OTL logfile created on: 28.11.2011 21:01:37 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\redblunted\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 40,52% Memory free
4,23 Gb Paging File | 2,54 Gb Available in Paging File | 59,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 327,35 Gb Total Space | 30,71 Gb Free Space | 9,38% Space Free | Partition Type: NTFS
Drive J: | 4,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SEED | User Name: redblunted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011.11.28 19:43:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\redblunted\Downloads\OTL.exe
PRC - [2011.11.15 06:39:56 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe
PRC - [2011.11.13 09:25:28 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.06.05 09:19:18 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Programme\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008.03.20 14:35:04 | 000,023,040 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTHELPER.EXE
PRC - [2008.03.18 23:00:05 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2008.01.18 22:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.18 22:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.07.19 14:32:34 | 001,120,568 | ---- | M] (Packard Bell BV) -- C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe
PRC - [2007.05.10 16:10:00 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.01.09 22:59:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe
PRC - [2007.01.09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011.11.15 06:39:54 | 000,420,920 | ---- | M] () -- C:\Programme\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011.11.15 06:39:53 | 003,702,840 | ---- | M] () -- C:\Programme\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011.11.15 06:38:16 | 000,122,952 | ---- | M] () -- C:\Programme\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011.11.15 06:38:15 | 000,222,280 | ---- | M] () -- C:\Programme\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011.11.15 06:38:14 | 001,746,504 | ---- | M] () -- C:\Programme\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011.11.15 03:36:18 | 008,593,056 | ---- | M] () -- C:\Programme\Google\Chrome\Application\15.0.874.121\gcswf32.dll
MOD - [2011.11.13 09:25:31 | 001,988,760 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\mozjs.dll
MOD - [2011.11.13 09:25:30 | 000,161,944 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2011.11.13 09:25:30 | 000,021,656 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.06.15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.04.04 22:24:11 | 000,119,296 | ---- | M] () [On_Demand | Stopped] -- C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{3FC42713-B6E7-49AA-A553-A224FE9828A8}\Installer\InstallerService.exe -- (Installer Service)
SRV - [2009.08.24 13:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008.03.25 23:56:36 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.01.12 19:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007.01.09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007.01.09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007.01.09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007.01.09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011.11.28 18:39:33 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3BAC0731-D380-48AC-9ED9-0DB4575A326B}\MpKsldb9a6816.sys -- (MpKsldb9a6816)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.04.27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009.08.05 20:55:51 | 000,060,672 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rdwm1102.sys -- (RDID1102)
DRV - [2008.06.10 09:00:00 | 000,856,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080611.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2008.06.10 09:00:00 | 000,089,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080611.005\NAVENG.SYS -- (NAVENG)
DRV - [2008.05.30 23:17:35 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008.03.20 16:57:26 | 000,015,896 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2008.03.20 16:55:16 | 000,802,840 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2008.03.20 16:54:42 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2008.03.20 16:52:50 | 000,159,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2008.03.20 16:52:22 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2008.03.20 16:51:56 | 000,129,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2008.03.20 16:49:30 | 000,524,824 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2008.03.20 16:48:56 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2008.03.20 16:40:38 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2008.03.20 16:40:38 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV - [2008.03.20 16:38:06 | 000,134,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEDSPIO.SYS -- (CTEDSPIO.SYS)
DRV - [2008.03.20 16:38:06 | 000,134,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEDSPIO.SYS -- (CTEDSPIO)
DRV - [2008.03.20 16:37:36 | 000,309,784 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEDSPSY.SYS -- (CTEDSPSY.SYS)
DRV - [2008.03.20 16:37:36 | 000,309,784 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEDSPSY.SYS -- (CTEDSPSY)
DRV - [2008.03.20 16:37:10 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2008.03.20 16:37:10 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV - [2008.03.20 16:36:44 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2008.03.20 16:36:44 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT)
DRV - [2008.03.20 16:36:14 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS)
DRV - [2008.03.20 16:36:14 | 000,099,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTERFXFX.SYS -- (CTERFXFX)
DRV - [2008.03.20 16:32:36 | 000,259,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEDSPFX.SYS -- (CTEDSPFX.SYS)
DRV - [2008.03.20 16:32:36 | 000,259,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEDSPFX.SYS -- (CTEDSPFX)
DRV - [2008.03.20 16:26:30 | 000,163,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEAPSFX.SYS -- (CTEAPSFX.SYS)
DRV - [2008.03.20 16:26:30 | 000,163,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTEAPSFX.SYS -- (CTEAPSFX)
DRV - [2008.03.20 16:25:44 | 000,534,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS)
DRV - [2008.03.20 16:25:44 | 000,534,040 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTSBLFX.SYS -- (CTSBLFX)
DRV - [2008.03.20 16:23:44 | 000,528,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS)
DRV - [2008.03.20 16:23:44 | 000,528,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CTAUDFX.SYS -- (CTAUDFX)
DRV - [2008.03.20 16:23:08 | 000,098,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS)
DRV - [2008.03.20 16:23:08 | 000,098,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COMMONFX.SYS -- (COMMONFX)
DRV - [2008.02.14 02:39:58 | 000,261,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080611.003\IDSvix86.sys -- (IDSvix86)
DRV - [2008.02.13 10:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007.11.30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007.11.30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007.11.30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007.07.06 20:15:00 | 007,568,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.04.14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007.01.23 10:01:00 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.01.09 22:32:13 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007.01.09 22:32:13 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007.01.09 22:32:13 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007.01.09 22:32:13 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2007.01.09 22:32:13 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007.01.09 22:32:13 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2005.05.09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3082245035-842810340-864391136-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-3082245035-842810340-864391136-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3082245035-842810340-864391136-1002\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3082245035-842810340-864391136-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/webhp?hl=de&tab=iw"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.1879: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1939: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.872: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.31 13:10:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.21 18:41:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.25 21:28:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.08.21 18:41:00 | 000,000,000 | ---D | M]
 
[2010.10.09 21:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\redblunted\AppData\Roaming\mozilla\Extensions
[2010.10.09 21:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\redblunted\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.04.05 17:32:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\redblunted\AppData\Roaming\mozilla\Firefox\Profiles\h1ui3e0e.default\extensions
[2011.11.21 19:15:44 | 000,000,944 | ---- | M] () -- C:\Users\redblunted\AppData\Roaming\Mozilla\Firefox\Profiles\h1ui3e0e.default\searchplugins\icqplugin.xml
[2011.11.14 20:45:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2007.03.26 05:16:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.07.25 00:17:16 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.30 09:33:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.04 12:00:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.21 19:04:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.11.14 20:45:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2008.08.28 10:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2011.10.31 13:10:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.06.22 09:48:16 | 000,115,552 | ---- | M] (Keynote Systems) -- C:\Program Files\mozilla firefox\components\FFConnectorLauncher.dll
[2009.06.22 09:48:18 | 000,239,968 | ---- | M] (Keynote Systems) -- C:\Program Files\mozilla firefox\components\FFSource.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.31 13:10:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.31 13:10:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.31 13:10:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.31 13:10:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.31 13:10:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.31 13:10:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.3.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google\Google_BAE\BAE.dll (Packard Bell)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton-Symbolleiste anzeigen) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3082245035-842810340-864391136-1002\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-3082245035-842810340-864391136-1002\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTHelper] CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3082245035-842810340-864391136-1002..\Run: [NvCplDaemonTool] rundll32.exe C:\Users\REDBLU~1\tload98.dll,_IWMPEvents File not found
O4 - HKU\S-1-5-21-3082245035-842810340-864391136-1002..\Run: [SmpcSys] C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKU\S-1-5-21-3082245035-842810340-864391136-1002..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{343D58BD-0F8F-4DE9-A075-F991D3B9240B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D4A1701-B47A-4195-9A4F-EBC0C1FF3C96}: NameServer = 213.191.74.18 62.109.123.196
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{24acbc94-d20f-11de-b8c0-001d7d293463}\Shell\AutoRun\command - "" = I:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011.11.28 20:37:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.27 21:01:48 | 000,000,000 | ---D | C] -- C:\Users\redblunted\AppData\Roaming\Malwarebytes
[2011.11.27 21:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.27 21:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.27 21:01:10 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.27 21:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.11.20 17:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.14 20:45:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.11.14 20:45:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.11.14 20:45:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2008.03.20 14:35:52 | 000,034,816 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2008.03.20 14:19:40 | 000,012,800 | ---- | C] ( ) -- C:\Windows\System32\KILLAPPS.EXE
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\redblunted\*.tmp files -> C:\Users\redblunted\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011.11.28 21:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie.job
[2011.11.28 20:58:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.28 20:39:59 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.28 20:39:59 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.28 18:58:01 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.28 18:44:31 | 000,640,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.28 18:44:31 | 000,606,226 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.28 18:44:31 | 000,131,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.28 18:44:31 | 000,108,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.28 18:39:39 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.11.28 18:39:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.28 18:39:10 | 2144,944,128 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.28 18:38:33 | 000,011,564 | ---- | M] () -- C:\Windows\System32\DVCState-{00000000-00000000-0000000D-00001102-00000008-40021102}.rfx
[2011.11.28 18:38:33 | 000,000,924 | ---- | M] () -- C:\Windows\System32\BMXCtrlState-{00000000-00000000-0000000D-00001102-00000008-40021102}.rfx
[2011.11.28 18:38:33 | 000,000,924 | ---- | M] () -- C:\Windows\System32\BMXBkpCtrlState-{00000000-00000000-0000000D-00001102-00000008-40021102}.rfx
[2011.11.28 18:38:33 | 000,000,064 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000000-00000000-0000000D-00001102-00000008-40021102}.rfx
[2011.11.28 18:38:33 | 000,000,064 | ---- | M] () -- C:\Windows\System32\BMXState-{00000000-00000000-0000000D-00001102-00000008-40021102}.rfx
[2011.11.27 21:01:18 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.27 18:41:36 | 000,070,656 | ---- | M] () -- C:\Users\redblunted\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.25 21:15:38 | 053,592,816 | ---- | M] () -- C:\Users\redblunted\Desktop\nu shues.mp3
[2011.11.24 23:22:38 | 001,384,900 | ---- | M] () -- C:\Users\redblunted\Desktop\nu shues.pk
[2011.11.24 23:22:36 | 472,681,136 | ---- | M] () -- C:\Users\redblunted\Desktop\nu shues.wav
[2011.11.20 17:01:40 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.17 22:46:16 | 000,000,680 | ---- | M] () -- C:\Users\redblunted\AppData\Local\d3d9caps.dat
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\redblunted\*.tmp files -> C:\Users\redblunted\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011.11.27 21:01:18 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.25 21:11:25 | 053,592,816 | ---- | C] () -- C:\Users\redblunted\Desktop\nu shues.mp3
[2011.11.24 23:15:48 | 001,384,900 | ---- | C] () -- C:\Users\redblunted\Desktop\nu shues.pk
[2011.11.24 23:13:53 | 472,681,136 | ---- | C] () -- C:\Users\redblunted\Desktop\nu shues.wav
[2011.11.20 17:01:40 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.08.21 20:39:22 | 000,000,268 | RH-- | C] () -- C:\ProgramData\PageLibraries
[2011.08.21 20:34:18 | 000,000,268 | RH-- | C] () -- C:\ProgramData\PDEs
[2011.08.21 20:29:13 | 000,000,000 | ---- | C] () -- C:\ProgramData\Organic
[2011.08.21 20:06:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\NetServices
[2011.08.21 18:50:50 | 000,000,268 | RH-- | C] () -- C:\Users\redblunted\AppData\Roaming\Organs
[2011.08.21 18:50:50 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011.08.21 18:44:38 | 000,000,268 | RH-- | C] () -- C:\Users\redblunted\AppData\Roaming\Noise Gate
[2011.08.21 18:44:38 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011.04.13 18:14:14 | 000,007,168 | ---- | C] () -- C:\Windows\System32\RdCi1102.dll
[2011.04.13 18:14:14 | 000,004,088 | ---- | C] () -- C:\Windows\System32\Rd3t1102.DAT
[2010.10.16 22:39:24 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2010.10.16 22:05:57 | 000,044,091 | R--- | C] () -- C:\Windows\System32\e10kxwdm.ini
[2010.05.17 18:48:09 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2010.05.17 18:48:09 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010.05.17 18:47:07 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2009.12.21 14:48:52 | 000,000,000 | ---- | C] () -- C:\Users\redblunted\AppData\Local\prvlcl.dat
[2009.07.22 13:03:13 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.07.22 13:03:13 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009.04.22 17:07:28 | 000,000,680 | ---- | C] () -- C:\Users\redblunted\AppData\Local\d3d9caps.dat
[2009.04.14 09:12:58 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.02.01 14:29:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.11.29 17:25:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.09.30 19:52:02 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.09.30 19:52:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.11 18:53:15 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.03.20 15:02:24 | 000,097,461 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2008.03.20 15:02:24 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2008.03.20 14:36:48 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CTBURST.DLL
[2008.03.20 14:35:06 | 000,041,472 | ---- | C] () -- C:\Windows\System32\PSCONV.EXE
[2008.03.20 14:25:22 | 000,325,821 | ---- | C] () -- C:\Windows\System32\ctdlang.dat
[2008.03.20 14:25:22 | 000,046,273 | ---- | C] () -- C:\Windows\System32\CTDNLSTR.DAT
[2008.03.20 14:22:24 | 000,016,384 | ---- | C] () -- C:\Windows\System32\REGPLIB.EXE
[2008.03.20 14:21:58 | 000,149,838 | ---- | C] () -- C:\Windows\System32\ctbas2w.dat
[2008.03.20 14:20:12 | 000,274,587 | ---- | C] () -- C:\Windows\System32\ctsbas2w.dat
[2008.03.20 14:20:02 | 000,115,166 | ---- | C] () -- C:\Windows\System32\CTBASICW.DAT
[2008.03.20 14:20:00 | 000,241,084 | ---- | C] () -- C:\Windows\System32\CTSBASW.DAT
[2008.03.20 14:19:44 | 000,313,207 | ---- | C] () -- C:\Windows\System32\ctstatic.dat
[2008.03.20 14:19:44 | 000,053,932 | ---- | C] () -- C:\Windows\System32\ctdaught.dat
[2008.03.20 14:19:42 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ENLOCSTR.EXE
[2008.03.15 00:22:48 | 000,167,936 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008.03.15 00:22:48 | 000,017,871 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2008.03.13 20:38:50 | 000,000,037 | ---- | C] () -- C:\Windows\coolmp3.ini
[2008.03.13 20:38:50 | 000,000,029 | ---- | C] () -- C:\Windows\wordpad.ini
[2008.03.13 20:38:49 | 000,000,000 | ---- | C] () -- C:\Windows\COOLSYS.INI
[2008.03.13 20:38:34 | 000,000,029 | ---- | C] () -- C:\Windows\winzip32.ini
[2008.03.13 20:38:31 | 000,010,677 | ---- | C] () -- C:\Windows\coolkb2k.ini
[2008.03.13 20:37:23 | 000,005,174 | ---- | C] () -- C:\Windows\COOL.INI
[2008.03.13 18:17:49 | 000,024,576 | ---- | C] () -- C:\Windows\System32\Hyperman.dll
[2008.03.13 18:17:32 | 000,129,024 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2008.03.13 18:17:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\Wavlbsys.dll
[2008.03.10 23:41:12 | 000,510,976 | ---- | C] () -- C:\Windows\System32\synsoacc.dll
[2008.03.09 16:08:20 | 000,000,370 | ---- | C] () -- C:\Users\redblunted\AppData\Roaming\wklnhst.dat
[2008.03.09 15:35:04 | 000,070,656 | ---- | C] () -- C:\Users\redblunted\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.09 15:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.03.09 15:15:23 | 000,000,098 | ---- | C] () -- C:\Users\redblunted\AppData\Local\fusioncache.dat
[2007.03.26 14:24:28 | 000,640,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2007.03.26 14:24:28 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2007.03.26 14:24:28 | 000,131,462 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2007.03.26 14:24:28 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.03.26 05:20:45 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2007.02.13 08:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,345,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,606,226 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,108,562 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.02 16:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\System32\KILL.INI
[2005.06.16 17:17:16 | 000,071,680 | ---- | C] () -- C:\Windows\System32\CTMMACTL.DLL
[2005.05.24 09:28:18 | 000,034,304 | ---- | C] () -- C:\Windows\PSCONV.EXE
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.07.23 15:00:10 | 000,000,000 | ---D | M] -- C:\Users\redblunted\AppData\Roaming\Ableton
[2010.03.28 23:00:40 | 000,000,000 | ---D | M] -- C:\Users\redblunted\AppData\Roaming\Acoustica
[2011.06.27 19:03:46 | 000,000,000 | ---D | M] -- C:\Users\redblunted\AppData\Roaming\Audacity
[2011.04.13 18:53:17 | 000,000,000 | ---D | M] -- C:\Users\redblunted\AppData\Roaming\Cakewalk
[2011.05.16 15:13:04 | 000,000,000 | ---D | M] -- C:\Users\redblunted\AppData\Roaming\elsterformular
[2010.10.16 22:43:31 | 000,000,000 | ---D | M] -- C:\Users\redblunted\AppData\Roaming\EmuPatchMixDSP
[2009.07.20 22:58:47 | 000,000,000 | ---D | M] -- C:\Users\redblunted\AppData\Roaming\fltk.org
[2008.04.28 22:16:47 | 000,000,000 | ---D | M] -- C:\Users\redblunted\AppData\Roaming\ICQ
[2010.03.22 21:40:04 | 000,000,000 | ---D | M] -- C:\Users\redblunted\AppData\Roaming\iZotope
[2009.08.14 18:32:05 | 000,000,000 | ---D | M] -- C:\Users\redblunted\AppData\Roaming\Keynote Systems
[2011.08.21 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\redblunted\AppData\Roaming\Nikon
[2008.11.19 12:48:43 | 000,000,000 | ---D | M] -- C:\Users\redblunted\AppData\Roaming\OpenOffice.org
[2008.03.09 15:24:48 | 000,000,000 | ---D | M] -- C:\Users\redblunted\AppData\Roaming\Packard Bell
[2010.05.17 18:53:11 | 000,000,000 | ---D | M] -- C:\Users\redblunted\AppData\Roaming\Steinberg
[2011.03.13 13:12:18 | 000,000,000 | ---D | M] -- C:\Users\redblunted\AppData\Roaming\SynthMaker
[2008.03.09 16:08:48 | 000,000,000 | ---D | M] -- C:\Users\redblunted\AppData\Roaming\Template
[2010.10.09 21:47:20 | 000,000,000 | ---D | M] -- C:\Users\redblunted\AppData\Roaming\Thunderbird
[2008.11.18 01:09:21 | 000,000,000 | ---D | M] -- C:\Users\redblunted\AppData\Roaming\Waves Audio
[2009.03.26 17:39:35 | 000,000,000 | ---D | M] -- C:\Users\redblunted\AppData\Roaming\YouSendIt
[2011.11.28 21:00:00 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\Erweiterte Garantie.job
[2011.11.28 18:38:11 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 76 bytes -> C:\Users\redblunted\Documents\Meine empfangenen Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\redblunted\Documents\ICQ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\redblunted\Documents\Eigene Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 64 bytes -> C:\Oh baby.AVI:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\2007_poduce_by_avi_katzin_izrael.avi:TOC.WMV

< End of report >