Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Spambot verschickt meine über meine Emailadresse

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.12.2011, 13:01   #1
riotmaker
 
Spambot verschickt meine über meine Emailadresse - Standard

Spambot verschickt meine über meine Emailadresse



Hier mein Problem:

Ich habe gestern von einem Freund erfahren dass er über meine Email Spam erhält, wie z.B.:

Hey, hey!
nobody was much help to me this made it possible for me to afford designer items now people have a new found respect for me this is just between us
hxxp://cinbosa.com.mx/profile/68CraigWalker/
see you later.

Seitdem versuche ich das Problem ausfindig zu machen. Hab erstmal meine Standard Programme benutzt (Avira Antivir, Spybot S&D) leider ohne Erfolg.
Dann hab ich mich in Foren auf die Suche gemacht und bin dann zum Glück auf dieses hier gestoßen. Habe defogger und OTL laufen lassen. Kann nur alleine mit den Logfiles nichts anfangen.

defogger:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:40 on 23/12/2011 (Riotmaker)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.12.2011 13:42:30 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Riotmaker\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,87 Gb Available Physical Memory | 71,81% Memory free
8,00 Gb Paging File | 6,76 Gb Available in Paging File | 84,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 38,96 Gb Total Space | 3,33 Gb Free Space | 8,54% Space Free | Partition Type: NTFS
Drive D: | 189,92 Gb Total Space | 189,81 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive E: | 426,70 Gb Total Space | 51,22 Gb Free Space | 12,00% Space Free | Partition Type: NTFS
Drive G: | 931,51 Gb Total Space | 25,56 Gb Free Space | 2,74% Space Free | Partition Type: NTFS
 
Computer Name: RIOTMAKER-PC | User Name: Riotmaker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.23 13:41:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Riotmaker\Desktop\OTL.exe
PRC - [2011.12.22 03:28:35 | 000,269,480 | ---- | M] (Avira GmbH) -- E:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.07 22:24:29 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.09.19 11:31:10 | 002,221,200 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2011.09.19 11:30:52 | 003,663,488 | ---- | M] (Giraffic) -- C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- E:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009.10.30 13:38:54 | 000,316,232 | ---- | M] (TuneUp Software) -- E:\Programme\TuneUP\TuneUpSystemStatusCheck.exe
PRC - [2009.03.05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- E:\Programme\Spybot SD\TeaTimer.exe
PRC - [2009.02.23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- E:\Programme\Spybot SD\SDWinSec.exe
PRC - [2007.04.17 14:22:22 | 000,184,320 | ---- | M] (Creative Technology Ltd) -- E:\Programme\Creative\Volume Panel\VolPanlu.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.08.26 04:29:28 | 000,150,016 | ---- | M] () -- C:\Windows\SysWOW64\OemSpiE.dll
MOD - [2009.03.26 13:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.10.26 03:00:58 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.10.30 13:27:44 | 000,036,168 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.12.22 03:28:35 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.07 22:24:29 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.11.24 14:43:11 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.09.19 11:31:10 | 002,221,200 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2011.06.14 12:18:47 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- E:\Programme\TuneUP\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.06.14 10:35:03 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [On_Demand | Stopped] -- E:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.05.28 03:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.30 13:33:44 | 001,353,544 | ---- | M] (TuneUp Software) [Auto | Running] -- E:\Programme\TuneUP\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.10.30 13:27:34 | 000,030,024 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- E:\Programme\Spybot SD\SDWinSec.exe -- (SBSDWSCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.22 03:28:41 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.22 03:28:41 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.10.26 04:05:10 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.10.26 02:21:58 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.23 17:33:00 | 000,300,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.06 01:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.10.14 06:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- E:\Programme\TuneUP\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 62 43 13 73 BE CC 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chilloutzone.net|bildblog.de|taz.de"
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?ie=UTF-8&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: E:\Programme\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: E:\Programme\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: E:\Programme\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Programme\Adobe\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Riotmaker\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Riotmaker\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.05 14:33:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011.12.05 14:33:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011.12.07 10:19:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.12.08 16:52:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: E:\Programme\Mozilla Firefox\components [2011.11.24 20:58:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2011.09.03 12:49:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.05 14:33:15 | 000,000,000 | ---D | M]
 
[2011.06.14 01:31:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Riotmaker\AppData\Roaming\mozilla\Extensions
[2011.12.14 19:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Riotmaker\AppData\Roaming\mozilla\Firefox\Profiles\x04tzipt.default\extensions
[2011.11.24 20:58:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Riotmaker\AppData\Roaming\mozilla\Firefox\Profiles\x04tzipt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.12.18 22:35:39 | 000,000,950 | ---- | M] () -- C:\Users\Riotmaker\AppData\Roaming\Mozilla\Firefox\Profiles\x04tzipt.default\searchplugins\icqplugin-1.xml
[2011.08.17 10:21:55 | 000,000,950 | ---- | M] () -- C:\Users\Riotmaker\AppData\Roaming\Mozilla\Firefox\Profiles\x04tzipt.default\searchplugins\icqplugin-2.xml
[2011.06.23 19:29:20 | 000,000,950 | ---- | M] () -- C:\Users\Riotmaker\AppData\Roaming\Mozilla\Firefox\Profiles\x04tzipt.default\searchplugins\icqplugin.xml
[2011.12.18 22:35:40 | 000,001,210 | ---- | M] () -- C:\Users\Riotmaker\AppData\Roaming\Mozilla\Firefox\Profiles\x04tzipt.default\searchplugins\scroogle-de.xml
[2011.06.14 18:43:11 | 000,001,330 | ---- | M] () -- C:\Users\Riotmaker\AppData\Roaming\Mozilla\Firefox\Profiles\x04tzipt.default\searchplugins\wikipedia-en.xml
[2011.06.14 18:44:24 | 000,002,057 | ---- | M] () -- C:\Users\Riotmaker\AppData\Roaming\Mozilla\Firefox\Profiles\x04tzipt.default\searchplugins\youtube-videosuche.xml
[2011.12.08 16:52:05 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
() (No name found) -- C:\USERS\RIOTMAKER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X04TZIPT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Riotmaker\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = E:\Programme\Adobe\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = E:\Programme\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Riotmaker\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Riotmaker\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = E:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Riotmaker\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = E:\Programme\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Riotmaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Adblock Plus f\u00FCr Google Chrome\u2122 (Beta) = C:\Users\Riotmaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.1.4_0\
CHR - Extension: Google-Suche = C:\Users\Riotmaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Google Mail = C:\Users\Riotmaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
 
O1 HOSTS File: ([2011.12.22 03:34:56 | 000,440,252 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-domains-registrations.com
O1 - Hosts: 127.0.0.1	www.1-domains-registrations.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 15133 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programme\Spybot SD\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [amd_dc_opt] E:\Programme\AMD\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] E:\Programme\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Programme\Spybot SD\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\Programme\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\Programme\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programme\Spybot SD\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D1DBF44-E0A7-4C75-BD41-B9CC9FD25C2D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /r \??\G:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.23 13:41:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Riotmaker\Desktop\OTL.exe
[2011.12.19 18:24:45 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\AppData\Roaming\HPAppData
[2011.12.19 02:05:25 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\AppData\Roaming\Simfy
[2011.12.19 02:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
[2011.12.15 14:33:59 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\AppData\Local\Stefan_Wobbe
[2011.12.15 14:21:08 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GIF Viewer
[2011.12.15 14:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIF Viewer
[2011.12.15 03:25:03 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\Documents\WB Games
[2011.12.09 14:26:03 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SequoiaView
[2011.12.09 14:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SequoiaView
[2011.12.08 21:45:27 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\AppData\Roaming\teamspeak2
[2011.12.08 16:52:24 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\AppData\Roaming\Swiss Academic Software
[2011.12.08 16:52:24 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\Documents\Citavi 3
[2011.12.08 16:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 3
[2011.12.08 16:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Swiss Academic Software
[2011.12.08 16:00:58 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\Documents\Telltale Games
[2011.12.08 15:58:41 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\AppData\Local\WB Games
[2011.12.08 15:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2011.12.08 00:29:23 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\Application Data
[2011.12.07 23:44:05 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\Documents\Battlefield 3
[2011.12.07 22:29:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011.12.07 22:29:01 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\Documents\Assassin's Creed Revelations
[2011.12.07 22:24:28 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\AppData\Roaming\PunkBuster
[2011.12.07 10:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.12.07 10:19:58 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2011.12.05 18:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011.12.05 14:46:13 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\AppData\Roaming\HP
[2011.12.05 14:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2011.12.05 14:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2011.12.05 14:33:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.12.05 14:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
[2011.12.05 14:33:00 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\AppData\Roaming\HpUpdate
[2011.12.05 14:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011.12.05 14:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.12.05 14:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011.12.05 14:26:44 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011.12.05 14:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.12.03 01:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.12.01 22:23:28 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\AppData\Local\SCE
[2011.12.01 16:25:07 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\Documents\Orcs Must Die
[2011.12.01 16:19:41 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orcs Must Die!
[2011.12.01 16:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Orcs Must Die!
[2011.11.29 23:03:36 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\AppData\Local\dxhr
[2011.11.29 23:02:48 | 000,000,000 | ---D | C] -- C:\Users\Riotmaker\AppData\Local\28050
[2011.11.29 20:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
[2011.11.29 00:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.11.24 15:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.11.24 15:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.11.24 15:45:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.11.24 15:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.11.24 15:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.11.24 14:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.23 13:44:58 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.23 13:44:58 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.23 13:41:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Riotmaker\Desktop\OTL.exe
[2011.12.23 13:39:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.23 13:39:45 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.23 13:38:46 | 000,000,020 | ---- | M] () -- C:\Users\Riotmaker\defogger_reenable
[2011.12.23 13:38:12 | 000,050,477 | ---- | M] () -- C:\Users\Riotmaker\Desktop\Defogger.exe
[2011.12.23 04:24:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1181527991-1372660013-3098569378-1001UA.job
[2011.12.22 14:26:40 | 000,096,788 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.12.22 03:34:56 | 000,440,252 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.12.22 03:28:41 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.22 03:28:41 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.12.19 02:05:28 | 000,000,032 | ---- | M] () -- C:\Users\Riotmaker\.simfy
[2011.12.18 18:01:54 | 000,283,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.14 12:24:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1181527991-1372660013-3098569378-1001Core.job
[2011.12.08 16:52:06 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Citavi 3.lnk
[2011.12.08 02:01:18 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 3.lnk
[2011.12.08 01:34:02 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\Jurassic Park The Game.lnk
[2011.12.08 00:29:56 | 000,000,597 | ---- | M] () -- C:\Users\Riotmaker\Desktop\Anno 2070.lnk
[2011.12.08 00:15:25 | 000,000,649 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011.12.07 22:28:40 | 000,001,269 | ---- | M] () -- C:\Users\Riotmaker\Desktop\Assassins Creed Revelation.lnk
[2011.12.07 22:24:31 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.07 22:24:29 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.06 16:02:48 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.06 16:02:48 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.06 16:02:48 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.06 16:02:48 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.06 16:02:48 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.05 18:23:27 | 000,256,502 | ---- | M] () -- C:\Windows\hpwins24.dat
[2011.12.05 14:31:52 | 000,001,351 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011.12.01 22:22:41 | 000,000,755 | ---- | M] () -- C:\Users\Riotmaker\Desktop\DC Universe Online.lnk
[2011.12.01 16:19:41 | 000,001,296 | ---- | M] () -- C:\Users\Riotmaker\Desktop\Orcs Must Die!.lnk
[2011.11.29 20:22:29 | 000,000,797 | ---- | M] () -- C:\Users\Public\Desktop\Deus Ex Human Revolution.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.23 13:38:46 | 000,000,020 | ---- | C] () -- C:\Users\Riotmaker\defogger_reenable
[2011.12.23 13:38:12 | 000,050,477 | ---- | C] () -- C:\Users\Riotmaker\Desktop\Defogger.exe
[2011.12.19 02:05:28 | 000,000,032 | ---- | C] () -- C:\Users\Riotmaker\.simfy
[2011.12.08 16:52:06 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Citavi 3.lnk
[2011.12.08 02:01:18 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 3.lnk
[2011.12.08 01:34:02 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\Jurassic Park The Game.lnk
[2011.12.08 00:29:56 | 000,000,597 | ---- | C] () -- C:\Users\Riotmaker\Desktop\Anno 2070.lnk
[2011.12.08 00:15:25 | 000,000,649 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011.12.07 22:28:40 | 000,001,269 | ---- | C] () -- C:\Users\Riotmaker\Desktop\Assassins Creed Revelation.lnk
[2011.12.07 22:24:31 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.07 22:24:29 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.05 18:11:18 | 000,001,758 | ---- | C] () -- C:\Windows\hpwmdl24.dat.temp
[2011.12.05 14:33:56 | 000,001,380 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
[2011.12.05 14:31:52 | 000,001,351 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011.12.05 14:25:21 | 000,256,502 | ---- | C] () -- C:\Windows\hpwins24.dat
[2011.12.01 22:22:41 | 000,000,755 | ---- | C] () -- C:\Users\Riotmaker\Desktop\DC Universe Online.lnk
[2011.12.01 22:22:41 | 000,000,755 | ---- | C] () -- C:\Users\Riotmaker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online Live.lnk
[2011.12.01 16:19:41 | 000,001,296 | ---- | C] () -- C:\Users\Riotmaker\Desktop\Orcs Must Die!.lnk
[2011.11.29 20:22:29 | 000,000,797 | ---- | C] () -- C:\Users\Public\Desktop\Deus Ex Human Revolution.lnk
[2011.11.17 23:22:13 | 000,000,262 | ---- | C] () -- C:\Windows\game.ini
[2011.11.17 18:07:31 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.10.26 02:38:38 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.10.26 02:38:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.10.25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.06.18 14:29:22 | 000,000,212 | ---- | C] () -- C:\Windows\Maye.ini
[2011.06.18 14:28:42 | 000,000,194 | ---- | C] () -- C:\Windows\Muge.ini
[2011.06.16 14:31:08 | 000,096,788 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.06.14 20:59:41 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.06.14 20:59:41 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.06.14 01:49:54 | 000,004,626 | ---- | C] () -- C:\Windows\SysWow64\AudioDrv.ini
[2011.06.14 01:48:37 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2011.06.14 01:48:37 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2011.06.14 01:48:37 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2011.06.14 01:48:37 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2011.06.14 01:48:37 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2011.06.14 01:48:37 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2011.06.14 01:48:37 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2011.06.14 01:48:37 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2011.06.14 01:48:37 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2011.06.14 01:48:37 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2011.06.14 01:48:37 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2011.06.14 01:48:37 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2011.06.14 01:48:37 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2011.06.14 01:48:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2011.06.14 01:48:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2011.06.14 01:48:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2011.06.14 01:48:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2011.06.14 01:48:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2011.06.14 01:48:37 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2011.06.14 01:48:37 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2011.06.14 01:31:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.06.14 00:59:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.07.30 20:04:53 | 000,001,758 | ---- | C] () -- C:\Windows\hpwmdl24.dat
[2009.11.06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.08.26 04:29:28 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.10.11 04:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
 
========== LOP Check ==========
 
[2011.11.02 23:53:55 | 000,000,000 | ---D | M] -- C:\Users\Riotmaker\AppData\Roaming\Alarmstufe Rot 3 Der Aufstand
[2011.12.21 03:21:52 | 000,000,000 | ---D | M] -- C:\Users\Riotmaker\AppData\Roaming\Any Video Converter Professional
[2011.11.17 00:06:42 | 000,000,000 | ---D | M] -- C:\Users\Riotmaker\AppData\Roaming\Command & Conquer 3 Kanes Rache
[2011.11.16 18:30:38 | 000,000,000 | ---D | M] -- C:\Users\Riotmaker\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2011.11.17 19:51:18 | 000,000,000 | ---D | M] -- C:\Users\Riotmaker\AppData\Roaming\Command and Conquer 4
[2011.06.14 12:54:50 | 000,000,000 | ---D | M] -- C:\Users\Riotmaker\AppData\Roaming\DAEMON Tools Lite
[2011.12.23 03:24:14 | 000,000,000 | ---D | M] -- C:\Users\Riotmaker\AppData\Roaming\ICQ
[2011.06.16 01:51:52 | 000,000,000 | ---D | M] -- C:\Users\Riotmaker\AppData\Roaming\LolClient
[2011.06.23 21:43:06 | 000,000,000 | ---D | M] -- C:\Users\Riotmaker\AppData\Roaming\OpenCandy
[2011.07.07 15:17:31 | 000,000,000 | ---D | M] -- C:\Users\Riotmaker\AppData\Roaming\OpenOffice.org
[2011.12.07 22:24:28 | 000,000,000 | ---D | M] -- C:\Users\Riotmaker\AppData\Roaming\PunkBuster
[2011.11.07 20:32:51 | 000,000,000 | ---D | M] -- C:\Users\Riotmaker\AppData\Roaming\Red Alert 3
[2011.12.19 02:05:25 | 000,000,000 | ---D | M] -- C:\Users\Riotmaker\AppData\Roaming\Simfy
[2011.06.16 02:06:50 | 000,000,000 | ---D | M] -- C:\Users\Riotmaker\AppData\Roaming\styler2go
[2011.12.10 16:51:06 | 000,000,000 | ---D | M] -- C:\Users\Riotmaker\AppData\Roaming\Swiss Academic Software
[2011.06.14 12:18:38 | 000,000,000 | ---D | M] -- C:\Users\Riotmaker\AppData\Roaming\TuneUp Software
[2011.11.22 16:02:53 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.06.14 01:11:28 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.11.24 14:09:54 | 000,000,000 | ---D | M] -- C:\ATI
[2011.12.19 10:08:06 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2011.06.14 01:03:12 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.24 15:45:42 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.08 16:51:29 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.12.08 16:50:04 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.06.14 01:03:13 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.06.14 01:03:13 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.12.23 13:44:25 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.06.14 01:11:21 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.10 15:12:30 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >

< End of report >
         
--- --- ---


Mein PC:

Windows 7 Ultimate 64-bit SP1
Mozilla und Chrome als Browser
Yahoo Mail als Email Service



Hoffe mir kann jemand weiterhelfen.
Danke im voraus

Grüße riotmaker

edit:
Extra Log von OTL im Anhang

Alt 23.12.2011, 17:18   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Spambot verschickt meine über meine Emailadresse - Standard

Spambot verschickt meine über meine Emailadresse



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Antwort

Themen zu Spambot verschickt meine über meine Emailadresse
64-bit, adblock, adobe, alert, antivir, any video converter, application/pdf, application/pdf:, avira, bho, bonjour, c:\windows\system32\rundll32.exe, call of duty, converter, email, email spam, explorer, firefox, format, google, google chrome, help, helper, langs, object, problem, realtek, registry, required, rundll, safer networking, scan, sched.exe, software, spam, teamspeak, tracker, version=1.0, video converter, webcheck, windows, winlogon.exe



Ähnliche Themen: Spambot verschickt meine über meine Emailadresse


  1. Skype verschickt automatisch Links an alle meine Kontakte
    Plagegeister aller Art und deren Bekämpfung - 14.10.2015 (12)
  2. Skype verschickt Nachrichten mit Links an meine Kontakte
    Plagegeister aller Art und deren Bekämpfung - 03.09.2015 (3)
  3. Meine WEB.de-Adresse verschickt automatisch Spam
    Plagegeister aller Art und deren Bekämpfung - 15.12.2014 (118)
  4. Über meine Mail-Adresse wurden massiv Spammails verschickt - Malware unwahrscheinlich - was tun?
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (5)
  5. Spammails werden über meine Emailadresse verschickt!
    Log-Analyse und Auswertung - 04.08.2013 (7)
  6. Meine Identität wurde über meine IP festgestellt?
    Log-Analyse und Auswertung - 13.02.2013 (5)
  7. eigenartike e-mail von meine konto verschickt
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (7)
  8. Meine Gmx-Mail Adresser verschickt Spam-Mails
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  9. Meine E-mailadresse verschickt automatisch links mit viren
    Plagegeister aller Art und deren Bekämpfung - 20.01.2012 (5)
  10. Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy
    Plagegeister aller Art und deren Bekämpfung - 28.12.2011 (18)
  11. Über meine Email werden Spam verschickt
    Log-Analyse und Auswertung - 16.12.2011 (1)
  12. Facebook verschickt ständig links an meine Freunde
    Alles rund um Windows - 15.10.2011 (1)
  13. Spam-Mails über meine Mail-Adresse auf meine Kontakte geschickt!
    Log-Analyse und Auswertung - 28.11.2010 (1)
  14. Spamm über meine Emailadresse versendet!
    Log-Analyse und Auswertung - 25.01.2010 (1)
  15. msn verschickt spams an meine freundesliste
    Log-Analyse und Auswertung - 22.05.2009 (5)
  16. Mein MSN verschickt Spams an meine Freunde
    Log-Analyse und Auswertung - 17.05.2009 (0)
  17. Hilfe, Trojaner nutzen meine Emailadresse
    Plagegeister aller Art und deren Bekämpfung - 10.03.2004 (2)

Zum Thema Spambot verschickt meine über meine Emailadresse - Hier mein Problem: Ich habe gestern von einem Freund erfahren dass er über meine Email Spam erhält, wie z.B.: Hey, hey! nobody was much help to me this made it - Spambot verschickt meine über meine Emailadresse...
Archiv
Du betrachtest: Spambot verschickt meine über meine Emailadresse auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.