Zurück   Trojaner-Board > Malware entfernen > Antiviren-, Firewall- und andere Schutzprogramme

Antiviren-, Firewall- und andere Schutzprogramme: E-Mail Account gehakt? mail delivery-Nachrichten

Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

Antwort
Alt 13.06.2013, 21:53   #1
baum89
 
E-Mail Account gehakt? mail delivery-Nachrichten - Standard

E-Mail Account gehakt? mail delivery-Nachrichten



Hallo,

so wie es aussieht wurde mein E-Mail Account gehakt. Seit gestern bekomme ich mail delivery-Nachrichten, sprich die Nachricht, dass E-Mails nicht versendet werden konnten. Ich habe allerdings keine E-Mails versendet. Es scheint also, dass jemand mein Account verwendet um E-Mails zu senden. Das schlimme ist, dass es sich dabei um "Inkasso-Firmen" handelt die Geldforderungen stellen. Zudem scheint ein Anhang dabei zu sein mit den "Bankdaten" (vermutlich virenverseuchter Anhang). Diese Sachen werden nun über meinen Account wahllos an Leute verschickt.

Was kann ich tun?

Passwort habe ich geändert. Wie kann ich sicherstellen, dass mein System sauber wird. Soll ich zudem aktiv werden und die Polizei anschaltet, nicht dass ich am Ende Probleme bekomme, da die Mails ja über meinen Account versendet werden (wurden).

Bitte um Anweisungen bzgl. Logs etc.

Vielen Dank im Voraus

Klemens N.


Edit: Habe leider den falschen Ordner erwischt. Bitte Thema verschieben! Sorry

Geändert von baum89 (13.06.2013 um 22:08 Uhr)

Alt 13.06.2013, 22:16   #2
baum89
 
E-Mail Account gehakt? mail delivery-Nachrichten - Standard

E-Mail Account gehakt? mail delivery-Nachrichten



Habe hier schonmal die OTL-Logs..Thema bitte verschieben (leider im falschen Ordner geöffnet)OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/13/2013 9:55:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Malin\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 31.94% Memory free
5.98 Gb Paging File | 3.35 Gb Available in Paging File | 56.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 24.66 Gb Free Space | 17.43% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 36.21 Gb Free Space | 25.59% Space Free | Partition Type: NTFS
Drive F: | 7.39 Gb Total Space | 6.41 Gb Free Space | 86.66% Space Free | Partition Type: FAT32
 
Computer Name: MALIN-PC | User Name: Malin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Malin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Malin\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Malin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Windows\System32\Rezip.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Malin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Resources.NetSeer.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\MACTrackBarLib.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.110\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.110\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Users\Malin\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Users\Malin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/?query={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=hp&installDate=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SMSN_deDE386DE386
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=hp"
FF - prefs.js..extensions.enabledAddons: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=ds&q="
FF - prefs.js..network.proxy.backup.ftp: "192.168.0.10"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "192.168.0.10"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "192.168.0.10"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "192.168.0.10"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "192.168.0.10"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.0.10"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "192.168.0.10"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Malin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
 
[2011/01/19 18:28:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Malin\AppData\Roaming\mozilla\Extensions
[2012/12/04 13:53:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Malin\AppData\Roaming\mozilla\Firefox\Profiles\6hy3dgi9.default\extensions
[2012/01/05 15:47:05 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Malin\AppData\Roaming\mozilla\Firefox\Profiles\6hy3dgi9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/05/13 19:40:42 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Malin\AppData\Roaming\mozilla\Firefox\Profiles\6hy3dgi9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/05/13 19:40:46 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Malin\AppData\Roaming\mozilla\Firefox\Profiles\6hy3dgi9.default\extensions\engine@plasmoo.com
[2012/12/04 13:53:28 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\Malin\AppData\Roaming\mozilla\Firefox\Profiles\6hy3dgi9.default\extensions\helperbar@helperbar.com
[2012/12/04 13:53:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Malin\AppData\Roaming\mozilla\Firefox\Profiles\6hy3dgi9.default\extensions\staged
[2011/08/17 18:59:45 | 000,025,939 | ---- | M] () (No name found) -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\extensions\ffxtlbr@Facemoods.com.xpi
[2012/02/02 20:50:06 | 000,000,950 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\icqplugin-1.xml
[2011/05/14 12:50:50 | 000,000,950 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\icqplugin-2.xml
[2011/06/27 17:41:22 | 000,000,950 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\icqplugin-3.xml
[2011/08/21 17:45:30 | 000,000,950 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\icqplugin-4.xml
[2011/09/01 19:17:20 | 000,000,950 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\icqplugin-5.xml
[2011/09/08 17:42:32 | 000,000,950 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\icqplugin-6.xml
[2011/10/09 13:26:18 | 000,000,950 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\icqplugin-7.xml
[2011/11/10 21:37:36 | 000,000,950 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\icqplugin-8.xml
[2011/05/08 18:27:51 | 000,001,056 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\icqplugin.xml
[2011/04/28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\plasmoo.xml
[2013/01/29 17:52:49 | 000,002,399 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\Web Search.xml
[2013/01/31 19:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/01/08 21:24:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/12/13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=hp&installDate=01/01/1970
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Malin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Malin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Snap.Do  = C:\Users\Malin\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: AdBlock = C:\Users\Malin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0\
CHR - Extension: Speed Dial 2 = C:\Users\Malin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.1.3_0\
 
O1 HOSTS File: ([2011/07/13 12:10:14 | 000,000,854 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Malin\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Malin\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_2BD2163C7093A13E363F07A8338CA236] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Malin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Malin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Malin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25E5EC99-7CB0-4BB6-8BCE-20C4774EC441}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50910199-5D2C-45B7-9042-E2358248BFEE}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{735B7AD5-6684-4B0E-8DAD-8E1C842465F6}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/13 21:54:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Malin\Desktop\OTL.exe
[2013/06/04 17:17:48 | 000,000,000 | R--D | C] -- C:\Users\Malin\Dropbox
[2013/06/02 20:07:31 | 000,000,000 | ---D | C] -- C:\Users\Malin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013/06/02 20:06:31 | 000,000,000 | ---D | C] -- C:\Users\Malin\AppData\Roaming\Dropbox
[2013/05/16 17:18:58 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/05/16 17:18:57 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/05/16 17:18:55 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/05/16 17:18:55 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/05/16 17:18:55 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/05/16 17:18:54 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/05/16 17:18:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/05/16 17:18:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/05/16 17:18:54 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/05/16 17:18:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/05/16 08:18:24 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wwanprotdim.dll
[2013/05/16 08:18:23 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2013/05/16 08:18:22 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\dxgmms1.sys
[2013/05/16 08:17:49 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\authui.dll
[2013/05/16 08:17:49 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
[2010/11/11 19:37:33 | 075,019,048 | ---- | C] (Apple Inc.) -- C:\Users\Malin\iTunesSetup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/13 21:54:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Malin\Desktop\OTL.exe
[2013/06/13 21:44:02 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/06/13 21:13:03 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/13 21:09:04 | 000,001,138 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2339853823-2107313754-116825072-1001UA.job
[2013/06/13 21:09:04 | 000,001,116 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2339853823-2107313754-116825072-1001Core.job
[2013/06/13 20:53:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/06/13 20:13:00 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/13 12:47:48 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/06/13 12:47:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/06/13 10:52:51 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/13 10:52:51 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/13 10:45:02 | 3209,216,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/10 16:59:05 | 000,654,400 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/06/10 16:59:05 | 000,616,242 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/06/10 16:59:05 | 000,130,240 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/06/10 16:59:05 | 000,106,622 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/06/07 15:16:20 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/05 19:45:17 | 000,002,285 | ---- | M] () -- C:\Users\Malin\Desktop\Search.lnk
[2013/06/04 17:17:48 | 000,001,039 | ---- | M] () -- C:\Users\Malin\Desktop\Dropbox.lnk
[2013/06/02 20:07:43 | 000,001,049 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/05/17 22:34:50 | 000,017,790 | ---- | M] () -- C:\Users\Malin\Desktop\lah2007051041.jpg
[2013/05/17 16:13:42 | 001,701,977 | ---- | M] () -- C:\Users\Malin\Desktop\LH_WEBCKI.DE.STANDALONE.4tAaNuTDoIYo6PLSk2APF2.pdf
[2013/05/16 22:18:48 | 003,810,344 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013/06/05 19:45:17 | 000,002,383 | ---- | C] () -- C:\Users\Malin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013/06/05 19:45:17 | 000,002,285 | ---- | C] () -- C:\Users\Malin\Desktop\Search.lnk
[2013/06/04 17:17:48 | 000,001,039 | ---- | C] () -- C:\Users\Malin\Desktop\Dropbox.lnk
[2013/06/02 20:07:43 | 000,001,049 | ---- | C] () -- C:\Users\Malin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/05/17 22:34:50 | 000,017,790 | ---- | C] () -- C:\Users\Malin\Desktop\lah2007051041.jpg
[2013/05/17 16:13:09 | 001,701,977 | ---- | C] () -- C:\Users\Malin\Desktop\LH_WEBCKI.DE.STANDALONE.4tAaNuTDoIYo6PLSk2APF2.pdf
[2012/09/07 15:32:31 | 000,000,112 | ---- | C] () -- C:\ProgramData\G21837FyG.dat
[2012/09/07 15:32:17 | 000,000,001 | ---- | C] () -- C:\ProgramData\15KfV5b3.exe_.b
[2012/09/07 15:32:17 | 000,000,001 | ---- | C] () -- C:\ProgramData\15KfV5b3.exe.b
[2012/08/26 13:08:45 | 000,001,411 | ---- | C] () -- C:\Users\Malin\AppData\Roaming\fotobuch.xml
[2012/08/26 13:05:46 | 000,302,688 | ---- | C] () -- C:\Users\Malin\AppData\Roaming\fotobuch-tcache.xml
[2012/08/26 13:05:45 | 000,034,712 | ---- | C] () -- C:\Users\Malin\AppData\Roaming\fotobuch-cache7.xml
[2012/03/17 17:41:14 | 000,000,278 | ---- | C] () -- C:\Users\Malin\AppData\Roaming\wklnhst.dat
[2012/01/31 19:15:44 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2012/01/31 19:15:42 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
[2012/01/31 19:15:42 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
[2012/01/31 19:15:42 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
[2012/01/31 19:15:42 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
[2011/06/18 15:48:38 | 000,001,606 | ---- | C] () -- C:\Users\Malin\.recently-used.xbel
[2011/06/16 18:08:30 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll
[2011/06/16 18:08:30 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys
[2011/01/31 16:50:41 | 000,006,144 | ---- | C] () -- C:\Users\Malin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/13 17:47:22 | 000,467,935 | ---- | C] () -- C:\Users\Malin\AppData\Roaming\mdbu.bin
[2010/08/13 17:18:56 | 000,272,896 | ---- | C] () -- C:\Users\Malin\Howtohaveagoodday.pps
[2010/07/03 22:46:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/03 20:54:30 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/13/2013 9:55:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Malin\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 31.94% Memory free
5.98 Gb Paging File | 3.35 Gb Available in Paging File | 56.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.49 Gb Total Space | 24.66 Gb Free Space | 17.43% Space Free | Partition Type: NTFS
Drive D: | 141.50 Gb Total Space | 36.21 Gb Free Space | 25.59% Space Free | Partition Type: NTFS
Drive F: | 7.39 Gb Total Space | 6.41 Gb Free Space | 86.66% Space Free | Partition Type: FAT32
 
Computer Name: MALIN-PC | User Name: Malin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Malin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Malin\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Malin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Windows\System32\Rezip.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Malin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Resources.NetSeer.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\MACTrackBarLib.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.dll ()
MOD - C:\Users\Malin\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.110\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.110\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Users\Malin\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Users\Malin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/?query={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=hp&installDate=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SMSN_deDE386DE386
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=hp"
FF - prefs.js..extensions.enabledAddons: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=ds&q="
FF - prefs.js..network.proxy.backup.ftp: "192.168.0.10"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "192.168.0.10"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "192.168.0.10"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "192.168.0.10"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "192.168.0.10"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "192.168.0.10"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "192.168.0.10"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Malin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
 
[2011/01/19 18:28:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Malin\AppData\Roaming\mozilla\Extensions
[2012/12/04 13:53:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Malin\AppData\Roaming\mozilla\Firefox\Profiles\6hy3dgi9.default\extensions
[2012/01/05 15:47:05 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Malin\AppData\Roaming\mozilla\Firefox\Profiles\6hy3dgi9.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011/05/13 19:40:42 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Malin\AppData\Roaming\mozilla\Firefox\Profiles\6hy3dgi9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/05/13 19:40:46 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Malin\AppData\Roaming\mozilla\Firefox\Profiles\6hy3dgi9.default\extensions\engine@plasmoo.com
[2012/12/04 13:53:28 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\Malin\AppData\Roaming\mozilla\Firefox\Profiles\6hy3dgi9.default\extensions\helperbar@helperbar.com
[2012/12/04 13:53:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Malin\AppData\Roaming\mozilla\Firefox\Profiles\6hy3dgi9.default\extensions\staged
[2011/08/17 18:59:45 | 000,025,939 | ---- | M] () (No name found) -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\extensions\ffxtlbr@Facemoods.com.xpi
[2012/02/02 20:50:06 | 000,000,950 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\icqplugin-1.xml
[2011/05/14 12:50:50 | 000,000,950 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\icqplugin-2.xml
[2011/06/27 17:41:22 | 000,000,950 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\icqplugin-3.xml
[2011/08/21 17:45:30 | 000,000,950 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\icqplugin-4.xml
[2011/09/01 19:17:20 | 000,000,950 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\icqplugin-5.xml
[2011/09/08 17:42:32 | 000,000,950 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\icqplugin-6.xml
[2011/10/09 13:26:18 | 000,000,950 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\icqplugin-7.xml
[2011/11/10 21:37:36 | 000,000,950 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\icqplugin-8.xml
[2011/05/08 18:27:51 | 000,001,056 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\icqplugin.xml
[2011/04/28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\plasmoo.xml
[2013/01/29 17:52:49 | 000,002,399 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\mozilla\firefox\profiles\6hy3dgi9.default\searchplugins\Web Search.xml
[2013/01/31 19:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/01/08 21:24:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/12/13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=ds&q={searchTerms}&installDate=01/01/1970
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://feed.snapdo.com/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=7940af1c-3c82-457c-af97-29b9af76362b&searchtype=hp&installDate=01/01/1970
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Malin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Malin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Snap.Do  = C:\Users\Malin\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: AdBlock = C:\Users\Malin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0\
CHR - Extension: Speed Dial 2 = C:\Users\Malin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik\1.6.1.3_0\
 
O1 HOSTS File: ([2011/07/13 12:10:14 | 000,000,854 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Malin\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVD2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Malin\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_2BD2163C7093A13E363F07A8338CA236] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Malin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Malin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Malin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25E5EC99-7CB0-4BB6-8BCE-20C4774EC441}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50910199-5D2C-45B7-9042-E2358248BFEE}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{735B7AD5-6684-4B0E-8DAD-8E1C842465F6}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/13 21:54:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Malin\Desktop\OTL.exe
[2013/06/04 17:17:48 | 000,000,000 | R--D | C] -- C:\Users\Malin\Dropbox
[2013/06/02 20:07:31 | 000,000,000 | ---D | C] -- C:\Users\Malin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013/06/02 20:06:31 | 000,000,000 | ---D | C] -- C:\Users\Malin\AppData\Roaming\Dropbox
[2013/05/16 17:18:58 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/05/16 17:18:57 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/05/16 17:18:55 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/05/16 17:18:55 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/05/16 17:18:55 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/05/16 17:18:54 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/05/16 17:18:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/05/16 17:18:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/05/16 17:18:54 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/05/16 17:18:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/05/16 08:18:24 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wwanprotdim.dll
[2013/05/16 08:18:23 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2013/05/16 08:18:22 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\dxgmms1.sys
[2013/05/16 08:17:49 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\authui.dll
[2013/05/16 08:17:49 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\consent.exe
[2010/11/11 19:37:33 | 075,019,048 | ---- | C] (Apple Inc.) -- C:\Users\Malin\iTunesSetup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/13 21:54:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Malin\Desktop\OTL.exe
[2013/06/13 21:44:02 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/06/13 21:13:03 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/13 21:09:04 | 000,001,138 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2339853823-2107313754-116825072-1001UA.job
[2013/06/13 21:09:04 | 000,001,116 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2339853823-2107313754-116825072-1001Core.job
[2013/06/13 20:53:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/06/13 20:13:00 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/13 12:47:48 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/06/13 12:47:48 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/06/13 10:52:51 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/13 10:52:51 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/13 10:45:02 | 3209,216,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/10 16:59:05 | 000,654,400 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/06/10 16:59:05 | 000,616,242 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/06/10 16:59:05 | 000,130,240 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/06/10 16:59:05 | 000,106,622 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/06/07 15:16:20 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/05 19:45:17 | 000,002,285 | ---- | M] () -- C:\Users\Malin\Desktop\Search.lnk
[2013/06/04 17:17:48 | 000,001,039 | ---- | M] () -- C:\Users\Malin\Desktop\Dropbox.lnk
[2013/06/02 20:07:43 | 000,001,049 | ---- | M] () -- C:\Users\Malin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/05/17 22:34:50 | 000,017,790 | ---- | M] () -- C:\Users\Malin\Desktop\lah2007051041.jpg
[2013/05/17 16:13:42 | 001,701,977 | ---- | M] () -- C:\Users\Malin\Desktop\LH_WEBCKI.DE.STANDALONE.4tAaNuTDoIYo6PLSk2APF2.pdf
[2013/05/16 22:18:48 | 003,810,344 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013/06/05 19:45:17 | 000,002,383 | ---- | C] () -- C:\Users\Malin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2013/06/05 19:45:17 | 000,002,285 | ---- | C] () -- C:\Users\Malin\Desktop\Search.lnk
[2013/06/04 17:17:48 | 000,001,039 | ---- | C] () -- C:\Users\Malin\Desktop\Dropbox.lnk
[2013/06/02 20:07:43 | 000,001,049 | ---- | C] () -- C:\Users\Malin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/05/17 22:34:50 | 000,017,790 | ---- | C] () -- C:\Users\Malin\Desktop\lah2007051041.jpg
[2013/05/17 16:13:09 | 001,701,977 | ---- | C] () -- C:\Users\Malin\Desktop\LH_WEBCKI.DE.STANDALONE.4tAaNuTDoIYo6PLSk2APF2.pdf
[2012/09/07 15:32:31 | 000,000,112 | ---- | C] () -- C:\ProgramData\G21837FyG.dat
[2012/09/07 15:32:17 | 000,000,001 | ---- | C] () -- C:\ProgramData\15KfV5b3.exe_.b
[2012/09/07 15:32:17 | 000,000,001 | ---- | C] () -- C:\ProgramData\15KfV5b3.exe.b
[2012/08/26 13:08:45 | 000,001,411 | ---- | C] () -- C:\Users\Malin\AppData\Roaming\fotobuch.xml
[2012/08/26 13:05:46 | 000,302,688 | ---- | C] () -- C:\Users\Malin\AppData\Roaming\fotobuch-tcache.xml
[2012/08/26 13:05:45 | 000,034,712 | ---- | C] () -- C:\Users\Malin\AppData\Roaming\fotobuch-cache7.xml
[2012/03/17 17:41:14 | 000,000,278 | ---- | C] () -- C:\Users\Malin\AppData\Roaming\wklnhst.dat
[2012/01/31 19:15:44 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2012/01/31 19:15:42 | 000,974,848 | ---- | C] () -- C:\windows\System32\cis-2.4.dll
[2012/01/31 19:15:42 | 000,081,920 | ---- | C] () -- C:\windows\System32\issacapi_bs-2.3.dll
[2012/01/31 19:15:42 | 000,065,536 | ---- | C] () -- C:\windows\System32\issacapi_pe-2.3.dll
[2012/01/31 19:15:42 | 000,057,344 | ---- | C] () -- C:\windows\System32\issacapi_se-2.3.dll
[2011/06/18 15:48:38 | 000,001,606 | ---- | C] () -- C:\Users\Malin\.recently-used.xbel
[2011/06/16 18:08:30 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll
[2011/06/16 18:08:30 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys
[2011/01/31 16:50:41 | 000,006,144 | ---- | C] () -- C:\Users\Malin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/13 17:47:22 | 000,467,935 | ---- | C] () -- C:\Users\Malin\AppData\Roaming\mdbu.bin
[2010/08/13 17:18:56 | 000,272,896 | ---- | C] () -- C:\Users\Malin\Howtohaveagoodday.pps
[2010/07/03 22:46:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/03 20:54:30 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:A42A9F39
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >
         
--- --- ---
Angehängte Dateien
Dateityp: txt OTL.Txt (84,5 KB, 167x aufgerufen)
Dateityp: txt Extras.Txt (77,4 KB, 163x aufgerufen)
__________________


Geändert von baum89 (13.06.2013 um 22:32 Uhr)

Alt 13.06.2013, 22:24   #3
HardStylerx3
 
E-Mail Account gehakt? mail delivery-Nachrichten - Standard

E-Mail Account gehakt? mail delivery-Nachrichten



da ist aufjedenfall malware auf dem pc

mfg HardStyler3
__________________

Alt 13.06.2013, 22:42   #4
mort
 
E-Mail Account gehakt? mail delivery-Nachrichten - Standard

E-Mail Account gehakt? mail delivery-Nachrichten



Öhm
Zitat:
O1 - Hosts: 127.0.0.1 activate.adobe.com
Kannst du was dazu sagen?

Alt 13.06.2013, 22:46   #5
baum89
 
E-Mail Account gehakt? mail delivery-Nachrichten - Standard

E-Mail Account gehakt? mail delivery-Nachrichten



Zitat:
Zitat von mort Beitrag anzeigen
Öhm

Kannst du was dazu sagen?
Leider nein..bin aber auch bei weitem kein "Experte". Was sagt dir das?


Alt 13.06.2013, 22:58   #6
mort
 
E-Mail Account gehakt? mail delivery-Nachrichten - Standard

E-Mail Account gehakt? mail delivery-Nachrichten



Damit blockt man die Adobe Registrierung mehr morgen

Alt 13.06.2013, 23:04   #7
HardStylerx3
 
E-Mail Account gehakt? mail delivery-Nachrichten - Standard

E-Mail Account gehakt? mail delivery-Nachrichten



Zitat:
Zitat von mort Beitrag anzeigen
Damit blockt man die Adobe Registrierung mehr morgen
das heist du hast mit hoher wahrscheinlichkeit gecrackte software auf dem rechner

was gegen die regeln zur bereinigung verstößt

Alt 13.06.2013, 23:08   #8
baum89
 
E-Mail Account gehakt? mail delivery-Nachrichten - Standard

E-Mail Account gehakt? mail delivery-Nachrichten



Zitat:
Zitat von HardStylerx3 Beitrag anzeigen
das heist du hast mit hoher wahrscheinlichkeit gecrackte software auf dem rechner

was gegen die regeln zur bereinigung verstößt
Es ist der Rechner meiner Freundin. Ich bezweifel sehr stark, dass es (sollte es so sein) bewusst geschehen ist.

Alt 13.06.2013, 23:09   #9
HardStylerx3
 
E-Mail Account gehakt? mail delivery-Nachrichten - Standard

E-Mail Account gehakt? mail delivery-Nachrichten



Zitat:
Zitat von baum89 Beitrag anzeigen
Es ist der Rechner meiner Freundin. Ich bezweifel sehr stark, dass es (sollte es so sein) bewusst geschehen ist.
dann schnell runter damit und nie wieder drauf machen

Alt 13.06.2013, 23:10   #10
baum89
 
E-Mail Account gehakt? mail delivery-Nachrichten - Standard

E-Mail Account gehakt? mail delivery-Nachrichten



Zitat:
Zitat von HardStylerx3 Beitrag anzeigen
dann schnell runter damit und nie wieder drauf machen
Ja, da gebe ich dir recht. Aber welche Software ist denn nicht sauber?? Und wie bekomme ich sie komplett runter?

Alt 14.06.2013, 10:05   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
E-Mail Account gehakt? mail delivery-Nachrichten - Standard

E-Mail Account gehakt? mail delivery-Nachrichten



Zitat:
Zitat von baum89 Beitrag anzeigen
Aber welche Software ist denn nicht sauber??
Soll diese Rhetorik jetzt den Einsatz von Keygens/Cracks rechtfertigen bzw schönreden?
Legitime Originalsoftware ist sauber. Punkt.

Hat etwas mit Vertrauenswürdigkeit zu tun. Überleg mal, wenn du zB Medikamente einmal original aus der Apotheke und einmal von irgendeinem Dealer in der nächsten schmuddeligen Straßenecke vergleichst.
Welche Medikamente sind wohl riskanter? Der Dealer streckt und panscht.

Zitat:
Zitat von baum89 Beitrag anzeigen
Und wie bekomme ich sie komplett runter?
Windows komplett neu installieren, warum steht hier http://www.trojaner-board.de/95393-c...-software.html
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.06.2013, 10:10   #12
baum89
 
E-Mail Account gehakt? mail delivery-Nachrichten - Standard

E-Mail Account gehakt? mail delivery-Nachrichten



Zitat:
Zitat von cosinus Beitrag anzeigen
Soll diese Rhetorik jetzt den Einsatz von Keygens/Cracks rechtfertigen bzw schönreden?
Legitime Originalsoftware ist sauber. Punkt.

Hat etwas mit Vertrauenswürdigkeit zu tun. Überleg mal, wenn du zB Medikamente einmal original aus der Apotheke und einmal von irgendeinem Dealer in der nächsten schmuddeligen Straßenecke vergleichst.
Welche Medikamente sind wohl riskanter? Der Dealer streckt und panscht.



Windows komplett neu installieren, warum steht hier http://www.trojaner-board.de/95393-c...-software.html



ja, da geb ich dir wohl recht. Wie gesagt, es handelt sich nicht um meinen Rechner. Deswegen kann ich nichts konkretes dazu sagen. Es wurde allerdings definitiv nicht bewusst getan. Verstehe allerdings die Gründe die du nennst. Unterstütze solche Software ebenfalls in keinster weise. Schade, dass mir so nicht geholfen werden kann. Trotzdem danke für die Antwort. Thread kann dann wohl zu.

Alt 14.06.2013, 10:13   #13
Fragerin
/// TB-Senior
 
E-Mail Account gehakt? mail delivery-Nachrichten - Standard

E-Mail Account gehakt? mail delivery-Nachrichten



Reicht es nicht wenn man in diesem Fall alles löscht, was von Adobe ist (sieht man ja am Namen) und dann nur das Kostenlose (Flash Player und Acrobat Reader) wieder drauf tut?
Müsste man sich für Photoshop oder Acrobat Pro oder was es nun war bloß nach einer billigen Alternative umsehen oder Geld locker machen... aber das ist beim Neuaufsetzen das Gleiche

Alt 14.06.2013, 10:17   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
E-Mail Account gehakt? mail delivery-Nachrichten - Standard

E-Mail Account gehakt? mail delivery-Nachrichten



Zitat:
Zitat von baum89 Beitrag anzeigen
Es wurde allerdings definitiv nicht bewusst getan.
Unbewusst?
Das geht nit. Man kann nicht völlig unbewusst sich eine illegale Software besorgen und die auch noch "völlig unbewusst" ausführen

Unbewusst klingt eher nach einer (sry) Ausrede, aber es ist auch völlig egal ob das Zeug mit purer Absicht oder "völlig unbewusst" rauf kam, das spielt keine Rolle, wir bereinigen grundsätzlich Rechner mit illegaler Software nicht.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.06.2013, 10:18   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
E-Mail Account gehakt? mail delivery-Nachrichten - Blinzeln

E-Mail Account gehakt? mail delivery-Nachrichten



Zitat:
Zitat von Fragerin Beitrag anzeigen
Reicht es nicht wenn man in diesem Fall alles löscht, was von Adobe ist (sieht man ja am Namen) und dann nur das Kostenlose (Flash Player und Acrobat Reader) wieder drauf tut?
Das macht die Ausführung eines Cracks/Keygens nicht rückgängig. Wenn hier von "unbewusst" gesprochen wird, wird man ja wohl kaum selbst in der /etc/hosts Datei Hand angelegt haben
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu E-Mail Account gehakt? mail delivery-Nachrichten
account, aktiv, anhang, bankdaten, e-mail, e-mails, gen, gestern, konnte, leute, polizei, probleme, sache, sachen, sauber, schaltet, schei, sichers, sicherstellen, stelle, system, vermutlich, versendet, verseuchter, verwendet



Ähnliche Themen: E-Mail Account gehakt? mail delivery-Nachrichten


  1. Erhalte Mail Delivery Nachrichten von komischen Adressen
    Log-Analyse und Auswertung - 26.11.2015 (12)
  2. Mail Delivery System <mailer-daemon@kundenserver.de> mailrücklauf auf nicht gesendete mail
    Überwachung, Datenschutz und Spam - 26.03.2015 (4)
  3. Email Account gehackt? Mail Delivery
    Plagegeister aller Art und deren Bekämpfung - 29.05.2014 (24)
  4. mail delivery failed: returning message to sender - web.de account
    Plagegeister aller Art und deren Bekämpfung - 23.03.2014 (9)
  5. E-Mail-Problem bei WEB.DE (Mail delivery failed: returning message to sender - keineantwortadresse@web.de )
    Plagegeister aller Art und deren Bekämpfung - 12.10.2013 (11)
  6. Mail delivery failed, aber nur in Windows live mail
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (8)
  7. mail delivery failed: returning message to sender - web.de account
    Plagegeister aller Art und deren Bekämpfung - 18.07.2013 (9)
  8. mail delivery failed: returning message to sender im gmx account
    Log-Analyse und Auswertung - 12.07.2013 (5)
  9. Mail delivery failed Nachrichten und außerdem Balue Screen
    Plagegeister aller Art und deren Bekämpfung - 12.06.2013 (19)
  10. Mail delivery failed: returning message to sender, obwohl keine mail versendet
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (0)
  11. unererklärliche mail delivery fails und Zugriffe von unbekannter IP-Adresse auf Facebook-Account
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (1)
  12. mail delivery failed: returning message to sender im web.de account
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (3)
  13. Mail delivery failed Nachrichten auf meinem web.de Account
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (19)
  14. Mail delivery failed Nachrichten ohne Ende
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (14)
  15. Spam-Nachrichten von meinem E-Mail-Account verschickt - Befürchtung, daß ich 'nen Virus hab...
    Log-Analyse und Auswertung - 25.11.2011 (12)
  16. Web.de Account gehackt? (Mail Delivery System)
    Überwachung, Datenschutz und Spam - 27.02.2009 (4)
  17. Heute schon über 30 "Mail Delivery System "Mail Delivery System" Mail bekommen
    Log-Analyse und Auswertung - 26.05.2008 (4)

Zum Thema E-Mail Account gehakt? mail delivery-Nachrichten - Hallo, so wie es aussieht wurde mein E-Mail Account gehakt. Seit gestern bekomme ich mail delivery-Nachrichten, sprich die Nachricht, dass E-Mails nicht versendet werden konnten. Ich habe allerdings keine E-Mails - E-Mail Account gehakt? mail delivery-Nachrichten...
Archiv
Du betrachtest: E-Mail Account gehakt? mail delivery-Nachrichten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.