014-12-04 20:48 - 00002840 _____ () C:\Windows\System32\Tasks\SlimDrivers Startup
2015-02-12 17:47 - 2014-12-04 20:48 - 00000412 _____ () C:\Windows\Tasks\SlimDrivers Startup.job
2015-02-12 17:47 - 2014-12-04 20:46 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-12 17:47 - 2014-12-04 20:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-12 17:11 - 2014-12-04 20:46 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 16:45 - 2010-06-06 23:36 - 00161979 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 16:43 - 2014-12-04 20:54 - 00000000 ____D () C:\Users\test
2015-02-12 16:29 - 2014-08-10 11:35 - 00000000 ____D () C:\Users\test\Desktop\xRAT 2.0 RELEASE3
2015-02-12 16:05 - 2014-12-04 20:55 - 00000000 ____D () C:\Users\test\AppData\Local\VirtualStore
2015-02-12 16:03 - 2009-10-24 17:10 - 00729292 _____ () C:\Windows\system32\perfh010.dat
2015-02-12 16:03 - 2009-10-24 17:10 - 00145174 _____ () C:\Windows\system32\perfc010.dat
2015-02-12 16:03 - 2009-10-24 17:01 - 00734756 _____ () C:\Windows\system32\perfh00C.dat
2015-02-12 16:03 - 2009-10-24 17:01 - 00147678 _____ () C:\Windows\system32\perfc00C.dat
2015-02-12 16:03 - 2009-10-24 16:51 - 00696370 _____ () C:\Windows\system32\perfh007.dat
2015-02-12 16:03 - 2009-10-24 16:51 - 00147634 _____ () C:\Windows\system32\perfc007.dat
2015-02-12 16:03 - 2009-07-14 06:13 - 03367664 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-12 15:21 - 2009-07-14 05:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-12 15:21 - 2009-07-14 05:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-12 10:21 - 2014-12-04 20:54 - 00002136 _____ () C:\Windows\PFRO.log
2015-02-11 19:46 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\addins
2015-02-11 19:46 - 2009-07-14 05:45 - 00293320 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-10 21:19 - 2014-12-04 20:47 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-10 20:56 - 2014-12-04 20:45 - 00063568 _____ () C:\Users\julian\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-10 20:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-30 21:46 - 2006-06-27 06:10 - 00000000 _RSHD () C:\Users\test\AppData\Roaming\install
2015-01-28 19:54 - 2014-12-04 20:55 - 00000000 ____D () C:\Users\test\AppData\Local\Google
2015-01-23 20:05 - 2014-12-04 20:46 - 00000000 ____D () C:\Users\julian\AppData\Local\Google
2015-01-23 20:05 - 2014-12-04 20:46 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-23 17:00 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

==================== Files in the root of some directories =======

2015-02-10 21:04 - 2015-02-10 21:04 - 0000236 _____ () C:\Users\julian\AppData\Local\LaunchHomeCenter.log

Some content of TEMP:
====================
C:\Users\julian\AppData\Local\Temp\bdfilters.dll
C:\Users\julian\AppData\Local\Temp\MyRouter.exe
C:\Users\julian\AppData\Local\Temp\utt1B76.tmp.exe
C:\Users\julian\AppData\Local\Temp\utt2306.tmp.exe
C:\Users\julian\AppData\Local\Temp\{C66E3193-C0FA-4704-9CA5-FF685E1A7846}.exe
C:\Users\test\AppData\Local\Temp\USkinDLL.dll
C:\Users\test\AppData\Local\Temp\Virus Maker V 4.0 Beta.exe.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-29 19:30

==================== End Of Log ============================
         
Code:
ATTFilter
Users shortcut scan result (x64) Version: 11-02-2015 02
Ran by julian at 2015-02-12 17:48:56
Running from C:\Users\julian\Desktop
Boot Mode: Normal
==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)



Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router\Virtual Router Manager.lnk -> C:\Windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_83B54E4F1B8BB4A43AE5AB.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows\Utilities\Add a new TAP virtual ethernet adapter.lnk -> C:\Program Files\TAP-Windows\bin\addtap.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows\Utilities\Delete ALL TAP virtual ethernet adapters.lnk -> C:\Program Files\TAP-Windows\bin\deltapall.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers.lnk -> C:\Windows\Installer\{A5457401-D56A-43F2-9524-78E54A7FC07A}\Icon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker\Resource Hacker.lnk -> C:\Program Files (x86)\Resource Hacker\ResHacker.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\PE Viewer.lnk -> C:\Program Files\Process Hacker 2\peview.exe (wj32)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\Process Hacker 2.lnk -> C:\Program Files\Process Hacker 2\ProcessHacker.exe (wj32)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\Uninstall Process Hacker 2.lnk -> C:\Program Files\Process Hacker 2\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\Help and Support\Changelog.lnk -> C:\Program Files\Process Hacker 2\CHANGELOG.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects\ PrintProjects deinstallieren.lnk -> C:\Program Files (x86)\PrintProjects\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects\PrintProjects.lnk -> C:\Program Files (x86)\PrintProjects\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\PeerBlock.lnk -> C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Uninstall PeerBlock.lnk -> C:\Program Files\PeerBlock\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\ReadMe.lnk -> C:\Program Files\PeerBlock\readme.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\OpenVPN GUI.lnk -> C:\Program Files\OpenVPN\bin\openvpn-gui.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Uninstall OpenVPN.lnk -> C:\Program Files\OpenVPN\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Shortcuts\OpenVPN configuration file directory.lnk -> C:\Program Files\OpenVPN\config ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Shortcuts\OpenVPN log file directory.lnk -> C:\Program Files\OpenVPN\log ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Shortcuts\OpenVPN Sample Configuration Files.lnk -> C:\Program Files\OpenVPN\sample-config ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN Manual Page.lnk -> C:\Program Files\OpenVPN\doc\openvpn.8.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN Windows Notes.lnk -> C:\Program Files\OpenVPN\doc\INSTALL-win32.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Base.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sbase.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Calc.lnk -> C:\Program Files (x86)\OpenOffice 4\program\scalc.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Draw.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Impress.lnk -> C:\Program Files (x86)\OpenOffice 4\program\simpress.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Math.lnk -> C:\Program Files (x86)\OpenOffice 4\program\smath.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Writer.lnk -> C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyRouter\MyRouter.lnk -> C:\Program Files (x86)\MyRouter\MyRouter.exe (MyRouter Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyRouter\Uninstall.lnk -> C:\Program Files (x86)\MyRouter\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyRouter\Website.lnk -> C:\Program Files (x86)\MyRouter\MyRouter.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\KODAK AiO Home Center.lnk -> C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\KODAK AiO*Drucker-Tools.lnk -> C:\Program Files (x86)\Kodak\AiO\Center\AiOPrinterTools.exe (Eastman Kodak Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\Kodak Druckereinrichtungs-Dienstprogramm.lnk -> C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe (Eastman Kodak Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule\eMule.lnk -> C:\Program Files (x86)\eMule\emule.exe (http://www.emule-project.net)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule\LinkCreator.lnk -> C:\Program Files (x86)\eMule\LinkCreator.exe (eMule-Project.net)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule\Uninstall eMule.lnk -> C:\Program Files (x86)\eMule\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam\Bandicam.lnk -> C:\Program Files (x86)\Bandicam\bdcam.exe (www.Bandisoft.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam\BandiFix.lnk -> C:\Program Files (x86)\Bandicam\bdfix.exe (Bandisoft.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam\Uninstall.lnk -> C:\Program Files (x86)\Bandicam\uninstall.exe (Bandisoft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\Links\Desktop.lnk -> C:\Users\julian\Desktop ()
Shortcut: C:\Users\julian\Links\Downloads.lnk -> C:\Users\julian\Downloads ()
Shortcut: C:\Users\julian\Desktop\Bandicam.lnk -> C:\Program Files (x86)\Bandicam\bdcam.exe (www.Bandisoft.com)
Shortcut: C:\Users\julian\Desktop\MyRouter.lnk -> C:\Program Files (x86)\MyRouter\MyRouter.exe (MyRouter Inc.)
Shortcut: C:\Users\julian\Desktop\PeerBlock.lnk -> C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
Shortcut: C:\Users\julian\Desktop\Process Hacker 2.lnk -> C:\Program Files\Process Hacker 2\ProcessHacker.exe (wj32)
Shortcut: C:\Users\julian\Desktop\µTorrent.lnk -> C:\Users\test\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -> C:\Users\test\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\DUC.lnk -> C:\Program Files (x86)\No-IP\DUC40.exe ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\License.lnk -> C:\Program Files (x86)\No-IP\License.txt ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\Uninstall.lnk -> C:\Program Files (x86)\No-IP\Uninstall.exe ()
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk -> C:\Program Files (x86)\Bandicam\bdcam.exe (www.Bandisoft.com)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> C:\Users\test\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\eMule.lnk -> C:\Program Files (x86)\eMule\emule.exe (http://www.emule-project.net)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
Shortcut: C:\Users\Public\Desktop\KODAK AiO Home Center.lnk -> C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company)
Shortcut: C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\Users\Public\Desktop\OpenVPN GUI.lnk -> C:\Program Files\OpenVPN\bin\openvpn-gui.exe ()
Shortcut: C:\Users\Public\Desktop\PrintProjects.lnk -> C:\Program Files (x86)\PrintProjects\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\Users\Public\Desktop\SlimDrivers.lnk -> C:\Windows\Installer\{A5457401-D56A-43F2-9524-78E54A7FC07A}\Icon.exe ()
Shortcut: C:\Users\test\Links\Desktop.lnk -> C:\Users\julian\Desktop ()
Shortcut: C:\Users\test\Links\Downloads.lnk -> C:\Users\julian\Downloads ()
Shortcut: C:\Users\test\Desktop\Bandicam.lnk -> C:\Program Files (x86)\Bandicam\bdcam.exe (www.Bandisoft.com)
Shortcut: C:\Users\test\Desktop\MyRouter.lnk -> C:\Program Files (x86)\MyRouter\MyRouter.exe (MyRouter Inc.)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk -> C:\Program Files (x86)\Bandicam\bdcam.exe (www.Bandisoft.com)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Resource Hacker.lnk -> C:\Program Files (x86)\Resource Hacker\ResHacker.exe ()




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers Help.lnk -> C:\Windows\Installer\{A5457401-D56A-43F2-9524-78E54A7FC07A}\Icon.exe () -> -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Utilities\Generate a static OpenVPN key.lnk -> C:\Program Files\OpenVPN\bin\openvpn.exe (The OpenVPN Project) -> --pause-exit --verb 3 --genkey --secret "C:\Program Files\OpenVPN\config\key.txt"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\KODAK AiO*Statusmonitor.lnk -> C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\KODAK All-in-One Software deinstallieren.lnk -> C:\ProgramData\Kodak\Installer\Setup.exe (Eastman Kodak Company) -> /Web /x {E0F274B7-592B-4669-8FB8-8D9825A09858} CompanyName="Eastman Kodak Company" /code 1031
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth deinstallieren.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth im DirectX-Modus starten.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setDX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth im OpenGL-Modus starten.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setOGL
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\Help and Support\Process Hacker 2 on the Web.url -> hxxp://processhacker.sourceforge.net/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\Forums.url -> hxxp://forums.peerblock.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\Homepage.url -> hxxp://www.peerblock.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\User Manual.url -> hxxp://www.peerblock.com/userguide
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN HOWTO.url -> hxxp://openvpn.net/howto.html
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN Support.url -> https://community.openvpn.net/openvpn/wiki/GettingHelp
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN Web Site.url -> hxxp://openvpn.net/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN Wiki.url -> https://community.openvpn.net/openvpn/wiki/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\Benutzerhandbuch.url -> hxxp://www.kodak.com/go/manuals?pq-locale=de_DE#aioprinters
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\KODAK Mobile Solutions.url -> hxxp://www.kodak.com/go/mobileprinting
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule\eMule Home Page.url -> hxxp://www.emule-project.net
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule\Online FAQ.url -> hxxp://www.emule-project.net/faq/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam\Home page.url -> hxxp://www.bandicam.com/
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\julian\Favorites\Links\Vorgeschlagene Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\julian\Favorites\Links\Web Slice-Katalog.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\test\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\test\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\test\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\test\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\test\Favorites\Links\Vorgeschlagene Sites.url -> https://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\test\Favorites\Links\Web Slice-Katalog.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315

==================== End of log =============================
         

Alt 12.02.2015, 18:01   #2
schrauber
/// the machine
/// TB-Ausbilder
 

merkwürdiger startup Eintrag - Standard

merkwürdiger startup Eintrag



hi,

welchen meinst Du?
__________________

__________________

Alt 12.02.2015, 18:47   #3
ichbins2000
 
merkwürdiger startup Eintrag - Standard

merkwürdiger startup Eintrag



den hier

Code:
ATTFilter
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
         
als Herausgeber steht unter msconfig unbekannt


MFG
__________________

Alt 13.02.2015, 06:40   #4
schrauber
/// the machine
/// TB-Ausbilder
 

merkwürdiger startup Eintrag - Standard

merkwürdiger startup Eintrag



Guggst Du

SystemLookup
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.02.2015, 07:29   #5
ichbins2000
 
merkwürdiger startup Eintrag - Standard

merkwürdiger startup Eintrag



Kannst du mir das vielleicht auf Deutsch erklären wo dieser Eintrag herkommt ? Habe nämlich nichts installiert!
Jedoch wenn ich autoruns.exe öffne steht da immer file not found...

MFG


Geändert von ichbins2000 (13.02.2015 um 07:29 Uhr) Grund: Information vergessen

Alt 13.02.2015, 17:26   #6
schrauber
/// the machine
/// TB-Ausbilder
 

merkwürdiger startup Eintrag - Standard

merkwürdiger startup Eintrag



Der kommt von Windows selbst.

Braucht man nur, wenn man zb CMF ausführen will und das gern in Chinesisch oder so sehen will

Kannste in Ruhe lassen.
__________________
--> merkwürdiger startup Eintrag

Antwort

Themen zu merkwürdiger startup Eintrag
.com, adware, askbar, browser, computer, cpu, defender, explorer, fehler, helper, iexplore.exe, installation, internet, kaspersky, log file, memory.dmp, netzwerk, performance, rundll, scan, security, services.exe, software, svchost.exe, tablet, usb, virus, windows




Ähnliche Themen: merkwürdiger startup Eintrag


  1. Sehr merkwürdiger Eintrag im Autostart
    Mülltonne - 17.03.2013 (1)
  2. Merkwürdiger Windows Sound
    Alles rund um Windows - 05.02.2011 (0)
  3. Merkwürdiger eintrag in AT:Jeden 1 4 7 10 13 16... 14:00 c:\Winddows\system32\cmmd.exe
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (3)
  4. Merkwürdiger Treiber entdeckt...
    Plagegeister aller Art und deren Bekämpfung - 10.06.2010 (8)
  5. Merkwürdiger/s Virus / Programm
    Log-Analyse und Auswertung - 31.05.2010 (2)
  6. Merkwürdiger Eintrag im eventlog
    Plagegeister aller Art und deren Bekämpfung - 02.09.2009 (3)
  7. merkwürdiger sound
    Netzwerk und Hardware - 23.08.2009 (7)
  8. merkwürdiger HJT-Eintrag
    Log-Analyse und Auswertung - 07.04.2009 (3)
  9. merkwürdiger Quelltext
    Mülltonne - 02.11.2008 (2)
  10. Merkwürdiger Internet-Traffic - Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 19.06.2008 (1)
  11. Merkwürdiger Aktivierungsprozess von XP
    Alles rund um Windows - 11.04.2008 (7)
  12. Merkwürdiger Treiber wird geladen
    Plagegeister aller Art und deren Bekämpfung - 05.01.2008 (6)
  13. Merkwürdiger Registry Eintrag
    Plagegeister aller Art und deren Bekämpfung - 27.07.2006 (3)
  14. Merkwürdiger Virus?
    Antiviren-, Firewall- und andere Schutzprogramme - 27.05.2005 (1)
  15. merkwürdiger Trojaner
    Log-Analyse und Auswertung - 06.09.2004 (9)
  16. Merkwürdiger Warnhinweis
    Plagegeister aller Art und deren Bekämpfung - 26.05.2003 (14)
  17. Merkwürdiger Prozess (smss.exe und csrss.exe)
    Archiv - 20.01.2003 (3)

Zum Thema merkwürdiger startup Eintrag - Hallo Nach langer Zeit hat mich anscheinend wieder ein Virus überfallen... Ich habe einen merkwürdigen startup Eintrag in HKLM . Wäre dankbar wenn da mal jemand drüberschauen würde MFG Code: - merkwürdiger startup Eintrag...
Archiv
Du betrachtest: merkwürdiger startup Eintrag auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.