Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.08.2014, 16:34   #1
koston
 
Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun? - Standard

Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun?



Hallo, seit Freitag bekomme ich auf einem meiner Konten jeden Tag hunderte von Mail-delivery-failed Mails.

Zunächst habe ich gedacht, dass mein E-Mail-Konto gehackt wurde. Ich hab dann alle erdenklichen Zugangsdaten geändert. Das Passwort der E-Mail, das Passwort vom Host-Account, das FTP-Passwort, das Wordpress-Passwort. Die Mails trudelten weiter ein.

Dann habe ich das gleichen von einem zweiten Rechner und von einem dritten Rechner aus gemacht, um einen Trojaner auszuschließen. Ich bekomme weiterhin Mail-Delivery-failed Mails.

Anschließend habe ich meinen Host (allinkl.de) kontaktiert. Die haben mich darauf hingewiesen, dass die Mail über ein PHP-Script verschickt werden.

Die Logfiles sehen so aus:

domain.de***82.146.39.74 - - [24/Aug/2014:17:01:31 +0200] "POST /blog/ HTTP/1.1" 200 9 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"
domain.de***82.146.39.74 - - [24/Aug/2014:17:01:55 +0200] "POST /blog/ HTTP/1.1" 200 9 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"
domain.de***188.120.254.23 - - [24/Aug/2014:17:03:33 +0200] "POST /blog/ HTTP/1.1" 200 9 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"

Ihre Theorie war, dass ich ein Plugin installiert habe, mit dem jemand Mails verschicken kann. Ich hab dann das Kontaktformular Plugin deaktiviert, mehr aus der Not heraus, weil ich nicht wusste, was es sein konnte. Hat sich auch nichts geändert.

Aber wie kann jemand Mails versenden, wenn er mein E-Mail-Passwort nicht hat? Ist das grundsätzlich möglich?

Ich hab keine Ahnung, was ich jetzt weiter machen kann und die Mail-Delivery-failed Mails trudeln die ganze Zeit ein.

Hat jemand einen Tipp für mich?

LG

koston

Alt 25.08.2014, 16:44   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun? - Standard

Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun?



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 25.08.2014, 19:41   #3
koston
 
Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun? - Standard

Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun?



Danke! Das sind die zwei Files


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-08-2014 03
Ran by koston (administrator) on DESKTOP-PC on 25-08-2014 20:31:13
Running from C:\Users\koston\Downloads
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
() C:\Users\koston\AppData\Roaming\Host System\host.exe
() C:\Program Files\LPT\srpts.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\LPT\srptsl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Fujitsu Technology Solutions) C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Smartbar) C:\Users\koston\AppData\Local\Smartbar\Application\Smartbar.exe
(Screencast-O-Matic) C:\Users\koston\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe
() C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
(Panasonic Corporation) C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Dropbox, Inc.) C:\Users\koston\AppData\Roaming\Dropbox\bin\Dropbox.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(FileZilla Project) C:\Program Files\FileZilla FTP Client\filezilla.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Users\koston\AppData\Local\Smartbar\Application\Lrcnta.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DeskUpdateNotifier] => C:\Program Files\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe [100120 2011-11-10] (Fujitsu Technology Solutions)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10803816 2011-08-01] (Realtek Semiconductor)
HKU\S-1-5-21-902692734-1978221504-640730890-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-902692734-1978221504-640730890-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\koston\AppData\Local\Smartbar\Application\Smartbar.exe [28952 2014-06-11] (Smartbar)
HKU\S-1-5-21-902692734-1978221504-640730890-1000\...\Run: [Screencast-O-Matic Tray] => C:\Users\koston\AppData\Local\Screencast-O-Matic\Screencast-O-Matic.exe [58480 2012-11-01] (Screencast-O-Matic)
HKU\S-1-5-21-902692734-1978221504-640730890-1000\...\Policies\Explorer: [DisallowRun] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 9.2 PE.lnk
ShortcutTarget: PHOTOfunSTUDIO 9.2 PE.lnk -> C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\Users\koston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\koston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\koston\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\koston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 1TortoiseNormal -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 2TortoiseModified -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 3TortoiseConflict -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 4TortoiseLocked -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 5TortoiseReadOnly -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 6TortoiseDeleted -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 7TortoiseAdded -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 8TortoiseIgnored -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: 9TortoiseUnversioned -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb2EAZtohS-xIxSmFZbSdwzg2YfDmVeNINcMYd3rVoi3SKpiSUFolkbqIbFP5EPMDO6PGy_eCUBOVvkWJmXgTA155OYlXApwlJvKQj8ASlPQFDzWxkrPtDAs0GEH70pcH2SGzkLhkHqb5X6hu0lNkw78nXPYuaRjQ,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x81937764BCB4CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb2EAZtohS-xIxSmFZbSdwzg2YfDmVeNINcMYd3rVoi3SKpiSUFolkbqIbFP5EPMDO6PGy_eCUBOVvkWJmXgTA155OYlXApwlJvKQj8ASlPQFDzWxkrPtDAs0GEH70pcH2SGzkLhkHqb5X6hu0lNkw78nXPYuaRjQ,,&q={searchTerms}
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb2EAZtohS-xIxSmFZbSdwzg2YfDmVeNINcMYd3rVoi3SKpiSUFolkbqIbFP5EPMDO6PGy_eCUBOVvkWJmXgTA155OYlXApwlJvKQj8ASlPQFDzWxkrPtDAs0GEH70pcH2SGzkLhkHqb5X6hu0lNkw78nXPYuaRjQ,,&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb2EAZtohS-xIxSmFZbSdwzg2YfDmVeNINcMYd3rVoi3SKpiSUFolkbqIbFP5EPMDO6PGy_eCUBOVvkWJmXgTA155OYlXApwlJvKQj8ASlPQFDzWxkrPtDAs0GEH70pcH2SGzkLhkHqb5X6hu0lNkw78nXPYuaRjQ,,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb2EAZtohS-xIxSmFZbSdwzg2YfDmVeNINcMYd3rVoi3SKpiSUFolkbqIbFP5EPMDO6PGy_eCUBOVvkWJmXgTA155OYlXApwlJvKQj8ASlPQFDzWxkrPtDAs0GEH70pcH2SGzkLhkHqb5X6hu0lNkw78nXPYuaRjQ,,&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=foxysecurity
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO: No Name -> {269D0B18-45D0-46D0-A644-2D60D928BC7F} -> C:\Users\koston\AppData\LocalLow\Internet Explorer BHO\bho.dll ()
BHO: Yahoo Community Smartbar (by Linkury)Engine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Yahoo Community Smartbar (by Linkury) - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\koston\AppData\Roaming\Mozilla\Firefox\Profiles\qdqhboku.default
FF SelectedSearchEngine: Google
FF Homepage: www.google.de
FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6QVFdlkuDDcdAb2EAZtohS-xIxSmFZbSdwzg2YfDmVeNINcMYd3rVoi3SKpiSUFolkbqIbFP5EPMDO6PGy_eCUBOVvkWJmXgTA155OYlXApwlJvKQj8ASlPQFDzWxkrPtDAs0GEH70pcH2SGzkLhkHqb5X6hu0lNkw78nXPYuaRjQ,,&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\koston\AppData\Roaming\Mozilla\Firefox\Profiles\qdqhboku.default\user.js
FF SearchPlugin: C:\Users\koston\AppData\Roaming\Mozilla\Firefox\Profiles\qdqhboku.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\koston\AppData\Roaming\Mozilla\Firefox\Profiles\qdqhboku.default\Extensions\amazon-icon@giga.de [2014-08-10]
FF Extension: Foxy Secure 7 - C:\Users\koston\AppData\Roaming\Mozilla\Firefox\Profiles\qdqhboku.default\Extensions\connect@foxy-sec.com [2014-08-10]
FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\koston\AppData\Roaming\Mozilla\Firefox\Profiles\qdqhboku.default\Extensions\sparpilot@sparpilot.com [2014-08-10]
FF Extension: No Name - C:\Users\koston\AppData\Roaming\Mozilla\Firefox\Profiles\qdqhboku.default\Extensions\staged [2014-08-10]
FF Extension: FireShot - C:\Users\koston\AppData\Roaming\Mozilla\Firefox\Profiles\qdqhboku.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-07-29]
FF Extension: Yahoo Community Smartbar - C:\Users\koston\AppData\Roaming\Mozilla\Firefox\Profiles\qdqhboku.default\Extensions\{91508509-3932-2bd8-5d37-1efc8ebe83bb} [2014-08-10]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Extension: (Google Docs) - C:\Users\koston\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-19]
CHR Extension: (Google Drive) - C:\Users\koston\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-19]
CHR Extension: (YouTube) - C:\Users\koston\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-19]
CHR Extension: (Amazon) - C:\Users\koston\AppData\Local\Google\Chrome\User Data\Default\Extensions\caeaobpemokdfnidgaebncaooofnbfha [2014-08-10]
CHR Extension: (Google-Suche) - C:\Users\koston\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-19]
CHR Extension: (Gmail offline) - C:\Users\koston\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-05-30]
CHR Extension: (Web Scraper) - C:\Users\koston\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnhgnonknehpejjnehehllkliplmbmhn [2014-05-30]
CHR Extension: (Scraper) - C:\Users\koston\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbigbapnjcgaffohmbkdlecaccepngjd [2014-05-30]
CHR Extension: (Google Wallet) - C:\Users\koston\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19]
CHR Extension: (Evernote Web Clipper) - C:\Users\koston\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-06-12]
CHR Extension: (Google Mail) - C:\Users\koston\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-19]
CHR Extension: (Majestic SEO Backlink Analyzer) - C:\Users\koston\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmjaflneibolacpepklokkjnakmikmg [2014-05-30]
CHR HKLM\...\Chrome\Extension: [caeaobpemokdfnidgaebncaooofnbfha] - C:\Users\koston\ChromeExtensions\caeaobpemokdfnidgaebncaooofnbfha\amazon-icon-fwde.crx [2014-08-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-02-05] (Adobe Systems) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1617072 2014-07-19] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [277616 2012-12-14] (Intel Corporation)
R2 HostService; C:\Users\koston\AppData\Roaming\Host System\host.exe [536576 2014-07-23] () [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LPTSystemUpdater; C:\Program Files\LPT\srpts.exe [33560 2014-06-11] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\RpcAgentSrv.exe [71832 2008-08-29] (SiSoftware) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [65896 2013-07-25] (FTDI Ltd.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [21272 2011-12-07] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [561432 2011-12-07] (Intel Corporation)
R0 iusb3hcs; C:\Windows\System32\drivers\iusb3hcs.sys [13592 2012-01-05] (Intel Corporation)
S3 iusb3hub; C:\Windows\system32\drivers\iusb3hub.sys [347928 2012-01-05] (Intel Corporation)
S3 iusb3xhc; C:\Windows\system32\drivers\iusb3xhc.sys [789272 2012-01-05] (Intel Corporation)
S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [44624 2010-11-02] (LSI Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [62336 2010-12-10] (Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [141440 2010-12-10] (Renesas Electronics Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45744 2011-10-04] (Rovi Corporation)
S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [231528 2011-07-28] (Realtek Semiconductor Corp.)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 tihub3; C:\Windows\system32\drivers\tihub3.sys [108352 2011-11-23] (Texas Instruments Incorporated)
S3 tixhci; C:\Windows\system32\drivers\tixhci.sys [324416 2011-11-23] (Texas Instruments Incorporated)
S3 EverestDriver; \??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 20:31 - 2014-08-25 20:31 - 00022431 _____ () C:\Users\koston\Downloads\FRST.txt
2014-08-25 20:31 - 2014-08-25 20:31 - 00000000 ____D () C:\FRST
2014-08-25 20:30 - 2014-08-25 20:30 - 01095168 _____ (Farbar) C:\Users\koston\Downloads\FRST.exe
2014-08-25 17:53 - 2014-08-25 17:53 - 00000000 ____D () C:\Users\koston\Desktop\deva
2014-08-25 17:52 - 2014-08-25 17:52 - 06052529 _____ (Tim Kosse) C:\Users\koston\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-17 22:09 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-17 22:09 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-17 22:09 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-17 22:09 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-17 19:11 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-17 19:11 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-17 19:11 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-17 19:11 - 2014-07-25 15:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-17 19:11 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-17 19:11 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-17 19:11 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-17 19:11 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-17 19:11 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-17 19:11 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-17 19:11 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-17 19:11 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-17 19:11 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-17 19:11 - 2014-07-25 14:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-17 19:11 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-17 19:11 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-17 19:11 - 2014-07-25 13:59 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-17 19:11 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-17 19:11 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-17 19:11 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-17 19:11 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-17 19:11 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-17 19:11 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-17 19:11 - 2014-07-25 13:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-17 19:11 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-17 19:11 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-17 19:11 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-17 19:11 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-17 19:11 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-17 19:11 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-17 19:11 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-17 19:11 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-17 19:11 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-17 19:11 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-17 19:10 - 2014-08-07 03:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-17 19:10 - 2014-08-07 03:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-17 19:10 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-17 19:10 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-17 19:10 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-17 19:10 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-17 19:10 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-17 19:10 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-10 21:24 - 2014-08-10 21:25 - 00000000 ____D () C:\Program Files\LPT
2014-08-10 21:24 - 2014-08-10 21:24 - 00002410 _____ () C:\Users\koston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-10 21:24 - 2014-08-10 21:24 - 00000000 ____D () C:\Users\koston\AppData\Local\Tempee9dfdded7a85f3fb81660aec3a49200
2014-08-10 21:24 - 2014-08-10 21:24 - 00000000 ____D () C:\Users\koston\AppData\Local\Temp9a841690b128ae149ad858dbdc3df8e2
2014-08-10 21:24 - 2014-08-10 21:24 - 00000000 ____D () C:\Users\koston\AppData\Local\Smartbar
2014-08-10 21:24 - 2014-08-10 21:24 - 00000000 ____D () C:\Users\koston\AppData\Local\LPT
2014-08-10 21:23 - 2014-08-10 21:23 - 00000000 __SHD () C:\Users\koston\AppData\Local\EmieUserList
2014-08-10 21:23 - 2014-08-10 21:23 - 00000000 __SHD () C:\Users\koston\AppData\Local\EmieSiteList
2014-08-10 21:23 - 2014-08-10 21:23 - 00000000 ____D () C:\Users\koston\ChromeExtensions
2014-08-10 21:23 - 2014-08-10 21:23 - 00000000 ____D () C:\Users\koston\AppData\Roaming\OpenCandy
2014-08-10 21:23 - 2014-08-10 21:23 - 00000000 ____D () C:\Users\koston\AppData\Roaming\Host System
2014-08-10 21:23 - 2014-08-10 21:23 - 00000000 ____D () C:\Users\koston\AppData\Local\Temp0c6427e6185a27d722316974b263c02d
2014-08-10 21:23 - 2014-08-10 21:23 - 00000000 _____ () C:\END
2014-08-10 21:22 - 2014-08-10 21:23 - 00000000 ____D () C:\Users\koston\AppData\Roaming\Security Systems
2014-08-10 21:22 - 2014-08-10 21:22 - 01040592 _____ () C:\Users\koston\Downloads\Windows-Product-Key-Finder-lnstall.exe
2014-08-10 21:19 - 2014-08-10 21:19 - 00762512 _____ ( ) C:\Users\koston\Downloads\office_keyfinder.exe
2014-08-10 20:33 - 2014-08-10 20:33 - 00009604 _____ () C:\Users\koston\Downloads\Get-ProductKey.ps1
2014-08-10 20:25 - 2014-08-10 20:25 - 00002038 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-08-10 20:25 - 2014-08-10 20:25 - 00002026 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-08-10 20:25 - 2014-08-10 20:25 - 00000000 ____D () C:\Program Files\Belarc
2014-08-10 20:24 - 2014-08-10 20:24 - 03357376 _____ () C:\Users\koston\Downloads\advisorinstaller.exe
2014-08-10 18:33 - 2014-08-10 18:33 - 01380907 _____ () C:\Users\koston\Downloads\licensecrawler_1.42.692.zip
2014-08-10 18:33 - 2014-08-10 18:33 - 00000000 ____D () C:\Users\koston\Downloads\licensecrawler_1.42.692
2014-08-10 18:32 - 2014-08-10 18:32 - 01101648 _____ () C:\Users\koston\Downloads\LicenseCrawler - CHIP-Installer.exe
2014-08-10 18:30 - 2014-08-10 18:31 - 00000000 ____D () C:\Users\koston\Downloads\produkey-1.66
2014-08-10 18:29 - 2014-08-10 18:29 - 00056750 _____ () C:\Users\koston\Downloads\produkey-1.66.zip
2014-08-08 10:57 - 2014-08-08 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-08-08 09:36 - 2014-08-08 09:36 - 06004615 _____ (Tim Kosse) C:\Users\koston\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-06 10:56 - 2014-08-08 12:16 - 00000000 ____D () C:\Users\koston\Desktop\Jan
2014-08-05 19:07 - 2014-08-05 19:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-08-05 19:07 - 2014-08-05 19:07 - 00000000 ____D () C:\Users\koston\AppData\Local\CANON_INC
2014-08-05 18:53 - 2014-08-05 18:53 - 00001055 _____ () C:\Users\Public\Desktop\Map Utility.lnk
2014-08-05 18:45 - 2014-08-05 18:45 - 00000000 ____D () C:\Users\koston\AppData\Roaming\Canon_Inc_IC
2014-08-05 18:42 - 2014-08-06 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-05 18:41 - 2014-08-06 11:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-05 18:37 - 2014-08-05 18:37 - 00001115 _____ () C:\Users\Public\Desktop\Picture Style Editor.lnk
2014-08-05 18:37 - 2014-08-05 18:37 - 00001110 _____ () C:\Users\Public\Desktop\ImageBrowser EX.lnk
2014-08-05 18:36 - 2014-08-05 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-08-05 18:36 - 2014-08-05 18:54 - 00000000 ____D () C:\Program Files\Canon
2014-08-05 18:36 - 2014-08-05 18:36 - 00001062 _____ () C:\Users\Public\Desktop\Digital Photo Professional.lnk
2014-08-05 18:36 - 2014-08-05 18:36 - 00000997 _____ () C:\Users\Public\Desktop\EOS Utility.lnk
2014-08-05 18:36 - 2014-08-05 18:36 - 00000000 ____D () C:\Program Files\Common Files\Canon_Inc_IC
2014-08-05 18:35 - 2014-08-05 19:08 - 00000000 ____D () C:\Users\koston\AppData\Roaming\canon
2014-08-05 18:35 - 2014-08-05 18:35 - 00000000 ____D () C:\ProgramData\Canon_Inc_IC
2014-08-01 15:44 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 15:44 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 15:44 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-01 15:44 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-01 15:44 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-01 15:44 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 15:44 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 15:44 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 15:44 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-30 11:15 - 2014-07-30 11:15 - 00001280 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-07-30 11:15 - 2014-07-30 11:15 - 00001211 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-07-30 11:15 - 2014-07-30 11:15 - 00000020 _____ () C:\Windows\xú}
2014-07-30 11:15 - 2014-07-30 11:15 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-30 11:15 - 2014-07-30 11:15 - 00000000 ____D () C:\Windows\de
2014-07-30 11:14 - 2014-07-30 11:15 - 00000000 ____D () C:\Program Files\Windows Live
2014-07-30 11:12 - 2014-07-30 11:17 - 00000000 ____D () C:\Users\koston\AppData\Local\Windows Live
2014-07-30 11:11 - 2014-07-30 11:11 - 01245384 _____ (Microsoft Corporation) C:\Users\koston\Downloads\wlsetup-web.exe
2014-07-30 11:11 - 2014-07-30 11:11 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
2014-07-30 10:34 - 2014-07-30 10:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 16:35 - 2014-08-25 17:50 - 00000000 ____D () C:\Users\koston\AppData\Local\Screencast-O-Matic
2014-07-29 16:35 - 2014-07-29 16:35 - 00000000 ____D () C:\Users\koston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screencast-O-Matic
2014-07-29 16:33 - 2014-07-29 16:35 - 28609640 _____ () C:\Users\koston\Downloads\InstallScreencastOMatic-v1.4.exe
2014-07-29 16:33 - 2014-07-29 16:34 - 01601080 _____ (iMesh Inc) C:\Users\koston\Downloads\iMeshSetup-r1893-w-bc.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 20:31 - 2014-08-25 20:31 - 00022431 _____ () C:\Users\koston\Downloads\FRST.txt
2014-08-25 20:31 - 2014-08-25 20:31 - 00000000 ____D () C:\FRST
2014-08-25 20:30 - 2014-08-25 20:30 - 01095168 _____ (Farbar) C:\Users\koston\Downloads\FRST.exe
2014-08-25 20:24 - 2013-09-19 00:14 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-25 19:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-08-25 18:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-25 18:03 - 2013-09-18 21:08 - 01623155 _____ () C:\Windows\WindowsUpdate.log
2014-08-25 17:59 - 2009-07-14 06:34 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-25 17:59 - 2009-07-14 06:34 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-25 17:54 - 2013-12-28 01:52 - 00000000 ____D () C:\Users\koston\AppData\Roaming\FileZilla
2014-08-25 17:53 - 2014-08-25 17:53 - 00000000 ____D () C:\Users\koston\Desktop\deva
2014-08-25 17:52 - 2014-08-25 17:52 - 06052529 _____ (Tim Kosse) C:\Users\koston\Downloads\FileZilla_3.9.0.3_win32-setup.exe
2014-08-25 17:52 - 2014-02-05 11:32 - 00000000 ___RD () C:\Users\koston\Dropbox
2014-08-25 17:52 - 2014-02-05 11:31 - 00000000 ____D () C:\Users\koston\AppData\Roaming\Dropbox
2014-08-25 17:50 - 2014-07-29 16:35 - 00000000 ____D () C:\Users\koston\AppData\Local\Screencast-O-Matic
2014-08-25 17:49 - 2014-01-31 15:51 - 00000000 ___RD () C:\Users\koston\Documents\googledrive
2014-08-25 17:49 - 2013-09-19 00:14 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-25 17:49 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-25 17:49 - 2009-07-14 06:39 - 00038746 _____ () C:\Windows\setupact.log
2014-08-19 22:12 - 2014-05-06 22:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-19 22:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-17 22:13 - 2013-09-19 00:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-17 22:10 - 2013-09-19 00:52 - 96303304 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-17 21:09 - 2013-09-19 00:15 - 00002081 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-17 19:26 - 2014-01-31 15:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-17 19:07 - 2014-02-05 11:32 - 00001037 _____ () C:\Users\koston\Desktop\Dropbox.lnk
2014-08-17 19:07 - 2014-02-05 11:31 - 00000000 ____D () C:\Users\koston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-17 19:01 - 2014-03-03 15:19 - 00000000 ____D () C:\Users\koston\AppData\Local\TSVNCache
2014-08-11 21:26 - 2013-11-23 14:03 - 00000000 ____D () C:\Users\koston\AppData\Roaming\PPCoin
2014-08-11 21:15 - 2013-12-23 11:08 - 00000000 ____D () C:\Users\koston\AppData\Roaming\DogeCoin
2014-08-11 11:22 - 2013-11-23 14:19 - 00000000 ____D () C:\Users\koston\AppData\Roaming\Infinitecoin
2014-08-11 11:22 - 2013-11-23 14:08 - 00000000 ____D () C:\Users\koston\AppData\Roaming\Feathercoin
2014-08-11 11:22 - 2013-11-19 02:02 - 00000000 ____D () C:\Users\koston\AppData\Roaming\Litecoin
2014-08-11 11:21 - 2013-11-23 14:25 - 00000000 ____D () C:\Users\koston\AppData\Roaming\Freicoin
2014-08-11 11:21 - 2013-11-23 14:22 - 00000000 ____D () C:\Users\koston\AppData\Roaming\Anoncoin
2014-08-10 22:59 - 2013-11-23 14:08 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-08-10 22:54 - 2013-11-23 14:12 - 00000000 ____D () C:\Users\koston\AppData\Roaming\Devcoin
2014-08-10 22:49 - 2010-11-20 23:48 - 00128892 _____ () C:\Windows\PFRO.log
2014-08-10 22:07 - 2010-11-20 23:01 - 01657428 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-10 21:25 - 2014-08-10 21:24 - 00000000 ____D () C:\Program Files\LPT
2014-08-10 21:24 - 2014-08-10 21:24 - 00002410 _____ () C:\Users\koston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-08-10 21:24 - 2014-08-10 21:24 - 00000000 ____D () C:\Users\koston\AppData\Local\Tempee9dfdded7a85f3fb81660aec3a49200
2014-08-10 21:24 - 2014-08-10 21:24 - 00000000 ____D () C:\Users\koston\AppData\Local\Temp9a841690b128ae149ad858dbdc3df8e2
2014-08-10 21:24 - 2014-08-10 21:24 - 00000000 ____D () C:\Users\koston\AppData\Local\Smartbar
2014-08-10 21:24 - 2014-08-10 21:24 - 00000000 ____D () C:\Users\koston\AppData\Local\LPT
2014-08-10 21:23 - 2014-08-10 21:23 - 00000000 __SHD () C:\Users\koston\AppData\Local\EmieUserList
2014-08-10 21:23 - 2014-08-10 21:23 - 00000000 __SHD () C:\Users\koston\AppData\Local\EmieSiteList
2014-08-10 21:23 - 2014-08-10 21:23 - 00000000 ____D () C:\Users\koston\ChromeExtensions
2014-08-10 21:23 - 2014-08-10 21:23 - 00000000 ____D () C:\Users\koston\AppData\Roaming\OpenCandy
2014-08-10 21:23 - 2014-08-10 21:23 - 00000000 ____D () C:\Users\koston\AppData\Roaming\Host System
2014-08-10 21:23 - 2014-08-10 21:23 - 00000000 ____D () C:\Users\koston\AppData\Local\Temp0c6427e6185a27d722316974b263c02d
2014-08-10 21:23 - 2014-08-10 21:23 - 00000000 _____ () C:\END
2014-08-10 21:23 - 2014-08-10 21:22 - 00000000 ____D () C:\Users\koston\AppData\Roaming\Security Systems
2014-08-10 21:23 - 2013-09-18 21:09 - 00000000 ____D () C:\Users\koston
2014-08-10 21:22 - 2014-08-10 21:22 - 01040592 _____ () C:\Users\koston\Downloads\Windows-Product-Key-Finder-lnstall.exe
2014-08-10 21:19 - 2014-08-10 21:19 - 00762512 _____ ( ) C:\Users\koston\Downloads\office_keyfinder.exe
2014-08-10 20:44 - 2014-02-16 15:13 - 00000000 ____D () C:\Users\koston\AppData\Local\Microsoft Help
2014-08-10 20:33 - 2014-08-10 20:33 - 00009604 _____ () C:\Users\koston\Downloads\Get-ProductKey.ps1
2014-08-10 20:25 - 2014-08-10 20:25 - 00002038 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-08-10 20:25 - 2014-08-10 20:25 - 00002026 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-08-10 20:25 - 2014-08-10 20:25 - 00000000 ____D () C:\Program Files\Belarc
2014-08-10 20:24 - 2014-08-10 20:24 - 03357376 _____ () C:\Users\koston\Downloads\advisorinstaller.exe
2014-08-10 20:18 - 2013-11-23 14:17 - 00000000 ____D () C:\Users\koston\AppData\Roaming\Terracoin
2014-08-10 19:05 - 2013-11-17 16:49 - 00000000 ____D () C:\Users\koston\AppData\Roaming\Bitcoin
2014-08-10 18:33 - 2014-08-10 18:33 - 01380907 _____ () C:\Users\koston\Downloads\licensecrawler_1.42.692.zip
2014-08-10 18:33 - 2014-08-10 18:33 - 00000000 ____D () C:\Users\koston\Downloads\licensecrawler_1.42.692
2014-08-10 18:32 - 2014-08-10 18:32 - 01101648 _____ () C:\Users\koston\Downloads\LicenseCrawler - CHIP-Installer.exe
2014-08-10 18:31 - 2014-08-10 18:30 - 00000000 ____D () C:\Users\koston\Downloads\produkey-1.66
2014-08-10 18:29 - 2014-08-10 18:29 - 00056750 _____ () C:\Users\koston\Downloads\produkey-1.66.zip
2014-08-08 12:16 - 2014-08-06 10:56 - 00000000 ____D () C:\Users\koston\Desktop\Jan
2014-08-08 10:57 - 2014-08-08 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2014-08-08 09:36 - 2014-08-08 09:36 - 06004615 _____ (Tim Kosse) C:\Users\koston\Downloads\FileZilla_3.9.0.2_win32-setup.exe
2014-08-08 09:36 - 2013-12-28 01:51 - 00001906 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-08-08 09:36 - 2013-12-28 01:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-08-08 09:36 - 2013-12-28 01:51 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-08-07 03:43 - 2014-08-17 19:10 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:39 - 2014-08-17 19:10 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 13:47 - 2013-12-10 15:29 - 00000000 ____D () C:\Program Files\HylaFAX-Client
2014-08-06 13:47 - 2013-12-10 15:19 - 00000000 ____D () C:\Users\koston\AppData\Roaming\HylaFAX-Client-Pro
2014-08-06 11:37 - 2014-08-05 18:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-06 11:36 - 2014-08-05 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-05 22:11 - 2013-11-21 23:03 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-05 19:15 - 2013-12-23 00:06 - 00000000 ____D () C:\Program Files\BOINC
2014-08-05 19:15 - 2013-12-10 15:23 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-08-05 19:08 - 2014-08-05 18:35 - 00000000 ____D () C:\Users\koston\AppData\Roaming\canon
2014-08-05 19:07 - 2014-08-05 19:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-08-05 19:07 - 2014-08-05 19:07 - 00000000 ____D () C:\Users\koston\AppData\Local\CANON_INC
2014-08-05 19:06 - 2013-11-26 13:49 - 00000000 ____D () C:\ProgramData\BOINC
2014-08-05 18:54 - 2014-08-05 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-08-05 18:54 - 2014-08-05 18:36 - 00000000 ____D () C:\Program Files\Canon
2014-08-05 18:53 - 2014-08-05 18:53 - 00001055 _____ () C:\Users\Public\Desktop\Map Utility.lnk
2014-08-05 18:45 - 2014-08-05 18:45 - 00000000 ____D () C:\Users\koston\AppData\Roaming\Canon_Inc_IC
2014-08-05 18:37 - 2014-08-05 18:37 - 00001115 _____ () C:\Users\Public\Desktop\Picture Style Editor.lnk
2014-08-05 18:37 - 2014-08-05 18:37 - 00001110 _____ () C:\Users\Public\Desktop\ImageBrowser EX.lnk
2014-08-05 18:36 - 2014-08-05 18:36 - 00001062 _____ () C:\Users\Public\Desktop\Digital Photo Professional.lnk
2014-08-05 18:36 - 2014-08-05 18:36 - 00000997 _____ () C:\Users\Public\Desktop\EOS Utility.lnk
2014-08-05 18:36 - 2014-08-05 18:36 - 00000000 ____D () C:\Program Files\Common Files\Canon_Inc_IC
2014-08-05 18:35 - 2014-08-05 18:35 - 00000000 ____D () C:\ProgramData\Canon_Inc_IC
2014-08-01 15:40 - 2013-09-19 00:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-01 01:16 - 2014-08-17 19:11 - 00307384 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-30 11:17 - 2014-07-30 11:12 - 00000000 ____D () C:\Users\koston\AppData\Local\Windows Live
2014-07-30 11:15 - 2014-07-30 11:15 - 00001280 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-07-30 11:15 - 2014-07-30 11:15 - 00001211 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-07-30 11:15 - 2014-07-30 11:15 - 00000020 _____ () C:\Windows\xú}
2014-07-30 11:15 - 2014-07-30 11:15 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-30 11:15 - 2014-07-30 11:15 - 00000000 ____D () C:\Windows\de
2014-07-30 11:15 - 2014-07-30 11:14 - 00000000 ____D () C:\Program Files\Windows Live
2014-07-30 11:15 - 2014-04-19 16:09 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-07-30 11:15 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-30 11:11 - 2014-07-30 11:11 - 01245384 _____ (Microsoft Corporation) C:\Users\koston\Downloads\wlsetup-web.exe
2014-07-30 11:11 - 2014-07-30 11:11 - 00000000 ____D () C:\Program Files\Common Files\Windows Live
2014-07-30 10:34 - 2014-07-30 10:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 16:35 - 2014-07-29 16:35 - 00000000 ____D () C:\Users\koston\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screencast-O-Matic
2014-07-29 16:35 - 2014-07-29 16:33 - 28609640 _____ () C:\Users\koston\Downloads\InstallScreencastOMatic-v1.4.exe
2014-07-29 16:34 - 2014-07-29 16:33 - 01601080 _____ (iMesh Inc) C:\Users\koston\Downloads\iMeshSetup-r1893-w-bc.exe
2014-07-29 16:25 - 2013-11-17 16:42 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-29 16:25 - 2013-11-17 16:42 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\koston\AppData\Local\Temp\amazonicon_fwde.exe
C:\Users\koston\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\koston\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\koston\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpayyp0x.dll
C:\Users\koston\AppData\Local\Temp\flashplayer10r12_36_winax.exe
C:\Users\koston\AppData\Local\Temp\ICReinstall_office_keyfinder.exe
C:\Users\koston\AppData\Local\Temp\nsdF1AC.exe
C:\Users\koston\AppData\Local\Temp\nsdF95B.exe
C:\Users\koston\AppData\Local\Temp\nsj345D.exe
C:\Users\koston\AppData\Local\Temp\nsnAAE5.exe
C:\Users\koston\AppData\Local\Temp\nstA1DF.exe
C:\Users\koston\AppData\Local\Temp\nstEB55.exe
C:\Users\koston\AppData\Local\Temp\nsyA691.exe
C:\Users\koston\AppData\Local\Temp\OfficeSetup.exe
C:\Users\koston\AppData\Local\Temp\ProductKeyFinder.exe
C:\Users\koston\AppData\Local\Temp\ProductKeyFinderSetup.exe
C:\Users\koston\AppData\Local\Temp\protegere6_ff_ie_fwde.exe
C:\Users\koston\AppData\Local\Temp\sdanircmdc.exe
C:\Users\koston\AppData\Local\Temp\sdapskill.exe
C:\Users\koston\AppData\Local\Temp\sdaspwn.exe
C:\Users\koston\AppData\Local\Temp\sp-downloader.exe
C:\Users\koston\AppData\Local\Temp\WDAutoUpdate.exe
C:\Users\koston\AppData\Local\Temp\_is5F3F.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 18:38

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:24-08-2014 03
Ran by koston at 2014-08-25 20:31:44
Running from C:\Users\koston\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Bridge 1.0 (Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (Version: 1.0.1 - Adobe Systems) Hidden
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Anoncoin (HKCU\...\Anoncoin) (Version: 0.7.5 - Anoncoin project)
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bitcoin (HKCU\...\Bitcoin) (Version: 0.8.5 - Bitcoin project)
Canon Utilities Digital Photo Professional (HKLM\...\Digital Photo Professional) (Version: 3.12.52.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.12.11.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM\...\ImageBrowser EX) (Version: 1.5.0.6 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.12.2.0 - Canon Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DeskUpdate 4.12 (HKLM\...\DeskUpdate_is1) (Version: 4.12.0088 - Fujitsu Technology Solutions)
Devcoin (HKCU\...\Devcoin) (Version: 0.3.25 - Devcoin project)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Evernote v. 5.5.3 (HKLM\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.)
Feathercoin 0.6.4.4-URI-Update (HKLM\...\Feathercoin) (Version: 0.6.4.4-URI-Update - Feathercoin)
FileZilla Client 3.9.0.2 (HKLM\...\FileZilla Client) (Version: 3.9.0.2 - Tim Kosse)
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxy Secure (HKLM\...\Foxy Secure) (Version: 6 - )
Freicoin (HKCU\...\Freicoin) (Version: 0.8.3-1 - Freicoin project)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Gridcoin 3.1beta (HKLM\...\{E1404F7A-A448-4D4E-947B-161DFF26E47F}) (Version: 1.6.0 - Gridcoin)
HylaFAX-Client-Professional (HKLM\...\hylafaxclient-pro_is1) (Version:  - SWT)
Intel(R) OpenCL CPU Runtime (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
KeePass Password Safe 1.27 (HKLM\...\KeePass Password Safe_is1) (Version: 1.27 - Dominik Reichl)
Litecoin (HKCU\...\Litecoin) (Version: 0.8.5.1 - Litecoin project)
LPT System Updater Service (Version: 1.0.0.0 - LPT) Hidden <==== ATTENTION
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4631.1004 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4631.1004 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PHOTOfunSTUDIO 9.2 PE (HKLM\...\{76EF0557-943F-4EFD-BB83-4324F204BCA0}) (Version: 9.02.715 - Panasonic Corporation)
PPCoin (HKCU\...\PPCoin) (Version: 0.3.0 - PPCoin project)
PSPad editor (HKLM\...\PSPad editor_is1) (Version: 4.5.7.2450 - Jan Fiala)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
SILKYPIX Developer Studio 3.1 SE (HKLM\...\InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}) (Version: 3 - Ichikawa Soft Laboratory)
SILKYPIX Developer Studio 3.1 SE (Version: 3 - Ichikawa Soft Laboratory) Hidden
SiSoftware Sandra Lite 2013.SP5 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 19.58.2013.9 - SiSoftware)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
TortoiseSVN 1.8.5.25224 (32 bit) (HKLM\...\{4B07E3B5-2F98-4EA0-89A3-73FD83148034}) (Version: 1.8.25224 - TortoiseSVN)
TrueCrypt (HKLM\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
WD Discovery Software (HKLM\...\{324F388E-4F28-42D6-ADD1-9AB27D249523}) (Version: 1.70 - Western Digital)
Windows Live Communications Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Yahoo Community Smartbar (HKLM\...\{3BC7022B-CDE0-4664-9AB6-E3EC25CE644A}) (Version: 11.63.66.17714 - Linkury Inc.) <==== ATTENTION
Yahoo Community Smartbar Engine (HKCU\...\{012b53af-a620-43fe-ac9c-7a9a56c56e0f}) (Version: 11.63.66.17714 - Linkury Inc.) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-902692734-1978221504-640730890-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\koston\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-902692734-1978221504-640730890-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\koston\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-902692734-1978221504-640730890-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\koston\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-902692734-1978221504-640730890-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\koston\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-902692734-1978221504-640730890-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\koston\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-902692734-1978221504-640730890-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\koston\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-902692734-1978221504-640730890-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\koston\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-902692734-1978221504-640730890-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\koston\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-902692734-1978221504-640730890-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\koston\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

08-08-2014 08:56:11 Installed Evernote v. 5.5.3
10-08-2014 16:35:38 Windows Update
17-08-2014 16:45:39 Geplanter Prüfpunkt
17-08-2014 17:05:33 Windows Update
17-08-2014 20:06:05 Windows Update
25-08-2014 16:01:05 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {103ABF36-BC41-4825-B69F-D891F7BF3C03} - System32\Tasks\Fujitsu\DeskUpdate => C:\Program Files\Fujitsu\DeskUpdate\ducmd.exe [2011-11-10] (Fujitsu Technology Solutions)
Task: {4DB24279-4B47-4459-9304-8A5B3FA4F34C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-06-10] (Microsoft Corporation)
Task: {5541645E-469D-45A5-AC78-CA2D3D08573A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.)
Task: {659ABE53-32D6-427E-AB81-A86BB00679BD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-20] (Microsoft Corporation)
Task: {93DEF751-9A02-4E2E-9F00-F8E923C2969B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-20] (Microsoft Corporation)
Task: {A63C2FF1-27D5-4D56-AE16-E193FCCD06C1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-PC-koston DESKTOP-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-03] (Microsoft Corporation)
Task: {B1B68653-8E10-4D85-B1DC-294E3775E657} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-25 17:22 - 2014-05-20 03:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2014-08-10 21:23 - 2014-07-23 14:16 - 00536576 _____ () C:\Users\koston\AppData\Roaming\Host System\host.exe
2014-08-10 21:23 - 2014-08-10 21:23 - 00374272 _____ () C:\Users\koston\AppData\Roaming\Host System\sub\default.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00033560 _____ () C:\Program Files\LPT\srpts.exe
2014-06-11 15:28 - 2014-06-11 15:28 - 00043288 _____ () C:\Program Files\LPT\srptc.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00018200 _____ () C:\Program Files\LPT\Smartbar.Common.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00035608 _____ () C:\Program Files\LPT\srptsl.exe
2014-06-11 15:29 - 2014-06-11 15:29 - 00060184 _____ () C:\Program Files\LPT\srut.dll
2014-02-18 21:32 - 2014-02-18 21:32 - 00065776 _____ () C:\Program Files\TortoiseSVN\bin\TortoiseStub32.dll
2014-02-18 21:32 - 2014-02-18 21:32 - 00071920 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll
2014-07-31 17:22 - 2014-07-31 17:22 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
2012-03-28 10:43 - 2012-03-28 10:43 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00045848 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00070936 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\srau.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00166680 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 02337048 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00067864 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\spbl.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00156952 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00015128 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\siem.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00066840 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\sppsm.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00697624 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00015640 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00079640 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00027928 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-06-11 15:29 - 2014-06-11 15:29 - 00060184 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\srut.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00030488 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\srsbs.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00066328 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00150296 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\smti.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00032024 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\srom.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00031512 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\smtu.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00040216 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\smta.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00024856 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\sgml.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00062744 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00046872 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\srbu.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00025368 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\srpdm.dll
2014-06-11 15:27 - 2014-06-11 15:27 - 00044312 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-06-11 15:27 - 2014-06-11 15:27 - 00025880 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00036120 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-06-11 15:28 - 2014-06-11 15:28 - 00256280 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\srns.dll
2014-07-29 16:37 - 2014-07-29 16:37 - 00053248 _____ () C:\Users\koston\AppData\Local\Screencast-O-Matic\SOMTrayNative-1.0.dll
2014-07-29 16:37 - 2014-07-29 16:37 - 00089600 _____ () C:\Users\koston\AppData\Local\Screencast-O-Matic\SOMNative-2.17.3.dll
2014-08-05 18:52 - 2014-04-08 09:13 - 00069120 _____ () C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
2014-08-05 18:52 - 2014-04-08 09:08 - 00112128 _____ () C:\Program Files\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2014-08-25 17:49 - 2014-08-25 17:49 - 00098816 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\win32api.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00110080 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\pywintypes27.dll
2014-08-25 17:49 - 2014-08-25 17:49 - 00364544 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\pythoncom27.dll
2014-08-25 17:49 - 2014-08-25 17:49 - 00045568 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\_socket.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 01160704 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\_ssl.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00320512 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\win32com.shell.shell.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00713216 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\_hashlib.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 01175040 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\wx._core_.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00805888 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\wx._gdi_.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00811008 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\wx._windows_.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 01062400 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\wx._controls_.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00735232 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\wx._misc_.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00128512 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\_elementtree.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00127488 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\pyexpat.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00557056 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\pysqlite2._sqlite.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00007168 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\hashobjs_ext.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00087552 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\_ctypes.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00119808 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\win32file.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00108544 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\win32security.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00018432 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\win32event.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00038912 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\win32inet.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00070656 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\wx._html2.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00167936 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\win32gui.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00011264 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\win32crypt.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00027136 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\_multiprocessing.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00686080 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\unicodedata.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00122368 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\wx._wizard.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00010240 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\select.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00024064 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\win32pipe.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00025600 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\win32pdh.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00525640 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\windows._lib_cacheinvalidation.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00035840 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\win32process.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00017408 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\win32profile.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00022528 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\win32ts.pyd
2014-08-25 17:49 - 2014-08-25 17:49 - 00078336 _____ () C:\Users\koston\AppData\Local\Temp\_MEI37242\wx._animate.pyd
2014-08-25 17:51 - 2014-08-25 17:51 - 00043008 _____ () c:\Users\koston\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpayyp0x.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\koston\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-25 16:22 - 2014-07-25 16:22 - 00436576 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll
2014-07-25 16:22 - 2014-07-25 16:22 - 00318304 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll
2014-08-17 21:09 - 2014-08-07 05:20 - 00718152 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-17 21:09 - 2014-08-07 05:20 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-17 21:09 - 2014-08-07 05:20 - 08537928 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-17 21:09 - 2014-08-07 05:20 - 00353096 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-17 21:09 - 2014-08-07 05:20 - 01732936 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-17 21:09 - 2014-08-07 05:20 - 14669128 _____ () C:\Program Files\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
2014-06-11 15:27 - 2014-06-11 15:27 - 00024344 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\Lrcnta.exe
2014-06-11 15:27 - 2014-06-11 15:27 - 00034072 _____ () C:\Users\koston\AppData\Local\Smartbar\Application\lrcnt.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2014 07:36:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (08/25/2014 05:51:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2014 05:51:03 PM) (Source: MsiInstaller) (EventID: 1024) (User: DESKTOP-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/25/2014 05:48:34 PM) (Source: MsiInstaller) (EventID: 1024) (User: DESKTOP-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/25/2014 05:46:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2014 10:16:58 PM) (Source: MsiInstaller) (EventID: 1024) (User: DESKTOP-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/19/2014 10:15:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2014 07:04:30 PM) (Source: MsiInstaller) (EventID: 1024) (User: DESKTOP-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (08/17/2014 07:02:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2014 06:53:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7
Name des fehlerhaften Moduls: bho.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x53ce4bea
Ausnahmecode: 0xc0000005
Fehleroffset: 0x046c91a0
ID des fehlerhaften Prozesses: 0xc08
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3


System errors:
=============
Error: (08/17/2014 10:06:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/17/2014 07:14:39 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 

	Aktualisierungsquelle: %NT-AUTORITÄT15

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (08/17/2014 07:14:24 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 

	Aktualisierungsquelle: %NT-AUTORITÄT15

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\NETZWERKDIENST

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (08/17/2014 07:02:42 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.179.2662.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (08/17/2014 07:02:40 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.179.2662.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (08/17/2014 07:02:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %DESKTOP-PC60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 111.38.0.0

	Aktualisierungsquelle: %DESKTOP-PC51

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %DESKTOP-PC602

	Aktualisierungstyp: %DESKTOP-PC604

	Benutzer: DESKTOP-PC\koston

	Aktuelle Modulversion: %DESKTOP-PC605

	Vorherige Modulversion: %DESKTOP-PC606

	Fehlercode: %DESKTOP-PC607

	Fehlerbeschreibung: %DESKTOP-PC608

Error: (08/17/2014 07:02:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %DESKTOP-PC60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.179.2662.0

	Aktualisierungsquelle: %DESKTOP-PC51

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %DESKTOP-PC602

	Aktualisierungstyp: %DESKTOP-PC604

	Benutzer: DESKTOP-PC\koston

	Aktuelle Modulversion: %DESKTOP-PC605

	Vorherige Modulversion: %DESKTOP-PC606

	Fehlercode: %DESKTOP-PC607

	Fehlerbeschreibung: %DESKTOP-PC608

Error: (08/17/2014 07:02:12 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %DESKTOP-PC60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.179.2662.0

	Aktualisierungsquelle: %DESKTOP-PC51

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %DESKTOP-PC602

	Aktualisierungstyp: %DESKTOP-PC604

	Benutzer: DESKTOP-PC\koston

	Aktuelle Modulversion: %DESKTOP-PC605

	Vorherige Modulversion: %DESKTOP-PC606

	Fehlercode: %DESKTOP-PC607

	Fehlerbeschreibung: %DESKTOP-PC608

Error: (08/17/2014 07:02:11 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 1.179.2662.0

	Aktualisierungsquelle: %NT-AUTORITÄT59

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %NT-AUTORITÄT602

	Aktualisierungstyp: %NT-AUTORITÄT604

	Benutzer: NT-AUTORITÄT\SYSTEM

	Aktuelle Modulversion: %NT-AUTORITÄT605

	Vorherige Modulversion: %NT-AUTORITÄT606

	Fehlercode: %NT-AUTORITÄT607

	Fehlerbeschreibung: %NT-AUTORITÄT608

Error: (08/17/2014 07:02:02 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Beim Aktualisieren der Signaturen wurde von %DESKTOP-PC60 ein Fehler festgestellt.

	Neue Signaturversion: 

	Vorherige Signaturversion: 111.38.0.0

	Aktualisierungsquelle: %DESKTOP-PC51

	Aktualisierungsphase: 4.5.0216.00

	Quellpfad: 4.5.0216.01

	Signaturtyp: %DESKTOP-PC602

	Aktualisierungstyp: %DESKTOP-PC604

	Benutzer: DESKTOP-PC\koston

	Aktuelle Modulversion: %DESKTOP-PC605

	Vorherige Modulversion: %DESKTOP-PC606

	Fehlercode: %DESKTOP-PC607

	Fehlerbeschreibung: %DESKTOP-PC608


Microsoft Office Sessions:
=========================
Error: (08/25/2014 07:36:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\sisoftware\sisoftware sandra lite 2013.sp5\wnt500x64\RpcSandraSrv.exe

Error: (08/25/2014 05:51:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/25/2014 05:51:03 PM) (Source: MsiInstaller) (EventID: 1024) (User: DESKTOP-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)

Error: (08/25/2014 05:48:34 PM) (Source: MsiInstaller) (EventID: 1024) (User: DESKTOP-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)

Error: (08/25/2014 05:46:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2014 10:16:58 PM) (Source: MsiInstaller) (EventID: 1024) (User: DESKTOP-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)

Error: (08/19/2014 10:15:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2014 07:04:30 PM) (Source: MsiInstaller) (EventID: 1024) (User: DESKTOP-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)

Error: (08/17/2014 07:02:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/17/2014 06:53:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d6727a7bho.dll_unloaded0.0.0.053ce4beac0000005046c91a0c0801cfba373c116dc7C:\Windows\Explorer.EXEbho.dll04719dfd-262f-11e4-95b3-e894f60201b2


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 59%
Total physical RAM: 2978.36 MB
Available physical RAM: 1200.82 MB
Total Pagefile: 5955.01 MB
Available Pagefile: 3985.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:180.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0832DE2D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
__________________

Alt 26.08.2014, 18:49   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun? - Standard

Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun?



Adware & Co. deinstallieren
  • Lade Dir bitte von hier Revo Uninstaller herunter.
  • Installiere und starte das Programm.
  • Suche im Uninstallerfeld nach den Programmen, die unter:

    diesen Zusatz haben:
  • Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.08.2014, 20:49   #5
koston
 
Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun? - Standard

Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun?



Hallo Schrauber, danke!

Ich hab den Rechner jetzt mal platt gemacht. Grundsätzlich lag das Problem wohl darin, dass mein Host gehackt wurde und ein PHP-Script die PHP Mailer Funktion zur Verschicken der E-Mails genutzt hat. Daraufhin habe ich dort auch alles platt gemacht und Wordpress neu installiert. Schauen wir mal, ob es hilft...


Alt 27.08.2014, 16:09   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun? - Standard

Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun?



ok
__________________
--> Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun?

Antwort

Themen zu Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun?
ahnung, deaktiviert, erhalte, formular, freitag, gehackt, hunderte, installier, installiert, konte, konten, logfiles, mails, nichts, not, passwort, plugin, rechner, troja, trojaner, verschicke, verschicken, verschickt, versenden, windows



Ähnliche Themen: Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun?


  1. Erhalte Mail Delivery Nachrichten von komischen Adressen
    Log-Analyse und Auswertung - 26.11.2015 (12)
  2. Über 100 nicht von mir gesendete Failed Delivery Mails am Tag
    Plagegeister aller Art und deren Bekämpfung - 02.08.2015 (24)
  3. Win7: Hunderte Mails kommen bei mir an. Mail delivery failed: returing message to sender
    Log-Analyse und Auswertung - 05.01.2015 (11)
  4. Hunderte Mails kommen bei mir an. Mail delivery failed: returning message to senderHa
    Log-Analyse und Auswertung - 07.09.2014 (3)
  5. mail delivery failed returning message - kann es sich um einen hack des Mailkontos handeln?
    Plagegeister aller Art und deren Bekämpfung - 18.07.2014 (5)
  6. E-Mail Programm blockiert - Mail delivery failed..
    Log-Analyse und Auswertung - 20.04.2014 (18)
  7. Windows 7 -- Mail delivery failed obwohl ich keine Mails verschicke
    Log-Analyse und Auswertung - 01.11.2013 (11)
  8. E-Mail-Problem bei WEB.DE (Mail delivery failed: returning message to sender - keineantwortadresse@web.de )
    Plagegeister aller Art und deren Bekämpfung - 12.10.2013 (11)
  9. Win XP: Schädlingsbefall? Hunderte Mail delivery failed-Mails erhalten
    Plagegeister aller Art und deren Bekämpfung - 27.08.2013 (13)
  10. Mail delivery failed, aber nur in Windows live mail
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (8)
  11. Spam Mails - Mail delivery failed obwohl ich keine E-Mails versendet habe
    Plagegeister aller Art und deren Bekämpfung - 16.06.2013 (11)
  12. Mail delivery failed: returning message to sender, obwohl keine mail versendet
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (0)
  13. Unendlich viele Mails mit Betreff 'Mail delivery failed:...' und im Subject My Dirty Hobby.de
    Plagegeister aller Art und deren Bekämpfung - 11.04.2013 (7)
  14. Mail delivery failed-SPAM Mails. E-Mail-Acc kompromittiert?
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (1)
  15. Web.de (Mail delivery failed)
    Plagegeister aller Art und deren Bekämpfung - 07.12.2012 (16)
  16. Noch ein Fall von "Mail delivery failed: returning message to sender"
    Plagegeister aller Art und deren Bekämpfung - 10.10.2012 (2)
  17. Verdacht auf Spam-Bot an meinem PC (Hunderte Mail Delivery System-Mails)
    Log-Analyse und Auswertung - 21.06.2011 (4)

Zum Thema Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun? - Hallo, seit Freitag bekomme ich auf einem meiner Konten jeden Tag hunderte von Mail-delivery-failed Mails. Zunächst habe ich gedacht, dass mein E-Mail-Konto gehackt wurde. Ich hab dann alle erdenklichen Zugangsdaten - Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun?...
Archiv
Du betrachtest: Erhalte hunderte Mail-Delivery-failed Mails - was kann ich noch tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.