|
Plagegeister aller Art und deren Bekämpfung: merkwürdiger startup EintragWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.02.2015, 17:55 | #1 |
| merkwürdiger startup Eintrag Hallo Nach langer Zeit hat mich anscheinend wieder ein Virus überfallen... Ich habe einen merkwürdigen startup Eintrag in HKLM . Wäre dankbar wenn da mal jemand drüberschauen würde MFG Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02 Ran by julian at 2015-02-12 17:48:27 Running from C:\Users\julian\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3604044926-3834190717-268029489-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.) Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated) aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros) Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.740 - Bandisoft.com) Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com) center (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden eMule (HKLM-x32\...\eMule) (Version: - ) essentials (x32 Version: 7.8.0.0 - Eastman Kodak Company) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation) Kodak AIO Printer (Version: 7.8.1.0 - Eastman Kodak Company) Hidden KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.45.4.3 - Marvell) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) MyRouter 2.0.8 (HKLM-x32\...\MyRouter) (Version: 2.0.8 - MyRouter, Inc.) No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC) ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation) OpenVPN 2.3.6-I001 (HKLM\...\OpenVPN) (Version: 2.3.6-I001 - ) PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC) PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.) Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32) Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version: - ) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1500.0 - SAMSUNG Electronics Co., Ltd.) SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) Virtual Router v1.0 (HKLM-x32\...\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}) (Version: 1.0 - Chris Pietschmann) WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 10-02-2015 20:32:42 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 10-02-2015 20:33:51 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 10-02-2015 20:35:04 OpenOffice 4.1.1 wird installiert ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {82C7E1E5-BAF5-4063-98C3-397E81931B35} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-04] (Google Inc.) Task: {97ED393B-29CD-42AA-8D92-0D40AF04C752} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.) Task: {B5000AFD-4954-48E4-BBBB-0AB3903774BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-04] (Google Inc.) Task: {B5EEE72B-BC40-4276-A2A2-23E9D5A53735} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe ==================== Loaded Modules (whitelisted) ============== 2014-12-04 20:51 - 2000-01-01 01:00 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-02-10 21:19 - 2015-02-04 10:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll 2015-02-10 21:19 - 2015-02-04 10:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll 2015-02-10 21:19 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90439091.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\90439091.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3604044926-3834190717-268029489-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\julian\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-3604044926-3834190717-268029489-500 - Administrator - Disabled) Gast (S-1-5-21-3604044926-3834190717-268029489-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3604044926-3834190717-268029489-1002 - Limited - Enabled) julian (S-1-5-21-3604044926-3834190717-268029489-1001 - Administrator - Enabled) => C:\Users\julian test (S-1-5-21-3604044926-3834190717-268029489-1003 - Limited - Enabled) => C:\Users\test ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/10/2015 09:53:36 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoID={4DF71C62-4CA5-469F-A3EB-C640C0E7B3EE}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 4" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0. Error: (02/01/2015 00:11:29 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoID={1129064A-55C8-42DD-8E1E-517344962378}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 3" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0. Error: (02/01/2015 00:10:54 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoID={7F983072-4D60-4716-AA65-4AD38EFCD70A}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 3" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0. Error: (02/01/2015 00:10:33 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoID={7AD74A77-24CC-4698-AFEA-C5A4C204F52A}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 3" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0. Error: (02/01/2015 00:10:00 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoID={C07A6342-F80C-4D39-AA89-77F73BE59CDC}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 3" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 691. Error: (02/01/2015 00:09:34 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoID={124F04D4-DF01-4817-984F-EFB79F6EF0AE}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 3" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 691. Error: (02/01/2015 00:09:18 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoID={AC5C2346-9436-4172-8603-D80CCF6D72A9}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 3" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 691. Error: (02/01/2015 00:09:03 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoID={7B24F184-4D80-4AC4-B252-DC486F303F69}: Der Benutzer "julian-PC\test" hat eine Verbindung mit dem Namen "VPN-Verbindung 3" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 691. Error: (01/30/2015 09:47:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: VirtualRouterClient.exe, Version: 1.0.0.0, Zeitstempel: 0x51181751 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdfe0 Ausnahmecode: 0xc000041d Fehleroffset: 0x000000000000aa7d ID des fehlerhaften Prozesses: 0x500 Startzeit der fehlerhaften Anwendung: 0xVirtualRouterClient.exe0 Pfad der fehlerhaften Anwendung: VirtualRouterClient.exe1 Pfad des fehlerhaften Moduls: VirtualRouterClient.exe2 Berichtskennung: VirtualRouterClient.exe3 Error: (01/30/2015 09:44:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: VirtualRouterClient.exe, Version: 1.0.0.0, Zeitstempel: 0x51181751 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdfe0 Ausnahmecode: 0xc000041d Fehleroffset: 0x000000000000aa7d ID des fehlerhaften Prozesses: 0x124 Startzeit der fehlerhaften Anwendung: 0xVirtualRouterClient.exe0 Pfad der fehlerhaften Anwendung: VirtualRouterClient.exe1 Pfad des fehlerhaften Moduls: VirtualRouterClient.exe2 Berichtskennung: VirtualRouterClient.exe3 System errors: ============= Error: (02/12/2015 02:09:08 PM) (Source: Server) (EventID: 2505) (User: ) Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{126C256E-D981-4371-AA59-355430EE07DD} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error: (06/06/2010 11:04:14 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (06/07/2010 01:04:40 AM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x00000019 (0x0000000000000020, 0xfffffa8005bf9490, 0xfffffa8005bf94b0, 0x0000000004020003)C:\Windows\MEMORY.DMP060710-21169-01 Error: (06/07/2010 01:04:33 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 12.02.2015 um 08:10:25 unerwartet heruntergefahren. Error: (02/12/2015 08:04:47 AM) (Source: Server) (EventID: 2505) (User: ) Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{126C256E-D981-4371-AA59-355430EE07DD} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error: (02/10/2015 10:08:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "VirtualRouterService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (02/10/2015 09:34:40 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (02/06/2015 02:34:15 PM) (Source: volsnap) (EventID: 29) (User: ) Description: Die Schattenkopien von Volume "C:" wurde während der Ermittlung abgebrochen. Error: (02/04/2015 08:30:12 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (02/03/2015 08:46:54 PM) (Source: Server) (EventID: 2505) (User: ) Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{126C256E-D981-4371-AA59-355430EE07DD} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Microsoft Office Sessions: ========================= Error: (02/10/2015 09:53:36 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: {4DF71C62-4CA5-469F-A3EB-C640C0E7B3EE}julian-PC\testVPN-Verbindung 40 Error: (02/01/2015 00:11:29 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: {1129064A-55C8-42DD-8E1E-517344962378}julian-PC\testVPN-Verbindung 30 Error: (02/01/2015 00:10:54 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: {7F983072-4D60-4716-AA65-4AD38EFCD70A}julian-PC\testVPN-Verbindung 30 Error: (02/01/2015 00:10:33 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: {7AD74A77-24CC-4698-AFEA-C5A4C204F52A}julian-PC\testVPN-Verbindung 30 Error: (02/01/2015 00:10:00 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: {C07A6342-F80C-4D39-AA89-77F73BE59CDC}julian-PC\testVPN-Verbindung 3691 Error: (02/01/2015 00:09:34 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: {124F04D4-DF01-4817-984F-EFB79F6EF0AE}julian-PC\testVPN-Verbindung 3691 Error: (02/01/2015 00:09:18 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: {AC5C2346-9436-4172-8603-D80CCF6D72A9}julian-PC\testVPN-Verbindung 3691 Error: (02/01/2015 00:09:03 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: {7B24F184-4D80-4AC4-B252-DC486F303F69}julian-PC\testVPN-Verbindung 3691 Error: (01/30/2015 09:47:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: VirtualRouterClient.exe1.0.0.051181751KERNELBASE.dll6.1.7600.163854a5bdfe0c000041d000000000000aa7d50001d03ccde0306c7bC:\Program Files (x86)\Virtual Router\VirtualRouterClient.exeC:\Windows\system32\KERNELBASE.dll2e4fa2f2-a8c1-11e4-ac03-e81132051f51 Error: (01/30/2015 09:44:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: VirtualRouterClient.exe1.0.0.051181751KERNELBASE.dll6.1.7600.163854a5bdfe0c000041d000000000000aa7d12401d03ccd77426ab8C:\Program Files (x86)\Virtual Router\VirtualRouterClient.exeC:\Windows\system32\KERNELBASE.dllb80833e8-a8c0-11e4-844f-e81132051f51 ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz Percentage of memory in use: 41% Total physical RAM: 3892.55 MB Available physical RAM: 2288.09 MB Total Pagefile: 7783.25 MB Available Pagefile: 5926.95 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:154.71 GB) (Free:100.57 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 0005F617) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=154.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=310.9 GB) - (Type=05) ==================== End Of Log ============================ Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02 Ran by julian (administrator) on JULIAN-PC on 12-02-2015 17:47:59 Running from C:\Users\julian\Desktop Loaded Profiles: julian (Available profiles: julian & test) Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Chris Pietschmann (http://pietschsoft.com)) C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe (Microsoft Corporation) C:\Windows\splwow64.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Microsoft Corporation) C:\Windows\splwow64.exe (SlimWare Utilities, Inc.) C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company) HKU\S-1-5-21-3604044926-3834190717-268029489-1001\...\Run: [uTorrent] => C:\Users\test\AppData\Roaming\uTorrent\uTorrent.exe [1740880 2015-02-12] (BitTorrent Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3604044926-3834190717-268029489-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/de-de/?ocid=iehp FireFox: ======== FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Präsentationen) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-04] CHR Extension: (Google Docs) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-04] CHR Extension: (Google Drive) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-04] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-04] CHR Extension: (YouTube) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-04] CHR Extension: (Google-Suche) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-04] CHR Extension: (Google Tabellen) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-04] CHR Extension: (Google Wallet) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-04] CHR Extension: (Google Mail) - C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project) R2 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (http://pietschsoft.com)) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-02-12] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-12 17:47 - 2015-02-12 17:47 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-02-12 17:47 - 2015-02-12 17:47 - 00000000 ____D () C:\Users\julian\Desktop\FRST-OlderVersion 2015-02-12 17:28 - 2015-02-12 17:28 - 00000518 _____ () C:\Users\test\Desktop\proxies.txt.torrent 2015-02-12 17:27 - 2015-02-12 17:27 - 00000195 _____ () C:\Users\test\Desktop\proxies.txt 2015-02-12 17:05 - 2015-02-12 17:05 - 00000000 ____D () C:\Users\test\Desktop\gptool 2015-02-12 17:04 - 2015-02-12 17:05 - 01581750 _____ () C:\Users\test\Downloads\GPTool.rar 2015-02-12 16:58 - 2015-02-12 17:13 - 00000000 ____D () C:\Users\test\AppData\Roaming\uTorrent 2015-02-12 16:57 - 2015-02-12 16:57 - 01740880 _____ (BitTorrent Inc.) C:\Users\test\Downloads\uTorrent.exe 2015-02-12 16:56 - 2015-02-12 16:56 - 00239648 _____ () C:\Users\test\Downloads\DUCSetup_v4_1_0.exe 2015-02-12 16:56 - 2015-02-12 16:56 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC 2015-02-12 16:56 - 2015-02-12 16:56 - 00000000 ____D () C:\Users\julian\AppData\Local\Vitalwerks 2015-02-12 16:56 - 2015-02-12 16:56 - 00000000 ____D () C:\Program Files (x86)\No-IP 2015-02-12 16:54 - 2015-02-12 16:54 - 00013331 _____ () C:\Users\test\Desktop\mbam-patched.exe.torrent 2015-02-12 16:48 - 2015-02-12 16:48 - 03389035 _____ () C:\Users\test\Downloads\eMule0.50a-Installer (1).exe 2015-02-12 16:48 - 2015-02-12 16:48 - 00000991 _____ () C:\Users\Public\Desktop\eMule.lnk 2015-02-12 16:48 - 2015-02-12 16:48 - 00000000 ____D () C:\Users\test\Downloads\eMule 2015-02-12 16:48 - 2015-02-12 16:48 - 00000000 ____D () C:\Users\test\AppData\Local\eMule 2015-02-12 16:48 - 2015-02-12 16:48 - 00000000 ____D () C:\Users\julian\AppData\Local\eMule 2015-02-12 16:48 - 2015-02-12 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule 2015-02-12 16:48 - 2015-02-12 16:48 - 00000000 ____D () C:\ProgramData\eMule 2015-02-12 16:48 - 2015-02-12 16:48 - 00000000 ____D () C:\Program Files (x86)\eMule 2015-02-12 16:47 - 2015-02-12 16:47 - 03389035 _____ () C:\Users\test\Downloads\eMule0.50a-Installer.exe 2015-02-12 16:44 - 2015-02-12 16:44 - 21072896 _____ (Microsoft Corporation) C:\Users\test\Desktop\mbam-setup-cracked-2.0.4.1028.EXE 2015-02-12 16:44 - 2015-02-12 16:44 - 20991488 ____R (Microsoft Corporation) C:\Users\test\Desktop\mbam-patched.exe 2015-02-12 16:41 - 2015-02-12 16:41 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\test\Desktop\mbam-setup-2.0.4.1028.exe 2015-02-12 16:41 - 2015-02-12 16:41 - 00000030 _____ () C:\Users\test\Desktop\icon.rc 2015-02-12 16:40 - 2015-02-12 16:41 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\test\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-12 16:12 - 2015-02-12 16:12 - 00000000 ____D () C:\Users\test\AppData\Local\Eastman_Kodak_Company 2015-02-12 15:59 - 2015-02-12 15:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-02-12 15:59 - 2015-02-12 15:59 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2015-02-12 15:59 - 2015-02-12 15:59 - 00000000 ____D () C:\Users\test\AppData\Roaming\Adobe 2015-02-12 15:59 - 2015-02-12 15:59 - 00000000 ____D () C:\Users\test\AppData\Local\Adobe 2015-02-12 15:58 - 2015-02-12 16:00 - 00000000 ____D () C:\ProgramData\Adobe 2015-02-12 15:58 - 2015-02-12 15:58 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-02-12 15:56 - 2015-02-12 15:59 - 00000000 ____D () C:\Users\julian\AppData\Local\Adobe 2015-02-12 14:23 - 2015-02-12 14:23 - 00000000 _____ () C:\Users\test\Desktop\Neues Textdokument.txt 2015-02-12 14:19 - 2015-02-12 14:19 - 00698330 _____ () C:\Users\test\Desktop\ppp.xps 2015-02-12 07:54 - 2015-02-12 07:54 - 00000000 ____D () C:\Users\test\AppData\Local\Eastman Kodak Company 2015-02-10 22:12 - 2015-02-10 22:12 - 00000000 ____D () C:\Users\test\AppData\Roaming\OpenOffice 2015-02-10 22:10 - 2015-02-10 22:10 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Process Hacker 2 2015-02-10 22:07 - 2015-02-10 22:07 - 01932448 _____ (wj32 ) C:\Users\test\Downloads\processhacker-2.33-setup.exe 2015-02-10 22:07 - 2015-02-10 22:07 - 00001841 _____ () C:\Users\julian\Desktop\Process Hacker 2.lnk 2015-02-10 22:07 - 2015-02-10 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2 2015-02-10 22:07 - 2015-02-10 22:07 - 00000000 ____D () C:\Program Files\Process Hacker 2 2015-02-10 21:06 - 2015-02-10 21:06 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2015-02-10 21:05 - 2015-02-10 21:05 - 00000000 ____D () C:\Windows\system32\kodak 2015-02-10 21:04 - 2015-02-10 21:04 - 00000236 _____ () C:\Users\julian\AppData\Local\LaunchHomeCenter.log 2015-02-10 21:01 - 2015-02-10 21:02 - 00000000 ____D () C:\Users\julian\AppData\Local\Eastman_Kodak_Company 2015-02-10 21:01 - 2015-02-10 21:01 - 00002156 _____ () C:\Users\Public\Desktop\KODAK AiO Home Center.lnk 2015-02-10 21:01 - 2015-02-10 21:01 - 00001946 _____ () C:\Users\Public\Desktop\PrintProjects.lnk 2015-02-10 21:01 - 2015-02-10 21:01 - 00000000 ____D () C:\ProgramData\Visan 2015-02-10 21:01 - 2015-02-10 21:01 - 00000000 ____D () C:\ProgramData\PrintProjects 2015-02-10 21:01 - 2015-02-10 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects 2015-02-10 21:01 - 2015-02-10 21:01 - 00000000 ____D () C:\Program Files (x86)\PrintProjects 2015-02-10 21:00 - 2015-02-10 21:00 - 00000000 ____D () C:\Users\julian\AppData\Local\Eastman Kodak Company 2015-02-10 20:59 - 2015-02-10 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak 2015-02-10 20:59 - 2015-02-10 20:59 - 00000000 ____D () C:\Windows\SysWOW64\kodak 2015-02-10 20:57 - 2015-02-10 20:58 - 00000000 ____D () C:\Program Files (x86)\Kodak 2015-02-10 20:56 - 2015-02-12 16:12 - 00000000 ____D () C:\ProgramData\Kodak 2015-02-10 20:56 - 2015-02-10 20:56 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Temp 2015-02-10 20:55 - 2015-02-10 20:55 - 10464648 _____ (Eastman Kodak Company) C:\Users\julian\Downloads\aio_install.exe 2015-02-10 20:54 - 2015-02-10 21:01 - 00014683 _____ () C:\Users\julian\Desktop\Lebenslauf.odt 2015-02-10 20:37 - 2015-02-10 20:37 - 00000000 ____D () C:\Users\julian\AppData\Roaming\OpenOffice 2015-02-10 20:36 - 2015-02-10 20:36 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk 2015-02-10 20:36 - 2015-02-10 20:36 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2015-02-10 20:35 - 2015-02-10 20:35 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2015-02-10 20:32 - 2015-02-10 20:32 - 00000000 ____D () C:\Users\julian\Desktop\OpenOffice 4.1.1 (de) Installation Files 2015-02-10 20:29 - 2015-02-10 20:32 - 164858324 _____ () C:\Users\julian\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe 2015-02-04 20:21 - 2015-02-04 20:21 - 00000000 ____D () C:\Program Files\HashTab Shell Extension 2015-02-04 20:20 - 2015-02-04 20:21 - 01903054 _____ () C:\Users\test\Downloads\HashTab_v5.2.0.14.zip 2015-02-03 21:52 - 2015-02-03 22:01 - 727711744 _____ () C:\Users\test\Downloads\elementaryos-stable-amd64.20130810.iso 2015-02-03 21:50 - 2015-02-03 21:50 - 01155280 _____ () C:\Users\test\Downloads\Playmate_2014_01.zip 2015-02-03 21:20 - 2015-02-03 21:32 - 1028653056 _____ () C:\Users\test\Downloads\ubuntu-14.04.1-desktop-amd64.iso 2015-02-03 21:17 - 2015-02-03 21:17 - 00039580 _____ () C:\Users\test\Downloads\ubuntu-14.04.1-desktop-amd64.iso (3).torrent 2015-02-03 21:17 - 2015-02-03 21:17 - 00039580 _____ () C:\Users\test\Downloads\ubuntu-14.04.1-desktop-amd64.iso (2).torrent 2015-02-03 21:16 - 2015-02-03 21:16 - 00039580 _____ () C:\Users\test\Downloads\ubuntu-14.04.1-desktop-amd64.iso (1).torrent 2015-02-03 21:08 - 2015-02-03 21:08 - 00240612 _____ () C:\Users\test\Downloads\kali-linux-1.0.9a-i386.torrent 2015-02-03 21:04 - 2015-02-03 21:04 - 00233436 _____ () C:\Users\test\Downloads\kali-linux-1.0.9a-amd64.torrent 2015-01-31 13:14 - 2015-02-01 12:03 - 00000000 ____D () C:\Users\test\Desktop\l517 2015-01-31 13:14 - 2015-01-31 13:14 - 01077336 _____ (Microsoft Corporation) C:\Users\test\Downloads\MSCOMCTL.OCX 2015-01-31 13:13 - 2015-01-31 13:14 - 01183744 _____ (derv82@gmail.com) C:\Users\test\Downloads\L517 v0.994.exe 2015-01-31 12:44 - 2015-01-31 12:44 - 00191515 _____ () C:\Users\test\Downloads\Wodlist.torrent 2015-01-31 12:37 - 2015-01-31 12:37 - 00043472 _____ () C:\Users\test\Downloads\FD62CC1D79F595CBE1DE6356FB13C2165994E469.torrent 2015-01-31 12:30 - 2015-01-31 12:30 - 00033377 _____ () C:\Users\test\Downloads\linuxmint-17.1-kde-64bit.iso.torrent 2015-01-31 12:30 - 2015-01-31 12:30 - 00030797 _____ () C:\Users\test\Downloads\linuxmint-17.1-kde-32bit.iso.torrent 2015-01-31 12:23 - 2015-01-31 12:23 - 00047549 _____ () C:\Users\test\Downloads\[kickass.so]collection.of.wordlist.dictionaries.for.cracking.wifi.wpa.wpa2 (4).torrent 2015-01-31 12:23 - 2015-01-31 12:23 - 00047549 _____ () C:\Users\test\Downloads\[kickass.so]collection.of.wordlist.dictionaries.for.cracking.wifi.wpa.wpa2 (3).torrent 2015-01-31 12:21 - 2015-01-31 12:21 - 00039580 _____ () C:\Users\test\Downloads\ubuntu-14.04.1-desktop-amd64.iso.torrent 2015-01-31 11:55 - 2015-01-31 11:55 - 00013345 _____ () C:\Users\test\Downloads\1.100.000+Wordlist.txt.torrent 2015-01-31 11:33 - 2015-01-31 11:33 - 00017041 _____ () C:\Users\test\Downloads\(demonoid.pw)-25_HD_Nature_Wallpapers_Set_46.TORRENT 2015-01-31 11:32 - 2015-01-31 11:32 - 00000000 ____D () C:\Users\test\AppData\Roaming\java 2015-01-31 11:32 - 2015-01-31 11:32 - 00000000 ____D () C:\Users\test\AppData\Roaming\.minecraft 2015-01-31 11:31 - 2015-01-31 11:32 - 00000000 ____D () C:\Users\test\Desktop\game 2015-01-31 11:31 - 2015-01-31 11:31 - 01294088 _____ (Mojang) C:\Users\test\Desktop\Minecraft.exe 2015-01-31 11:31 - 2015-01-31 11:31 - 00000000 ____D () C:\Users\test\Desktop\tools 2015-01-31 11:31 - 2015-01-31 11:31 - 00000000 ____D () C:\Users\test\Desktop\runtime 2015-01-31 11:07 - 2015-01-31 11:07 - 00018725 _____ () C:\Users\test\Downloads\MONOVA.ORG WPA_Extreme_Wordlist.torrent 2015-01-31 11:03 - 2015-01-31 11:03 - 00017990 _____ () C:\Users\test\Downloads\104472-davajjultimatewordlist-txt-zip-big-wordlist-for-http-bugger.torrent 2015-01-31 11:02 - 2015-01-31 11:02 - 00023702 _____ () C:\Users\test\Downloads\WPA-PSK+WORDLIST+3+Final+%2813+GB%29.rar.torrent 2015-01-30 22:10 - 2015-01-30 22:10 - 00025350 _____ () C:\Users\test\Desktop\Shortcut.txt 2015-01-30 22:02 - 2015-01-30 22:14 - 00000000 ____D () C:\Windupdt 2015-01-30 21:57 - 2015-01-30 21:57 - 00018669 _____ () C:\Users\julian\Desktop\Addition.txt 2015-01-30 21:56 - 2015-02-12 17:48 - 00006641 _____ () C:\Users\julian\Desktop\FRST.txt 2015-01-30 21:56 - 2015-02-12 17:47 - 02134016 _____ (Farbar) C:\Users\julian\Desktop\FRST64.exe 2015-01-30 21:45 - 2015-01-30 21:45 - 00000000 ____D () C:\TDSSKiller_Quarantine 2015-01-30 21:44 - 2015-01-30 21:44 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\test\Downloads\tdsskiller44.exe 2015-01-30 21:30 - 2015-01-30 21:27 - 00000311 _____ () C:\Users\julian\Desktop\new.bat 2015-01-30 21:27 - 2015-01-30 21:27 - 00000311 _____ () C:\Users\test\Desktop\new.bat 2015-01-30 21:19 - 2015-01-30 21:19 - 00043281 _____ () C:\Users\test\Downloads\crackstation.txt.gz.torrent 2015-01-30 21:18 - 2015-01-30 21:18 - 00007859 _____ () C:\Users\test\Downloads\plist.txt 2015-01-30 20:46 - 2015-01-30 20:46 - 00000988 _____ () C:\Users\test\Desktop\Bandicam.lnk 2015-01-30 20:46 - 2015-01-30 20:46 - 00000988 _____ () C:\Users\julian\Desktop\Bandicam.lnk 2015-01-30 20:46 - 2015-01-30 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam 2015-01-30 20:46 - 2015-01-30 20:46 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1 2015-01-30 20:46 - 2015-01-30 20:46 - 00000000 ____D () C:\Program Files (x86)\Bandicam 2015-01-30 20:45 - 2015-01-30 20:46 - 09495760 _____ (Bandisoft) C:\Users\test\Downloads\bdcamsetup.exe 2015-01-30 15:25 - 2015-01-30 15:25 - 00047549 _____ () C:\Users\test\Downloads\[kickass.so]collection.of.wordlist.dictionaries.for.cracking.wifi.wpa.wpa2 (2).torrent 2015-01-30 15:25 - 2015-01-30 15:25 - 00047549 _____ () C:\Users\test\Downloads\[kickass.so]collection.of.wordlist.dictionaries.for.cracking.wifi.wpa.wpa2 (1).torrent 2015-01-30 15:21 - 2015-01-30 15:21 - 00005962 _____ () C:\Users\test\Downloads\frootvpn (2).ovpn 2015-01-30 15:20 - 2015-01-30 15:20 - 00005962 _____ () C:\Users\test\Downloads\frootvpn (1).ovpn 2015-01-30 15:19 - 2015-01-30 15:19 - 00000908 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk 2015-01-30 15:18 - 2015-01-30 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN 2015-01-30 15:18 - 2015-01-30 15:19 - 00000000 ____D () C:\Program Files\TAP-Windows 2015-01-30 15:18 - 2015-01-30 15:19 - 00000000 ____D () C:\Program Files\OpenVPN 2015-01-30 15:18 - 2015-01-30 15:18 - 03408935 _____ () C:\Users\test\Downloads\openvpn-install-2.3.6.zip 2015-01-30 15:18 - 2015-01-30 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows 2015-01-30 15:11 - 2015-01-30 15:11 - 00047549 _____ () C:\Users\test\Downloads\[kickass.so]collection.of.wordlist.dictionaries.for.cracking.wifi.wpa.wpa2.torrent 2015-01-29 20:11 - 2015-01-29 20:11 - 00023086 _____ () C:\Users\test\Downloads\[kickass.so]wpa.wordlists.torrent 2015-01-29 20:04 - 2015-01-29 20:04 - 00000307 _____ () C:\Users\test\Downloads\checkMyTorrentIp.png.torrent 2015-01-29 19:56 - 2015-01-29 19:56 - 00034684 _____ () C:\Users\test\Downloads\[kickass.so]openwall.wordlists.collection.torrent 2015-01-29 19:47 - 2015-01-29 19:47 - 00005962 _____ () C:\Users\test\Downloads\frootvpn.ovpn 2015-01-29 19:43 - 2015-01-29 19:43 - 00030398 _____ () C:\Users\test\Downloads\dsqzro.imp 2015-01-29 07:26 - 2015-01-29 07:27 - 00000000 ____D () C:\Users\test\Desktop\darkcomet 2015-01-29 07:25 - 2015-01-29 07:26 - 89489915 _____ () C:\Users\test\Downloads\RARs DCR.rar 2015-01-28 20:56 - 2015-01-28 20:56 - 00004612 _____ () C:\Users\test\Desktop\Minecraft -Cracked.exe.torrent 2015-01-28 20:56 - 2015-01-28 20:56 - 00000000 ____D () C:\Users\test\Downloads\uTorrentPortable 2015-01-28 20:55 - 2015-01-28 20:56 - 02361928 _____ (PortableApps.com) C:\Users\test\Downloads\uTorrentPortable_3.4.2.38397_online.paf.exe 2015-01-28 20:47 - 2015-01-28 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker 2015-01-28 20:47 - 2015-01-28 20:47 - 00000000 ____D () C:\Program Files (x86)\Resource Hacker 2015-01-28 20:46 - 2015-01-28 20:46 - 00748246 _____ ( ) C:\Users\test\Downloads\reshack_setup.exe 2015-01-28 20:45 - 2015-01-28 20:45 - 03459072 _____ () C:\Users\test\Desktop\tr - Kopie.exe 2015-01-28 20:45 - 2015-01-28 20:45 - 03459072 _____ () C:\Users\test\Desktop\Minecraft -Cracked.exe 2015-01-28 20:45 - 2015-01-28 20:45 - 00000000 ____D () C:\Users\test\AppData\Roaming\game 2015-01-28 20:44 - 2015-01-28 20:44 - 01294088 _____ (Mojang) C:\Users\test\Downloads\Minecraft.exe 2015-01-28 20:26 - 2015-01-28 20:26 - 00048128 _____ () C:\Users\test\Downloads\NetflixChecker.exe 2015-01-28 20:22 - 2015-01-28 20:22 - 00033280 _____ (Gif89 Company) C:\Users\test\Downloads\MARCHOSO.OCX 2015-01-28 20:21 - 2015-01-28 20:21 - 00152848 _____ (Microsoft Corporation) C:\Users\test\Downloads\COMDLG32.OCX 2015-01-28 20:21 - 2015-01-28 20:21 - 00152848 _____ (Microsoft Corporation) C:\Users\test\Downloads\COMDLG32 (1).OCX 2015-01-28 20:21 - 2015-01-28 20:21 - 00108336 _____ (Microsoft Corporation) C:\Users\test\Downloads\MSWINSCK.OCX 2015-01-28 20:15 - 2015-01-30 22:07 - 00000000 ____D () C:\Users\test\Desktop\njrat 2015-01-28 20:14 - 2015-01-28 20:22 - 00000000 ____D () C:\Users\test\Desktop\NjRat Protector FREE ByRoda 2015-01-28 20:14 - 2015-01-28 20:14 - 00554816 _____ () C:\Users\test\Downloads\NjRat Protector FREE ByRoda.rar 2015-01-28 19:55 - 2015-02-12 17:44 - 00000000 ____D () C:\Users\test\Desktop\FRST-OlderVersion 2015-01-28 19:55 - 2015-01-28 19:55 - 00000000 ____D () C:\Users\test\AppData\Roaming\Process Hacker 2 2015-01-28 19:54 - 2015-01-28 19:54 - 00000000 ____D () C:\Users\test\Desktop\processhacker 2015-01-28 19:53 - 2015-01-28 19:54 - 02720895 _____ () C:\Users\test\Downloads\processhacker-2.33-bin.zip 2015-01-28 19:52 - 2015-01-28 19:52 - 00000313 _____ () C:\Users\test\Desktop\dummesau.bat 2015-01-28 19:49 - 2015-01-30 22:10 - 00016694 _____ () C:\Users\test\Desktop\Addition.txt 2015-01-28 19:48 - 2015-02-12 17:48 - 00000000 ____D () C:\FRST 2015-01-28 19:48 - 2015-02-12 17:45 - 00033110 _____ () C:\Users\test\Desktop\FRST.txt 2015-01-28 15:13 - 2015-02-12 17:44 - 02134016 _____ (Farbar) C:\Users\test\Desktop\FRST64.exe 2015-01-28 15:13 - 2015-01-28 15:13 - 02129920 _____ (Farbar) C:\Users\test\Downloads\FRST64.exe 2015-01-28 15:11 - 2015-01-28 15:11 - 00000292 _____ () C:\Users\test\Desktop\penis2.bat 2015-01-28 15:05 - 2015-01-28 15:05 - 00000000 ____D () C:\Users\test\AppData\Local\Chris_Pietschmann_(http__ 2015-01-28 15:04 - 2015-01-28 15:04 - 00018034 _____ () C:\Users\test\Desktop\penis.bat 2015-01-28 15:00 - 2015-01-28 15:00 - 00000000 ____D () C:\Users\test\Desktop\Worms or Virus Builders 2015-01-28 14:58 - 2015-01-28 14:58 - 34925069 _____ () C:\Users\test\Downloads\Worms or Virus Builders.rar 2015-01-28 14:51 - 2015-01-28 14:51 - 00262144 _____ () C:\Windows\Minidump\012815-16177-01.dmp 2015-01-28 14:51 - 2010-06-07 01:04 - 336989223 _____ () C:\Windows\MEMORY.DMP 2015-01-28 14:51 - 2010-06-07 01:04 - 00000000 ____D () C:\Windows\Minidump 2015-01-28 14:42 - 2015-01-28 14:42 - 00000000 ____D () C:\Users\test\AppData\Local\Neptune 2015-01-28 14:39 - 2015-01-29 07:22 - 00000000 ____D () C:\Users\test\Desktop\Project Neptune v2.0 2015-01-28 14:38 - 2015-01-28 14:38 - 01818180 _____ () C:\Users\test\Downloads\EncryptedArchive.rar 2015-01-28 14:36 - 2015-01-28 14:36 - 01807890 _____ () C:\Users\test\Downloads\setup_akl.zip 2015-01-28 14:36 - 2015-01-28 14:36 - 00000000 ____D () C:\Users\test\AppData\Roaming\WinRAR 2015-01-28 14:31 - 2015-02-12 07:55 - 00063568 _____ () C:\Users\test\AppData\Local\GDIPFONTCACHEV1.DAT 2015-01-23 21:23 - 2015-01-23 21:23 - 00026174 _____ () C:\Users\julian\Downloads\debian-7.8.0-amd64-CD-1.iso.torrent 2015-01-23 21:13 - 2015-01-23 21:13 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\julian\Downloads\tdsskiller44.exe 2015-01-23 21:10 - 2015-01-23 21:12 - 1028653056 _____ () C:\Users\julian\Downloads\ubuntu-14.04.1-desktop-amd64.iso 2015-01-23 21:10 - 2015-01-23 21:10 - 00039580 _____ () C:\Users\julian\Downloads\ubuntu-14.04.1-desktop-amd64.iso (1).torrent 2015-01-23 21:07 - 2015-01-23 21:07 - 00357237 _____ () C:\Users\julian\Downloads\openSUSE-13.2-DVD-x86_64.iso (1).torrent 2015-01-23 21:06 - 2015-01-23 21:06 - 00357237 _____ () C:\Users\julian\Downloads\openSUSE-13.2-DVD-x86_64.iso.torrent 2015-01-23 20:05 - 2015-01-23 20:05 - 00002212 _____ () C:\Users\Public\Desktop\Google Earth.lnk 2015-01-23 20:05 - 2015-01-23 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2015-01-23 20:04 - 2015-01-23 20:04 - 00880784 _____ (Google Inc.) C:\Users\julian\Downloads\GoogleEarthSetup.exe 2015-01-23 17:54 - 2015-01-23 17:54 - 02059896 _____ () C:\Users\julian\Downloads\winrar-x64-520d.exe 2015-01-23 17:54 - 2015-01-23 17:54 - 00000000 ____D () C:\Users\julian\AppData\Roaming\WinRAR 2015-01-23 17:54 - 2015-01-23 17:54 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-23 17:54 - 2015-01-23 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2015-01-23 17:54 - 2015-01-23 17:54 - 00000000 ____D () C:\Program Files\WinRAR 2015-01-23 17:39 - 2015-01-23 17:50 - 98046036 ____R () C:\Users\julian\Downloads\wpalist01.rar 2015-01-23 17:34 - 2015-01-23 17:47 - 00000000 ____D () C:\Program Files\PeerBlock 2015-01-23 17:34 - 2015-01-23 17:34 - 00001736 _____ () C:\Users\julian\Desktop\PeerBlock.lnk 2015-01-23 17:34 - 2015-01-23 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock 2015-01-23 17:15 - 2015-01-23 17:15 - 00044718 _____ () C:\Users\julian\Downloads\ubuntu-14.10-desktop-amd64.iso.torrent 2015-01-20 19:59 - 2015-01-20 19:59 - 00039580 _____ () C:\Users\julian\Downloads\ubuntu-14.04.1-desktop-amd64.iso.torrent 2015-01-20 19:56 - 2015-01-20 19:56 - 00014134 _____ () C:\Users\julian\Downloads\++demonoid.pw++-Samsung_Galaxy_S3_GAPPS_4_4_kk.TORRENT 2015-01-20 18:31 - 2015-01-20 20:10 - 528838868 _____ () C:\Users\julian\Downloads\WPA-PSK WORDLIST 3 Final (13 GB).rar 2015-01-20 18:28 - 2015-01-20 18:28 - 00027937 _____ () C:\Users\julian\Downloads\NUSHORs_WPA_WORDLIST_v2-((demonoid.pw)).TORRENT 2015-01-20 18:27 - 2015-01-20 18:27 - 00172785 _____ () C:\Users\julian\Downloads\wpa_wordlist_(90GB)-_demonoid.pw_-.TORRENT 2015-01-20 18:24 - 2015-01-20 18:24 - 00028036 _____ () C:\Users\julian\Downloads\[[demonoid.pw]]-Wordlist_Collection.TORRENT 2015-01-14 18:00 - 2015-01-14 18:03 - 257973006 ____R () C:\Users\julian\Downloads\crackstation-human-only.txt.gz 2015-01-14 17:57 - 2015-01-14 17:57 - 46679553 ____R () C:\Users\julian\Downloads\Cracking WPA & WPA2 key with Reaver on Kali Linux No Dictionary Wordlist).mp4 2015-01-14 17:49 - 2015-01-14 17:49 - 00000000 ____D () C:\Users\julian\Downloads\WPA Wordlists 2015-01-14 17:44 - 2015-01-14 17:44 - 02374320 _____ (PeerBlock, LLC ) C:\Users\julian\Downloads\PeerBlock-Setup_v1.2_r693.exe 2015-01-14 17:43 - 2015-01-14 17:43 - 00021049 _____ () C:\Users\julian\Downloads\MONOVA.ORG darksell.com_RESEED_-_Hacker_BruteForce_Wordlist_5_chars_a-z_A-Z.torrent 2015-01-14 17:40 - 2015-01-14 17:40 - 00020970 _____ () C:\Users\julian\Downloads\[www.seedpeer.eu] Darksell Com Reseed Hacker Bruteforce Wordlist 5 Chars A Z A Z.SEEDPEER.torrent 2015-01-14 17:39 - 2015-02-12 16:59 - 00001199 _____ () C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2015-01-14 17:39 - 2015-02-12 16:59 - 00001175 _____ () C:\Users\julian\Desktop\µTorrent.lnk 2015-01-14 17:38 - 2015-02-12 16:59 - 00000000 ____D () C:\Users\julian\AppData\Roaming\uTorrent 2015-01-14 17:38 - 2015-01-14 17:38 - 01678928 _____ (BitTorrent Inc.) C:\Users\julian\Downloads\uTorrent.exe 2015-01-14 17:38 - 2015-01-14 17:38 - 00000000 ____D () C:\ProgramData\APN 2015-01-14 16:44 - 2015-01-31 12:12 - 00000598 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2015-01-14 16:43 - 2015-01-14 16:43 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-14 16:43 - 2015-01-14 16:43 - 00000000 ____D () C:\Windows\Options 2015-01-14 16:43 - 2015-01-14 16:43 - 00000000 ____D () C:\Program Files (x86)\Atheros 2015-01-14 16:43 - 2012-04-26 23:39 - 00073472 ____N () C:\Windows\system32\athrextx.cat 2015-01-14 16:43 - 2012-04-19 22:56 - 02811392 ____N (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\athrx.sys 2015-01-14 16:43 - 2012-04-19 22:56 - 02811392 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys 2015-01-14 16:42 - 2015-01-14 16:43 - 00000184 _____ () C:\setup.log 2015-01-14 16:42 - 2015-01-14 16:43 - 00000000 ____D () C:\ProgramData\Atheros 2015-01-14 16:38 - 2015-01-14 16:38 - 00008360 _____ () C:\Windows\ykinstutil.log 2015-01-14 16:38 - 2015-01-14 16:38 - 00000369 ____R () C:\Windows\YukonInstall.log 2015-01-14 16:38 - 2015-01-14 16:38 - 00000000 ____D () C:\Program Files (x86)\Marvell 2015-01-14 16:33 - 2015-01-14 16:33 - 00000000 ____D () C:\Users\julian\AppData\Local\MyRouter_Inc 2015-01-14 16:30 - 2015-01-14 16:33 - 00000000 ____D () C:\Program Files (x86)\MyRouter 2015-01-14 16:30 - 2015-01-14 16:30 - 03309904 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-01-14 16:30 - 2015-01-14 16:30 - 00001007 _____ () C:\Users\test\Desktop\MyRouter.lnk 2015-01-14 16:30 - 2015-01-14 16:30 - 00001007 _____ () C:\Users\julian\Desktop\MyRouter.lnk 2015-01-14 16:30 - 2015-01-14 16:30 - 00000000 ____D () C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyRouter 2015-01-14 16:30 - 2015-01-14 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyRouter 2015-01-14 16:27 - 2009-11-25 12:47 - 01942856 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2015-01-14 16:27 - 2009-11-25 12:47 - 01130824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2015-01-14 16:27 - 2009-11-25 12:47 - 00444752 _____ (Microsoft Corporation) C:\Windows\system32\mscoree.dll 2015-01-14 16:27 - 2009-11-25 12:47 - 00320352 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHost.exe 2015-01-14 16:27 - 2009-11-25 12:47 - 00297808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscoree.dll 2015-01-14 16:27 - 2009-11-25 12:47 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHost.exe 2015-01-14 16:27 - 2009-11-25 12:47 - 00109912 _____ (Microsoft Corporation) C:\Windows\system32\PresentationHostProxy.dll 2015-01-14 16:27 - 2009-11-25 12:47 - 00099176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationHostProxy.dll 2015-01-14 16:27 - 2009-11-25 12:47 - 00049472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netfxperf.dll 2015-01-14 16:27 - 2009-11-25 12:47 - 00048960 _____ (Microsoft Corporation) C:\Windows\system32\netfxperf.dll 2015-01-14 16:22 - 2015-01-14 16:22 - 00000000 ____D () C:\Users\julian\AppData\Local\Chris_Pietschmann_(http__ 2015-01-14 16:22 - 2015-01-14 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router 2015-01-14 16:22 - 2010-06-06 23:02 - 00000000 ____D () C:\Program Files (x86)\Virtual Router 2015-01-14 16:21 - 2015-01-14 16:21 - 01373696 _____ () C:\Users\julian\Downloads\VirtualRouterInstaller_1.0.msi 2015-01-14 16:05 - 2015-01-14 16:05 - 00000000 ____D () C:\Users\julian\Desktop\I9300XXUGNG3-DBT 2015-01-14 15:58 - 2015-01-14 16:03 - 00000000 ____D () C:\Users\julian\Desktop\backup s3 2015-01-14 15:57 - 2015-01-14 15:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2015-01-14 15:57 - 2015-01-14 15:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf 2015-01-14 15:54 - 2015-01-14 15:54 - 00000000 ____D () C:\Users\julian\Desktop\Odin_3.10.0 2015-01-14 15:54 - 2010-09-17 18:42 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll 2015-01-14 15:54 - 2010-09-17 18:42 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll 2015-01-14 15:54 - 2010-09-17 18:42 - 00201280 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys 2015-01-14 15:54 - 2010-09-17 18:42 - 00079680 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys 2015-01-14 15:53 - 2015-01-14 15:54 - 01004639 _____ () C:\Users\julian\Downloads\Odin_3.10.0.zip 2015-01-14 15:53 - 2015-01-14 15:53 - 00000000 ____D () C:\ProgramData\Samsung 2015-01-14 15:53 - 2015-01-14 15:53 - 00000000 ____D () C:\Program Files\SAMSUNG 2015-01-14 15:52 - 2015-01-14 15:52 - 26551126 _____ () C:\Users\julian\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones.zip 2015-01-14 15:51 - 2015-01-14 15:50 - 973773246 _____ () C:\Users\julian\Desktop\I9300XXUGNG3-DBT.zip 2015-01-14 15:34 - 2015-01-14 15:50 - 973773246 _____ () C:\Users\julian\Downloads\I9300XXUGNG3-DBT.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-12 17:47 - 2014-12-04 20:48 - 00016152 _____ () C:\Windows\system32\Drivers\SWDUMon.sys 2015-02-12 17:47 - 2014-12-04 20:48 - 00002840 _____ () C:\Windows\System32\Tasks\SlimDrivers Startup 2015-02-12 17:47 - 2014-12-04 20:48 - 00000412 _____ () C:\Windows\Tasks\SlimDrivers Startup.job 2015-02-12 17:47 - 2014-12-04 20:46 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-12 17:47 - 2014-12-04 20:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-12 17:11 - 2014-12-04 20:46 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-12 16:45 - 2010-06-06 23:36 - 00161979 _____ () C:\Windows\WindowsUpdate.log 2015-02-12 16:43 - 2014-12-04 20:54 - 00000000 ____D () C:\Users\test 2015-02-12 16:29 - 2014-08-10 11:35 - 00000000 ____D () C:\Users\test\Desktop\xRAT 2.0 RELEASE3 2015-02-12 16:05 - 2014-12-04 20:55 - 00000000 ____D () C:\Users\test\AppData\Local\VirtualStore 2015-02-12 16:03 - 2009-10-24 17:10 - 00729292 _____ () C:\Windows\system32\perfh010.dat 2015-02-12 16:03 - 2009-10-24 17:10 - 00145174 _____ () C:\Windows\system32\perfc010.dat 2015-02-12 16:03 - 2009-10-24 17:01 - 00734756 _____ () C:\Windows\system32\perfh00C.dat 2015-02-12 16:03 - 2009-10-24 17:01 - 00147678 _____ () C:\Windows\system32\perfc00C.dat 2015-02-12 16:03 - 2009-10-24 16:51 - 00696370 _____ () C:\Windows\system32\perfh007.dat 2015-02-12 16:03 - 2009-10-24 16:51 - 00147634 _____ () C:\Windows\system32\perfc007.dat 2015-02-12 16:03 - 2009-07-14 06:13 - 03367664 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-12 15:21 - 2009-07-14 05:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-12 15:21 - 2009-07-14 05:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-12 10:21 - 2014-12-04 20:54 - 00002136 _____ () C:\Windows\PFRO.log 2015-02-11 19:46 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\addins 2015-02-11 19:46 - 2009-07-14 05:45 - 00293320 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-10 21:19 - 2014-12-04 20:47 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-10 20:56 - 2014-12-04 20:45 - 00063568 _____ () C:\Users\julian\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-10 20:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-01-30 21:46 - 2006-06-27 06:10 - 00000000 _RSHD () C:\Users\test\AppData\Roaming\install 2015-01-28 19:54 - 2014-12-04 20:55 - 00000000 ____D () C:\Users\test\AppData\Local\Google 2015-01-23 20:05 - 2014-12-04 20:46 - 00000000 ____D () C:\Users\julian\AppData\Local\Google 2015-01-23 20:05 - 2014-12-04 20:46 - 00000000 ____D () C:\Program Files (x86)\Google 2015-01-23 17:00 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD ==================== Files in the root of some directories ======= 2015-02-10 21:04 - 2015-02-10 21:04 - 0000236 _____ () C:\Users\julian\AppData\Local\LaunchHomeCenter.log Some content of TEMP: ==================== C:\Users\julian\AppData\Local\Temp\bdfilters.dll C:\Users\julian\AppData\Local\Temp\MyRouter.exe C:\Users\julian\AppData\Local\Temp\utt1B76.tmp.exe C:\Users\julian\AppData\Local\Temp\utt2306.tmp.exe C:\Users\julian\AppData\Local\Temp\{C66E3193-C0FA-4704-9CA5-FF685E1A7846}.exe C:\Users\test\AppData\Local\Temp\USkinDLL.dll C:\Users\test\AppData\Local\Temp\Virus Maker V 4.0 Beta.exe.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-29 19:30 ==================== End Of Log ============================ Code:
ATTFilter Users shortcut scan result (x64) Version: 11-02-2015 02 Ran by julian at 2015-02-12 17:48:56 Running from C:\Users\julian\Desktop Boot Mode: Normal ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AB0000000001}\SC_Reader.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router\Virtual Router Manager.lnk -> C:\Windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_83B54E4F1B8BB4A43AE5AB.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows\Utilities\Add a new TAP virtual ethernet adapter.lnk -> C:\Program Files\TAP-Windows\bin\addtap.bat () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows\Utilities\Delete ALL TAP virtual ethernet adapters.lnk -> C:\Program Files\TAP-Windows\bin\deltapall.bat () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers.lnk -> C:\Windows\Installer\{A5457401-D56A-43F2-9524-78E54A7FC07A}\Icon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker\Resource Hacker.lnk -> C:\Program Files (x86)\Resource Hacker\ResHacker.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\PE Viewer.lnk -> C:\Program Files\Process Hacker 2\peview.exe (wj32) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\Process Hacker 2.lnk -> C:\Program Files\Process Hacker 2\ProcessHacker.exe (wj32) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\Uninstall Process Hacker 2.lnk -> C:\Program Files\Process Hacker 2\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\Help and Support\Changelog.lnk -> C:\Program Files\Process Hacker 2\CHANGELOG.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects\ PrintProjects deinstallieren.lnk -> C:\Program Files (x86)\PrintProjects\uninst.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintProjects\PrintProjects.lnk -> C:\Program Files (x86)\PrintProjects\PhotoProduct.exe (Visan / RocketLife) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\PeerBlock.lnk -> C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Uninstall PeerBlock.lnk -> C:\Program Files\PeerBlock\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\ReadMe.lnk -> C:\Program Files\PeerBlock\readme.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\OpenVPN GUI.lnk -> C:\Program Files\OpenVPN\bin\openvpn-gui.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Uninstall OpenVPN.lnk -> C:\Program Files\OpenVPN\Uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Shortcuts\OpenVPN configuration file directory.lnk -> C:\Program Files\OpenVPN\config () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Shortcuts\OpenVPN log file directory.lnk -> C:\Program Files\OpenVPN\log () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Shortcuts\OpenVPN Sample Configuration Files.lnk -> C:\Program Files\OpenVPN\sample-config () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN Manual Page.lnk -> C:\Program Files\OpenVPN\doc\openvpn.8.html () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN Windows Notes.lnk -> C:\Program Files\OpenVPN\doc\INSTALL-win32.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Base.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sbase.exe (Apache Software Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Calc.lnk -> C:\Program Files (x86)\OpenOffice 4\program\scalc.exe (Apache Software Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Draw.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe (Apache Software Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Impress.lnk -> C:\Program Files (x86)\OpenOffice 4\program\simpress.exe (Apache Software Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Math.lnk -> C:\Program Files (x86)\OpenOffice 4\program\smath.exe (Apache Software Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice Writer.lnk -> C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1\OpenOffice.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyRouter\MyRouter.lnk -> C:\Program Files (x86)\MyRouter\MyRouter.exe (MyRouter Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyRouter\Uninstall.lnk -> C:\Program Files (x86)\MyRouter\uninst.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyRouter\Website.lnk -> C:\Program Files (x86)\MyRouter\MyRouter.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\KODAK AiO Home Center.lnk -> C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\KODAK AiO*Drucker-Tools.lnk -> C:\Program Files (x86)\Kodak\AiO\Center\AiOPrinterTools.exe (Eastman Kodak Company) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\Kodak Druckereinrichtungs-Dienstprogramm.lnk -> C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe (Eastman Kodak Company) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule\eMule.lnk -> C:\Program Files (x86)\eMule\emule.exe (http://www.emule-project.net) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule\LinkCreator.lnk -> C:\Program Files (x86)\eMule\LinkCreator.exe (eMule-Project.net) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule\Uninstall eMule.lnk -> C:\Program Files (x86)\eMule\Uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam\Bandicam.lnk -> C:\Program Files (x86)\Bandicam\bdcam.exe (www.Bandisoft.com) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam\BandiFix.lnk -> C:\Program Files (x86)\Bandicam\bdfix.exe (Bandisoft.com) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam\Uninstall.lnk -> C:\Program Files (x86)\Bandicam\uninstall.exe (Bandisoft) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\julian\Links\Desktop.lnk -> C:\Users\julian\Desktop () Shortcut: C:\Users\julian\Links\Downloads.lnk -> C:\Users\julian\Downloads () Shortcut: C:\Users\julian\Desktop\Bandicam.lnk -> C:\Program Files (x86)\Bandicam\bdcam.exe (www.Bandisoft.com) Shortcut: C:\Users\julian\Desktop\MyRouter.lnk -> C:\Program Files (x86)\MyRouter\MyRouter.exe (MyRouter Inc.) Shortcut: C:\Users\julian\Desktop\PeerBlock.lnk -> C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC) Shortcut: C:\Users\julian\Desktop\Process Hacker 2.lnk -> C:\Program Files\Process Hacker 2\ProcessHacker.exe (wj32) Shortcut: C:\Users\julian\Desktop\µTorrent.lnk -> C:\Users\test\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -> C:\Users\test\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files\WinRAR\Rar.txt () Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.chm () Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt () Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal) Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\DUC.lnk -> C:\Program Files (x86)\No-IP\DUC40.exe () Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\License.lnk -> C:\Program Files (x86)\No-IP\License.txt () Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\Uninstall.lnk -> C:\Program Files (x86)\No-IP\Uninstall.exe () Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk -> C:\Program Files (x86)\Bandicam\bdcam.exe (www.Bandisoft.com) Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> C:\Users\test\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Desktop\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) Shortcut: C:\Users\Public\Desktop\eMule.lnk -> C:\Program Files (x86)\eMule\emule.exe (http://www.emule-project.net) Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Public\Desktop\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) Shortcut: C:\Users\Public\Desktop\KODAK AiO Home Center.lnk -> C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) Shortcut: C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk -> C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) Shortcut: C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation) Shortcut: C:\Users\Public\Desktop\OpenVPN GUI.lnk -> C:\Program Files\OpenVPN\bin\openvpn-gui.exe () Shortcut: C:\Users\Public\Desktop\PrintProjects.lnk -> C:\Program Files (x86)\PrintProjects\PhotoProduct.exe (Visan / RocketLife) Shortcut: C:\Users\Public\Desktop\SlimDrivers.lnk -> C:\Windows\Installer\{A5457401-D56A-43F2-9524-78E54A7FC07A}\Icon.exe () Shortcut: C:\Users\test\Links\Desktop.lnk -> C:\Users\julian\Desktop () Shortcut: C:\Users\test\Links\Downloads.lnk -> C:\Users\julian\Downloads () Shortcut: C:\Users\test\Desktop\Bandicam.lnk -> C:\Program Files (x86)\Bandicam\bdcam.exe (www.Bandisoft.com) Shortcut: C:\Users\test\Desktop\MyRouter.lnk -> C:\Program Files (x86)\MyRouter\MyRouter.exe (MyRouter Inc.) Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk -> C:\Program Files (x86)\Bandicam\bdcam.exe (www.Bandisoft.com) Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Resource Hacker.lnk -> C:\Program Files (x86)\Resource Hacker\ResHacker.exe () ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers\SlimDrivers Help.lnk -> C:\Windows\Installer\{A5457401-D56A-43F2-9524-78E54A7FC07A}\Icon.exe () -> -help ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Utilities\Generate a static OpenVPN key.lnk -> C:\Program Files\OpenVPN\bin\openvpn.exe (The OpenVPN Project) -> --pause-exit --verb 3 --genkey --secret "C:\Program Files\OpenVPN\config\key.txt" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\KODAK AiO*Statusmonitor.lnk -> C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) -> /open ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\KODAK All-in-One Software deinstallieren.lnk -> C:\ProgramData\Kodak\Installer\Setup.exe (Eastman Kodak Company) -> /Web /x {E0F274B7-592B-4669-8FB8-8D9825A09858} CompanyName="Eastman Kodak Company" /code 1031 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth deinstallieren.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth im DirectX-Modus starten.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setDX ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth im OpenGL-Modus starten.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setOGL ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\julian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2\Help and Support\Process Hacker 2 on the Web.url -> hxxp://processhacker.sourceforge.net/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\Forums.url -> hxxp://forums.peerblock.com/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\Homepage.url -> hxxp://www.peerblock.com/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock\Help and Support\User Manual.url -> hxxp://www.peerblock.com/userguide InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN HOWTO.url -> hxxp://openvpn.net/howto.html InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN Support.url -> https://community.openvpn.net/openvpn/wiki/GettingHelp InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN Web Site.url -> hxxp://openvpn.net/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN\Documentation\OpenVPN Wiki.url -> https://community.openvpn.net/openvpn/wiki/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\Benutzerhandbuch.url -> hxxp://www.kodak.com/go/manuals?pq-locale=de_DE#aioprinters InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak\KODAK Mobile Solutions.url -> hxxp://www.kodak.com/go/mobileprinting InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule\eMule Home Page.url -> hxxp://www.emule-project.net InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule\Online FAQ.url -> hxxp://www.emule-project.net/faq/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam\Home page.url -> hxxp://www.bandicam.com/ InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742 InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700 InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681 InternetURL: C:\Users\julian\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682 InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680 InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659 InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640 InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636 InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635 InternetURL: C:\Users\julian\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630 InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186 InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520 InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813 InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629 InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406 InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893 InternetURL: C:\Users\julian\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893 InternetURL: C:\Users\julian\Favorites\Links\Vorgeschlagene Sites.url -> https://ieonline.microsoft.com/#ieslice InternetURL: C:\Users\julian\Favorites\Links\Web Slice-Katalog.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315 InternetURL: C:\Users\test\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742 InternetURL: C:\Users\test\Favorites\Windows Live\Windows Live Ideas.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700 InternetURL: C:\Users\test\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681 InternetURL: C:\Users\test\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682 InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Auto.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72680 InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Fernsehen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72659 InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72640 InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Nachrichten.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72636 InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72635 InternetURL: C:\Users\test\Favorites\MSN-Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72630 InternetURL: C:\Users\test\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186 InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520 InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813 InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629 InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406 InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72893 InternetURL: C:\Users\test\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893 InternetURL: C:\Users\test\Favorites\Links\Vorgeschlagene Sites.url -> https://ieonline.microsoft.com/#ieslice InternetURL: C:\Users\test\Favorites\Links\Web Slice-Katalog.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315 ==================== End of log ============================= |
12.02.2015, 18:01 | #2 |
/// the machine /// TB-Ausbilder | merkwürdiger startup Eintrag hi,
__________________welchen meinst Du?
__________________ |
12.02.2015, 18:47 | #3 |
| merkwürdiger startup Eintrag den hier
__________________Code:
ATTFilter HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe MFG |
13.02.2015, 06:40 | #4 |
/// the machine /// TB-Ausbilder | merkwürdiger startup Eintrag
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.02.2015, 07:29 | #5 |
| merkwürdiger startup Eintrag Kannst du mir das vielleicht auf Deutsch erklären wo dieser Eintrag herkommt ? Habe nämlich nichts installiert! Jedoch wenn ich autoruns.exe öffne steht da immer file not found... MFG Geändert von ichbins2000 (13.02.2015 um 07:29 Uhr) Grund: Information vergessen |
13.02.2015, 17:26 | #6 |
/// the machine /// TB-Ausbilder | merkwürdiger startup Eintrag Der kommt von Windows selbst. Braucht man nur, wenn man zb CMF ausführen will und das gern in Chinesisch oder so sehen will Kannste in Ruhe lassen.
__________________ --> merkwürdiger startup Eintrag |
Themen zu merkwürdiger startup Eintrag |
.com, adware, askbar, browser, computer, cpu, defender, explorer, fehler, helper, iexplore.exe, installation, internet, kaspersky, log file, memory.dmp, netzwerk, performance, rundll, scan, security, services.exe, software, svchost.exe, tablet, usb, virus, windows |