PC sehr langsam - Zugemüllt

Zwackmix · 04.05.2010, 15:29

Hallo erstmal,

also ich habe seit gestern riesige Probleme mit meinem Quadcore. Sehr langsam. Ich denke das da einige Software drauf ist die da nicht hin gehört, vieleicht könnt ihr mir ja helfen die zu entfernen. Wie muss ich vorgehen, welchen Log von welchen Prog sollte ich posten?!

Antimalware Doctor ist eins davon

(an geht es zwar nicht mehr, aber es ist bestimmt noch drauf)

Wäre echt nett wenn ihr helfen könnt

Zwackmix · 04.05.2010, 15:32

Wenn ich die Fenster schließen will verschwinden sie nur sehr langsam ....

Hier der HijackThis Log:

Zitat:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:07, on 04.05.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Lexmark 5200 Series\lxbtbmgr.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Lexmark 5200 Series\lxbtbmon.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2096149
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe /boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\PROGRA~1\Firebird\V2_0_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\PROGRA~1\Firebird\V2_0_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hercules DJ Control MP3 (HerculesDJControlMP3) - Unknown owner - C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\Windows\system32\lxbtcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9847 bytes

Zwackmix · 04.05.2010, 16:30

mbam 1:

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4065

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.05.2010 17:27:47
mbam-log-2010-05-04 (17-27-47).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 132749
Laufzeit: 8 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Zwackmix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> No action taken.
C:\Users\Zwackmix\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> No action taken.

mbma 2:

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4065

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.05.2010 17:27:54
mbam-log-2010-05-04 (17-27-54).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 132749
Laufzeit: 8 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Zwackmix\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Zwackmix\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

Zwackmix · 04.05.2010, 16:31

Otl:

Zitat:

otl logfile created on: 04.05.2010 17:28:15 - run 1
otl by oldtimer - version 3.2.4.1 folder = c:\users\zwackmix\desktop\downloads
ultimate edition (version = 6.1.7600) - type = ntworkstation
internet explorer (version = 8.0.7600.16385)
locale: 00000407 | country: Deutschland | language: Deu | date format: Dd.mm.yyyy

3,00 gb total physical memory | 2,00 gb available physical memory | 59,00% memory free
6,00 gb paging file | 5,00 gb available in paging file | 76,00% paging file free
paging file location(s): ?:\pagefile.sys [binary data]

%systemdrive% = c: | %systemroot% = c:\windows | %programfiles% = c:\program files
drive c: | 377,87 gb total space | 265,93 gb free space | 70,38% space free | partition type: Ntfs
drive d: | 14,65 gb total space | 2,12 gb free space | 14,48% space free | partition type: Ntfs
drive e: | 73,24 gb total space | 28,86 gb free space | 39,40% space free | partition type: Ntfs
f: Drive not present or media not loaded
g: Drive not present or media not loaded
h: Drive not present or media not loaded
i: Drive not present or media not loaded
drive k: | 298,01 gb total space | 88,54 gb free space | 29,71% space free | partition type: Fat32
drive m: | 698,64 gb total space | 582,38 gb free space | 83,36% space free | partition type: Ntfs
drive o: | 1397,26 gb total space | 717,49 gb free space | 51,35% space free | partition type: Ntfs

computer name: Max
current user name: Zwackmix
logged in as administrator.

Current boot mode: Normal
scan mode: Current user
company name whitelist: Off
skip microsoft files: Off
file age = 30 days
output = minimal

========== processes (safelist) ==========

prc - c:\users\zwackmix\desktop\downloads\otl.exe (oldtimer tools)
prc - c:\program files\steam\steam.exe (valve corporation)
prc - c:\program files\malwarebytes' anti-malware\mbam.exe (malwarebytes corporation)
prc - c:\program files\xfire\xfire.exe (xfire inc.)
prc - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe (apple inc.)
prc - c:\program files\mozilla firefox\firefox.exe (mozilla corporation)
prc - c:\program files\common files\nokia\mplatform\nokiamserver.exe (nokia)
prc - c:\program files\icq7.0\icq.exe (icq, inc.)
prc - c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe (google inc.)
prc - c:\windows\system32\atieclxx.exe (amd)
prc - c:\windows\system32\atiesrxx.exe (amd)
prc - c:\program files\daemon tools lite\dtlite.exe (dt soft ltd)
prc - c:\program files\sony ericsson\sony ericsson pc suite\sepcsuite.exe (sony ericsson mobile communications ab)
prc - c:\program files\common files\protexis\license service\psiservice_2.exe (protexis inc.)
prc - c:\windows\system32\taskhost.exe (microsoft corporation)
prc - c:\windows\explorer.exe (microsoft corporation)
prc - c:\program files\sony ericsson\sony ericsson pc suite\supserv.exe ()
prc - c:\program files\common files\nero\lib\NMIndexStoreSvr.exe (nero ag)
prc - c:\program files\hercules\audio\dj console series\herculesdjcontrolmp3.exe ()
prc - c:\program files\microsoft xbox 360 accessories\xboxstat.exe (microsoft corporation)
prc - c:\program files\firebird\v2_0_1\bin\fbserver.exe (firebirdsql project)
prc - c:\program files\firebird\v2_0_1\bin\fbguard.exe (firebirdsql project)
prc - c:\program files\common files\installshield\updateservice\isuspm.exe (macrovision corporation)
prc - c:\program files\logitech\g-series software\lgdcore.exe (logitech inc.)
prc - c:\program files\logitech\g-series software\applets\lcdpop3\lcdpop3.exe (logitech inc.)
prc - c:\program files\logitech\g-series software\applets\lcdclock.exe (logitech inc.)
prc - c:\program files\logitech\g-series software\applets\lcdmedia.exe (logitech inc.)
prc - c:\program files\logitech\g-series software\lcdmon.exe (logitech inc.)
prc - c:\program files\lexmark 5200 series\lxbtbmon.exe (lexmark international, inc.)
prc - c:\program files\lexmark 5200 series\lxbtbmgr.exe (lexmark international, inc.)

========== modules (safelist) ==========

mod - c:\users\zwackmix\desktop\downloads\otl.exe (oldtimer tools)
mod - c:\program files\xfire\xfire_toucan_42424.dll (xfire inc.)
mod - c:\windows\system32\wsock32.dll (microsoft corporation)
mod - c:\windows\system32\sspicli.dll (microsoft corporation)
mod - c:\windows\system32\sechost.dll (microsoft corporation)
mod - c:\windows\system32\samcli.dll (microsoft corporation)
mod - c:\windows\system32\profapi.dll (microsoft corporation)
mod - c:\windows\system32\netutils.dll (microsoft corporation)
mod - c:\windows\system32\kernelbase.dll (microsoft corporation)
mod - c:\windows\system32\dwmapi.dll (microsoft corporation)
mod - c:\windows\system32\devobj.dll (microsoft corporation)
mod - c:\windows\system32\cryptbase.dll (microsoft corporation)
mod - c:\windows\system32\cfgmgr32.dll (microsoft corporation)
mod - c:\windows\system32\msscript.ocx (microsoft corporation)
mod - c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (microsoft corporation)
mod - c:\windows\system32\msvcr71.dll (microsoft corporation)

========== win32 services (safelist) ==========

srv - (roxliveshare9) -- file not found
srv - (apple mobile device) -- c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe (apple inc.)
srv - (akamai) -- c:\program files\common files\akamai\rswin_3653.dll ()
srv - (flexnet licensing service) -- c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe (acresso software inc.)
srv - (amd external events utility) -- c:\windows\system32\atiesrxx.exe (amd)
srv - (steam client service) -- c:\program files\common files\steam\steamservice.exe (valve corporation)
srv - (psi_svc_2) -- c:\program files\common files\protexis\license service\psiservice_2.exe (protexis inc.)
srv - (wwansvc) -- c:\windows\system32\wwansvc.dll (microsoft corporation)
srv - (wbiosrvc) -- c:\windows\system32\wbiosrvc.dll (microsoft corporation)
srv - (power) -- c:\windows\system32\umpo.dll (microsoft corporation)
srv - (themes) -- c:\windows\system32\themeservice.dll (microsoft corporation)
srv - (sppuinotify) -- c:\windows\system32\sppuinotify.dll (microsoft corporation)
srv - (rpceptmapper) -- c:\windows\system32\rpcepmap.dll (microsoft corporation)
srv - (sensrsvc) -- c:\windows\system32\sensrsvc.dll (microsoft corporation)
srv - (peerdistsvc) -- c:\windows\system32\peerdistsvc.dll (microsoft corporation)
srv - (pnrpsvc) -- c:\windows\system32\pnrpsvc.dll (microsoft corporation)
srv - (p2pimsvc) -- c:\windows\system32\pnrpsvc.dll (microsoft corporation)
srv - (homegroupprovider) -- c:\windows\system32\provsvc.dll (microsoft corporation)
srv - (pnrpautoreg) -- c:\windows\system32\pnrpauto.dll (microsoft corporation)
srv - (windefend) -- c:\program files\windows defender\mpsvc.dll (microsoft corporation)
srv - (homegrouplistener) -- c:\windows\system32\listsvc.dll (microsoft corporation)
srv - (fontcache) -- c:\windows\system32\fntcache.dll (microsoft corporation)
srv - (dhcp) -- c:\windows\system32\dhcpcore.dll (microsoft corporation)
srv - (defragsvc) -- c:\windows\system32\defragsvc.dll (microsoft corporation)
srv - (bdesvc) -- c:\windows\system32\bdesvc.dll (microsoft corporation)
srv - (axinstsv) activex-installer (axinstsv) -- c:\windows\system32\axinstsv.dll (microsoft corporation)
srv - (appidsvc) -- c:\windows\system32\appidsvc.dll (microsoft corporation)
srv - (sppsvc) -- c:\windows\system32\sppsvc.exe (microsoft corporation)
srv - (omsi download service) -- c:\program files\sony ericsson\sony ericsson pc suite\supserv.exe ()
srv - (herculesdjcontrolmp3) -- c:\program files\hercules\audio\dj console series\herculesdjcontrolmp3.exe ()
srv - (firebirdserverdefaultinstance) -- c:\program files\firebird\v2_0_1\bin\fbserver.exe (firebirdsql project)
srv - (firebirdguardiandefaultinstance) -- c:\program files\firebird\v2_0_1\bin\fbguard.exe (firebirdsql project)
srv - (lxbt_device) -- c:\windows\system32\lxbtcoms.exe (lexmark international, inc.)

========== driver services (safelist) ==========

drv - (sptd) -- c:\windows\system32\drivers\sptd.sys ()
drv - (atikmdag) -- c:\windows\system32\drivers\atikmdag.sys (ati technologies inc.)
drv - (hdjasiok) -- c:\windows\system32\drivers\hdjasiok.sys (© guillemot r&d, 2009. All rights reserved.)
drv - (hdjmidi) -- c:\windows\system32\drivers\hdjmidi.sys (© guillemot r&d, 2009. All rights reserved.)
drv - (bulk) -- c:\windows\system32\drivers\hdjbulk.sys (© guillemot r&d, 2009. All rights reserved.)
drv - (cmdide) -- c:\windows\system32\drivers\cmdide.sys (cmd technology, inc.)
drv - (adpahci) -- c:\windows\system32\drivers\adpahci.sys (adaptec, inc.)
drv - (adp94xx) -- c:\windows\system32\drivers\adp94xx.sys (adaptec, inc.)
drv - (amdsbs) -- c:\windows\system32\drivers\amdsbs.sys (amd technologies inc.)
drv - (adpu320) -- c:\windows\system32\drivers\adpu320.sys (adaptec, inc.)
drv - (arcsas) -- c:\windows\system32\drivers\arcsas.sys (adaptec, inc.)
drv - (amdsata) -- c:\windows\system32\drivers\amdsata.sys (advanced micro devices)
drv - (arc) -- c:\windows\system32\drivers\arc.sys (adaptec, inc.)
drv - (amdxata) -- c:\windows\system32\drivers\amdxata.sys (advanced micro devices)
drv - (aliide) -- c:\windows\system32\drivers\aliide.sys (acer laboratories inc.)
drv - (nvstor) -- c:\windows\system32\drivers\nvstor.sys (nvidia corporation)
drv - (nvraid) -- c:\windows\system32\drivers\nvraid.sys (nvidia corporation)
drv - (nfrd960) -- c:\windows\system32\drivers\nfrd960.sys (ibm corporation)
drv - (lsi_sas) -- c:\windows\system32\drivers\lsi_sas.sys (lsi corporation)
drv - (iastorv) -- c:\windows\system32\drivers\iastorv.sys (intel corporation)
drv - (megasr) -- c:\windows\system32\drivers\megasr.sys (lsi corporation, inc.)
drv - (ksecpkg) -- c:\windows\system32\drivers\ksecpkg.sys (microsoft corporation)
drv - (lsi_scsi) -- c:\windows\system32\drivers\lsi_scsi.sys (lsi corporation)
drv - (lsi_fc) -- c:\windows\system32\drivers\lsi_fc.sys (lsi corporation)
drv - (lsi_sas2) -- c:\windows\system32\drivers\lsi_sas2.sys (lsi corporation)
drv - (iirsp) -- c:\windows\system32\drivers\iirsp.sys (intel corp./icp vortex gmbh)
drv - (megasas) -- c:\windows\system32\drivers\megasas.sys (lsi corporation)
drv - (hwpolicy) -- c:\windows\system32\drivers\hwpolicy.sys (microsoft corporation)
drv - (elxstor) -- c:\windows\system32\drivers\elxstor.sys (emulex)
drv - (aic78xx) -- c:\windows\system32\drivers\djsvs.sys (adaptec, inc.)
drv - (hpsamd) -- c:\windows\system32\drivers\hpsamd.sys (hewlett-packard company)
drv - (fsdepends) -- c:\windows\system32\drivers\fsdepends.sys (microsoft corporation)
drv - (vsmraid) -- c:\windows\system32\drivers\vsmraid.sys (via technologies inc.,ltd)
drv - (vmbus) -- c:\windows\system32\drivers\vmbus.sys (microsoft corporation)
drv - (vhdmp) -- c:\windows\system32\drivers\vhdmp.sys (microsoft corporation)
drv - (storflt) -- c:\windows\system32\drivers\vmstorfl.sys (microsoft corporation)
drv - (vdrvroot) -- c:\windows\system32\drivers\vdrvroot.sys (microsoft corporation)
drv - (storvsc) -- c:\windows\system32\drivers\storvsc.sys (microsoft corporation)
drv - (wimmount) -- c:\windows\system32\drivers\wimmount.sys (microsoft corporation)
drv - (viaide) -- c:\windows\system32\drivers\viaide.sys (via technologies, inc.)
drv - (ql2300) -- c:\windows\system32\drivers\ql2300.sys (qlogic corporation)
drv - (rdyboost) -- c:\windows\system32\drivers\rdyboost.sys (microsoft corporation)
drv - (ql40xx) -- c:\windows\system32\drivers\ql40xx.sys (qlogic corporation)
drv - (sisraid4) -- c:\windows\system32\drivers\sisraid4.sys (silicon integrated systems)
drv - (pcw) -- c:\windows\system32\drivers\pcw.sys (microsoft corporation)
drv - (sisraid2) -- c:\windows\system32\drivers\sisraid2.sys (silicon integrated systems corp.)
drv - (stexstor) -- c:\windows\system32\drivers\stexstor.sys (promise technology)
drv - (cng) -- c:\windows\system32\drivers\cng.sys (microsoft corporation)
drv - (brserid) brother mfc serial port interface driver (wdm) -- c:\windows\system32\drivers\brserid.sys (brother industries ltd.)
drv - (rdpbus) -- c:\windows\system32\drivers\rdpbus.sys (microsoft corporation)
drv - (rdprefmp) -- c:\windows\system32\drivers\rdprefmp.sys (microsoft corporation)
drv - (rasagilevpn) wan miniport (ikev2) -- c:\windows\system32\drivers\agilevpn.sys (microsoft corporation)
drv - (wfplwf) -- c:\windows\system32\drivers\wfplwf.sys (microsoft corporation)
drv - (ndiscap) -- c:\windows\system32\drivers\ndiscap.sys (microsoft corporation)
drv - (vwifibus) -- c:\windows\system32\drivers\vwifibus.sys (microsoft corporation)
drv - (1394ohci) -- c:\windows\system32\drivers\1394ohci.sys (microsoft corporation)
drv - (umpass) -- c:\windows\system32\drivers\umpass.sys (microsoft corporation)
drv - (usbaudio) usb-audiotreiber (wdm) -- c:\windows\system32\drivers\usbaudio.sys (microsoft corporation)
drv - (winusb) -- c:\windows\system32\drivers\winusb.sys (microsoft corporation)
drv - (mshidkmdf) -- c:\windows\system32\drivers\mshidkmdf.sys (microsoft corporation)
drv - (mtconfig) -- c:\windows\system32\drivers\mtconfig.sys (microsoft corporation)
drv - (xnacc) -- c:\windows\system32\drivers\xnacc.sys (microsoft corporation)
drv - (compositebus) -- c:\windows\system32\drivers\compositebus.sys (microsoft corporation)
drv - (appid) -- c:\windows\system32\drivers\appid.sys (microsoft corporation)
drv - (scfilter) -- c:\windows\system32\drivers\scfilter.sys (microsoft corporation)
drv - (s3cap) -- c:\windows\system32\drivers\vms3cap.sys (microsoft corporation)
drv - (vmbushid) -- c:\windows\system32\drivers\vmbushid.sys (microsoft corporation)
drv - (discache) -- c:\windows\system32\drivers\discache.sys (microsoft corporation)
drv - (hidbatt) -- c:\windows\system32\drivers\hidbatt.sys (microsoft corporation)
drv - (acpipmi) -- c:\windows\system32\drivers\acpipmi.sys (microsoft corporation)
drv - (amdppm) -- c:\windows\system32\drivers\amdppm.sys (microsoft corporation)
drv - (hcw85cir) -- c:\windows\system32\drivers\hcw85cir.sys (hauppauge computer works, inc.)
drv - (brusbmdm) -- c:\windows\system32\drivers\brusbmdm.sys (brother industries ltd.)
drv - (brusbser) -- c:\windows\system32\drivers\brusbser.sys (brother industries ltd.)
drv - (brserwdm) -- c:\windows\system32\drivers\brserwdm.sys (brother industries ltd.)
drv - (brfiltlo) -- c:\windows\system32\drivers\brfiltlo.sys (brother industries, ltd.)
drv - (brfiltup) -- c:\windows\system32\drivers\brfiltup.sys (brother industries, ltd.)
drv - (yukonw7) -- c:\windows\system32\drivers\yk62x86.sys (marvell)
drv - (b57nd60x) -- c:\windows\system32\drivers\b57nd60x.sys (broadcom corporation)
drv - (ebdrv) -- c:\windows\system32\drivers\evbdx.sys (broadcom corporation)
drv - (b06bdrv) -- c:\windows\system32\drivers\bxvbdx.sys (broadcom corporation)
drv - (s1018mdm) -- c:\windows\system32\drivers\s1018mdm.sys (mcci corporation)
drv - (s1018mgmt) sony ericsson device 1018 usb wmc device management drivers (wdm) -- c:\windows\system32\drivers\s1018mgmt.sys (mcci corporation)
drv - (s1018bus) sony ericsson device 1018 driver (wdm) -- c:\windows\system32\drivers\s1018bus.sys (mcci corporation)
drv - (s1018nd5) sony ericsson device 1018 usb ethernet emulation (ndis) -- c:\windows\system32\drivers\s1018nd5.sys (mcci corporation)
drv - (s1018mdfl) -- c:\windows\system32\drivers\s1018mdfl.sys (mcci corporation)
drv - (s1018unic) sony ericsson device 1018 usb ethernet emulation (wdm) -- c:\windows\system32\drivers\s1018unic.sys (mcci corporation)
drv - (s1018obex) -- c:\windows\system32\drivers\s1018obex.sys (mcci corporation)
drv - (adfs) -- c:\windows\system32\drivers\adfs.sys (adobe systems, inc.)
drv - (seehcri) -- c:\windows\system32\drivers\seehcri.sys (sony ericsson mobile communications)
drv - (xusb21) -- c:\windows\system32\drivers\xusb21.sys (microsoft corporation)

========== standard registry (safelist) ==========

========== internet explorer ==========

ie - hklm\software\microsoft\internet explorer\main,search page = ${url_searchpage}

ie - hkcu\software\microsoft\internet explorer\main,search page = ${url_searchpage}
ie - hkcu\software\microsoft\internet explorer\main,start page = hxxp://search.conduit.com?searchsource=10&ctid=ct2096149
ie - hkcu\..\urlsearchhook: - reg error: Key error. File not found
ie - hkcu\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
ie - hkcu\software\microsoft\windows\currentversion\internet settings: "proxyoverride" = *.local

ff - hklm\software\mozilla\mozilla firefox 3.6.3\extensions\\components: C:\program files\mozilla firefox\components [2010.04.17 19:24:57 | 000,000,000 | ---d | m]
ff - hklm\software\mozilla\mozilla firefox 3.6.3\extensions\\plugins: C:\program files\mozilla firefox\plugins [2010.04.15 13:58:50 | 000,000,000 | ---d | m]

[2010.05.04 16:32:35 | 000,000,000 | ---d | m] -- c:\program files\mozilla firefox\extensions
[2010.04.18 11:31:49 | 000,000,000 | ---d | m] (skype extension for firefox) -- c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}
[2010.04.25 16:36:10 | 000,000,000 | ---d | m] -- c:\program files\mozilla firefox\extensions\quickstores@quickstores.de
[2010.03.13 14:05:54 | 000,001,392 | ---- | m] () -- c:\program files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.03.13 14:05:54 | 000,002,344 | ---- | m] () -- c:\program files\mozilla firefox\searchplugins\ebay-de.xml
[2010.03.13 14:05:54 | 000,006,805 | ---- | m] () -- c:\program files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.13 14:05:54 | 000,001,178 | ---- | m] () -- c:\program files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.03.13 14:05:54 | 000,001,105 | ---- | m] () -- c:\program files\mozilla firefox\searchplugins\yahoo-de.xml

o1 hosts file: ([2010.03.10 12:35:31 | 000,001,054 | ---- | m]) - c:\windows\system32\drivers\etc\hosts
o1 - hosts: 127.0.0.1 im.adtech.de
o1 - hosts: 127.0.0.1 adserver.adtech.de
o1 - hosts: 127.0.0.1 adtech.de
o1 - hosts: 127.0.0.1 ar.atwola.com
o1 - hosts: 127.0.0.1 atwola.com
o1 - hosts: 127.0.0.1 adserver.71i.de
o1 - hosts: 127.0.0.1 adicqserver.71i.de
o1 - hosts: 127.0.0.1 71i.de
o1 - hosts: 127.0.0.1 activate.adobe.com
o2 - bho: (groove gfs browser helper) - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\grooveshellextensions.dll (microsoft corporation)
o2 - bho: (google toolbar helper) - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll (google inc.)
o2 - bho: (google toolbar notifier bho) - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll (google inc.)
o3 - hklm\..\toolbar: (no name) - {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - no clsid value found.
O3 - hklm\..\toolbar: (google toolbar) - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll (google inc.)
o3 - hkcu\..\toolbar\webbrowser: (google toolbar) - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll (google inc.)
o4 - hklm..\run: [adobecs4servicemanager] c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe (adobe systems incorporated)
o4 - hklm..\run: [hercules dj series] c:\program files\hercules\audio\dj console series\hdjseriescpl.exe (hercules®)
o4 - hklm..\run: [launch lcdmon] c:\program files\logitech\g-series software\lcdmon.exe (logitech inc.)
o4 - hklm..\run: [launch lgdcore] c:\program files\logitech\g-series software\lgdcore.exe (logitech inc.)
o4 - hklm..\run: [lexmark 5200 series] c:\program files\lexmark 5200 series\lxbtbmgr.exe (lexmark international, inc.)
o4 - hklm..\run: [ malwarebytes anti-malware (reboot)] c:\program files\malwarebytes' anti-malware\mbam.exe (malwarebytes corporation)
o4 - hklm..\run: [nbkeyscan] c:\program files\nero\nero8\nero backitup\nbkeyscan.exe (nero ag)
o4 - hklm..\run: [nokiamserver] c:\program files\common files\nokia\mplatform\nokiamserver.exe (nokia)
o4 - hklm..\run: [xboxstat] c:\program files\microsoft xbox 360 accessories\xboxstat.exe (microsoft corporation)
o4 - hkcu..\run: [daemon tools lite] c:\program files\daemon tools lite\dtlite.exe (dt soft ltd)
o4 - hkcu..\run: [icq] c:\program files\icq7.0\icq.exe (icq, inc.)
o4 - hkcu..\run: [indxstoresvr_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}] c:\program files\common files\nero\lib\NMIndexStoreSvr.exe (nero ag)
o4 - hkcu..\run: [isuspm] c:\program files\common files\installshield\updateservice\isuspm.exe (macrovision corporation)
o4 - hkcu..\run: [nokiaovisuite2] c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe file not found
o4 - hkcu..\run: [sony ericsson pc suite] c:\program files\sony ericsson\sony ericsson pc suite\sepcsuite.exe (sony ericsson mobile communications ab)
o4 - hkcu..\run: [steam] c:\program files\steam\steam.exe (valve corporation)
o4 - hkcu..\run: [swg] c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe (google inc.)
o4 - hklm..\runonce: [malwarebytes' anti-malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe (malwarebytes corporation)
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Consentpromptbehavioradmin = 0
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Consentpromptbehavioruser = 3
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Enablelua = 0
o6 - hklm\software\microsoft\windows\currentversion\policies\system: Promptonsecuredesktop = 0
o8 - extra context menu item: Google sidewiki... - c:\program files\google\google toolbar\component\googletoolbardynamic_mui_en_96d6ff0c6d236bf8.dll (google inc.)
o8 - extra context menu item: Nach microsoft e&xel exportieren - c:\program files\microsoft office\office12\excel.exe (microsoft corporation)
o9 - extra button: An onenote senden - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\program files\microsoft office\office12\onbttnie.dll (microsoft corporation)
o9 - extra 'tools' menuitem : An onenote s&enden - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\program files\microsoft office\office12\onbttnie.dll (microsoft corporation)
o9 - extra button: Icq7 - {88eb38ef-4d2c-436d-abd3-56b232674062} - c:\program files\icq7.0\icq.exe (icq, inc.)
o9 - extra 'tools' menuitem : Icq7 - {88eb38ef-4d2c-436d-abd3-56b232674062} - c:\program files\icq7.0\icq.exe (icq, inc.)
o10 - namespace_catalog5\catalog_entries\000000000007 [] - c:\program files\bonjour\mdnsnsp.dll (apple inc.)
o13 - gopher prefix: Missing
o16 - dpf: {8ad9c840-044e-11d1-b3e9-00805f499d93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (java plug-in 1.6.0_15)
o16 - dpf: {cafeefac-0016-0000-0015-abcdeffedcba} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (java plug-in 1.6.0_15)
o16 - dpf: {cafeefac-ffff-ffff-ffff-abcdeffedcba} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (java plug-in 1.6.0_15)
o17 - hklm\system\ccs\services\tcpip\parameters: Dhcpnameserver = 192.168.2.1
o18 - protocol\handler\groovelocalgws {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files\microsoft office\office12\groovesystemservices.dll (microsoft corporation)
o18 - protocol\handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\program files\common files\microsoft shared\help\hxds.dll (microsoft corporation)
o18 - protocol\handler\skype4com {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} - c:\program files\common files\skype\skype4com.dll (skype technologies)
o20 - hklm winlogon: Shell - (explorer.exe) - c:\windows\explorer.exe (microsoft corporation)
o20 - hklm winlogon: Vmapplet - (systempropertiesperformance.exe) - c:\windows\system32\systempropertiesperformance.exe (microsoft corporation)
o20 - hklm winlogon: Vmapplet - (/pagefile) - file not found
o21 - ssodl: Webcheck - {e6fb5e20-de35-11cf-9c87-00aa005127ed} - clsid or file not found.
O28 - hklm shellexecutehooks: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\grooveshellextensions.dll (microsoft corporation)
o30 - lsa: Security packages - (pku2u) - c:\windows\system32\pku2u.dll (microsoft corporation)
o32 - hklm cdrom: Autorun - 1
o32 - autorun file - [2010.03.12 16:07:31 | 000,000,000 | ---d | m] - c:\autodesk -- [ ntfs ]
o32 - autorun file - [2009.06.10 23:42:20 | 000,000,024 | ---- | m] () - c:\autoexec.bat -- [ ntfs ]
o32 - autorun file - [2009.12.09 18:55:58 | 000,000,000 | ---d | m] - e:\autos -- [ ntfs ]
o32 - autorun file - [2010.04.04 00:47:55 | 000,000,000 | rh-d | m] - o:\autorun -- [ ntfs ]
o32 - autorun file - [2002.10.16 20:56:50 | 000,000,036 | rh-- | m] () - o:\autorun.inf -- [ ntfs ]
o33 - mountpoints2\{d5f64ae9-276f-11df-b30b-000129a5d7b1}\shell - "" = autorun
o33 - mountpoints2\{d5f64ae9-276f-11df-b30b-000129a5d7b1}\shell\autorun\command - "" = n:\autorun.exe -- file not found
o34 - hklm bootexecute: (autocheck autochk *) - file not found
o35 - hklm\..comfile [open] -- "%1" %*
o35 - hklm\..exefile [open] -- "%1" %*
o37 - hklm\...com [@ = comfile] -- "%1" %*
o37 - hklm\...exe [@ = exefile] -- "%1" %*

========== files/folders - created within 30 days ==========

[2010.05.04 17:16:18 | 000,038,224 | ---- | c] (malwarebytes corporation) -- c:\windows\system32\drivers\mbamswissarmy.sys
[2010.05.04 17:16:15 | 000,020,952 | ---- | c] (malwarebytes corporation) -- c:\windows\system32\drivers\mbam.sys
[2010.05.04 16:32:00 | 000,000,000 | ---d | c] -- c:\program files\trend micro
[2010.05.04 14:32:03 | 000,000,000 | ---d | c] -- c:\program files\malwarebytes' anti-malware
[2010.05.04 14:32:03 | 000,000,000 | ---d | c] -- c:\programdata\malwarebytes
[2010.05.04 13:47:54 | 000,000,000 | ---d | c] -- c:\program files\enigma software group
[2010.05.04 13:37:52 | 000,000,000 | ---d | c] -- c:\programdata\bvrp software
[2010.05.04 13:05:33 | 000,000,000 | ---d | c] -- c:\programdata\ubisoft
[2010.05.04 12:03:50 | 000,000,000 | ---d | c] -- c:\program files\ubisoft
[2010.04.29 22:57:52 | 000,000,000 | ---d | c] -- c:\program files\ipod
[2010.04.29 22:57:51 | 000,000,000 | ---d | c] -- c:\program files\itunes
[2010.04.29 22:55:34 | 000,000,000 | ---d | c] -- c:\program files\bonjour
[2010.04.28 20:28:53 | 000,000,000 | -hsd | c] -- c:\config.msi
[2010.04.28 20:28:53 | 000,000,000 | -hsd | c] -- \config.msi
[2010.04.27 23:27:01 | 000,000,000 | ---d | c] -- c:\poker
[2010.04.27 23:27:01 | 000,000,000 | ---d | c] -- \poker
[2010.04.18 11:31:28 | 000,000,000 | ---d | c] -- c:\program files\common files\skype
[2010.04.18 11:31:27 | 000,000,000 | r--d | c] -- c:\program files\skype
[2010.04.18 11:31:24 | 000,000,000 | ---d | c] -- c:\programdata\skype
[2010.04.16 23:24:03 | 000,000,000 | ---d | c] -- c:\windows\minidump
[2010.04.16 11:30:13 | 000,148,736 | ---- | c] (avanquest software) -- c:\programdata\hpe3165.dll
[2010.04.16 11:30:10 | 000,027,632 | ---- | c] (sony ericsson mobile communications) -- c:\windows\system32\drivers\seehcri.sys
[2010.04.16 11:26:26 | 000,148,736 | ---- | c] (avanquest software) -- c:\programdata\hpebbb9.dll
[2010.04.16 11:26:23 | 000,109,736 | ---- | c] (mcci corporation) -- c:\windows\system32\drivers\s1018unic.sys
[2010.04.16 11:26:23 | 000,012,200 | ---- | c] (mcci corporation) -- c:\windows\system32\drivers\s1018whnt.sys
[2010.04.16 11:26:23 | 000,012,200 | ---- | c] (mcci corporation) -- c:\windows\system32\drivers\s1018wh.sys
[2010.04.16 11:26:22 | 000,114,472 | ---- | c] (mcci corporation) -- c:\windows\system32\drivers\s1018mdm.sys
[2010.04.16 11:26:22 | 000,108,328 | ---- | c] (mcci corporation) -- c:\windows\system32\drivers\s1018mgmt.sys
[2010.04.16 11:26:22 | 000,104,616 | ---- | c] (mcci corporation) -- c:\windows\system32\drivers\s1018obex.sys
[2010.04.16 11:26:22 | 000,086,696 | ---- | c] (mcci corporation) -- c:\windows\system32\drivers\s1018bus.sys
[2010.04.16 11:26:22 | 000,026,024 | ---- | c] (mcci corporation) -- c:\windows\system32\drivers\s1018nd5.sys
[2010.04.16 11:26:22 | 000,015,016 | ---- | c] (mcci corporation) -- c:\windows\system32\drivers\s1018mdfl.sys
[2010.04.16 11:26:22 | 000,012,200 | ---- | c] (mcci corporation) -- c:\windows\system32\drivers\s1018cmnt.sys
[2010.04.16 11:26:22 | 000,012,200 | ---- | c] (mcci corporation) -- c:\windows\system32\drivers\s1018cm.sys
[2010.04.16 11:26:22 | 000,010,792 | ---- | c] (mcci corporation) -- c:\windows\system32\drivers\s1018cr.sys
[2010.04.16 11:26:13 | 000,000,000 | ---d | c] -- c:\programdata\sony ericsson
[2010.04.16 11:26:13 | 000,000,000 | ---d | c] -- c:\program files\sony ericsson
[2010.04.15 14:00:38 | 000,000,000 | ---d | c] -- c:\programdata\{429cad59-35b1-4dbc-bb6d-1db246563521}
[2010.04.15 13:58:32 | 000,000,000 | ---d | c] -- c:\program files\quicktime
[2010.04.08 13:20:02 | 000,107,808 | ---- | c] (apple inc.) -- c:\windows\system32\dns-sd.exe
[2010.04.08 13:20:02 | 000,091,424 | ---- | c] (apple inc.) -- c:\windows\system32\dnssd.dll
[3 c:\windows\system32\*.tmp files -> c:\windows\system32\*.tmp -> ]
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

========== files - modified within 30 days ==========

[2010.05.04 17:29:25 | 005,767,168 | -hs- | m] () -- c:\users\zwackmix\ntuser.dat
[2010.05.04 17:28:10 | 000,054,016 | ---- | m] () -- c:\windows\system32\drivers\iwclj.sys
[2010.05.04 17:19:00 | 000,001,096 | ---- | m] () -- c:\windows\tasks\googleupdatetaskmachineua.job
[2010.05.04 17:16:20 | 000,000,943 | ---- | m] () -- c:\users\public\desktop\malwarebytes' anti-malware.lnk
[2010.05.04 16:25:28 | 000,014,016 | -h-- | m] () -- c:\windows\system32\7b296fb0-376b-497e-b012-9c450e1b7327-5p-1.c7483456-a289-439d-8115-601632d005a0
[2010.05.04 16:25:28 | 000,014,016 | -h-- | m] () -- c:\windows\system32\7b296fb0-376b-497e-b012-9c450e1b7327-5p-0.c7483456-a289-439d-8115-601632d005a0
[2010.05.04 16:18:16 | 000,001,092 | ---- | m] () -- c:\windows\tasks\googleupdatetaskmachinecore.job
[2010.05.04 16:18:15 | 000,524,288 | -hs- | m] () -- c:\users\zwackmix\ntuser.dat{d2c1b65b-5787-11df-aabb-000129a5d7b1}.tmcontainer00000000000000000002.regtrans-ms
[2010.05.04 16:18:15 | 000,524,288 | -hs- | m] () -- c:\users\zwackmix\ntuser.dat{d2c1b65b-5787-11df-aabb-000129a5d7b1}.tmcontainer00000000000000000001.regtrans-ms
[2010.05.04 16:18:15 | 000,065,536 | -hs- | m] () -- c:\users\zwackmix\ntuser.dat{d2c1b65b-5787-11df-aabb-000129a5d7b1}.tm.blf
[2010.05.04 16:18:12 | 000,000,006 | -h-- | m] () -- c:\windows\tasks\sa.dat
[2010.05.04 16:18:09 | 000,067,584 | --s- | m] () -- c:\windows\bootstat.dat
[2010.05.04 16:18:01 | 121,576,520 | ---- | m] () -- c:\windows\memory.dmp
[2010.05.04 16:17:59 | 2615,812,096 | -hs- | m] () -- c:\hiberfil.sys
[2010.05.04 10:49:12 | 001,480,602 | ---- | m] () -- c:\windows\system32\perfstringbackup.ini
[2010.05.04 10:49:12 | 000,647,138 | ---- | m] () -- c:\windows\system32\perfh007.dat
[2010.05.04 10:49:12 | 000,609,896 | ---- | m] () -- c:\windows\system32\perfh009.dat
[2010.05.04 10:49:12 | 000,127,198 | ---- | m] () -- c:\windows\system32\perfc007.dat
[2010.05.04 10:49:12 | 000,104,214 | ---- | m] () -- c:\windows\system32\perfc009.dat
[2010.04.29 12:19:24 | 000,038,224 | ---- | m] (malwarebytes corporation) -- c:\windows\system32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | m] (malwarebytes corporation) -- c:\windows\system32\drivers\mbam.sys
[2010.04.28 20:44:01 | 000,000,069 | ---- | m] () -- c:\windows\nerodigital.ini
[2010.04.27 23:27:04 | 000,000,709 | ---- | m] () -- c:\users\public\desktop\poker 770.lnk
[2010.04.18 11:35:30 | 000,000,056 | -h-- | m] () -- c:\windows\system32\ezsidmv.dat
[2010.04.16 22:26:30 | 000,041,872 | ---- | m] () -- c:\windows\system32\xfcodec.dll
[2010.04.16 11:30:13 | 000,148,736 | ---- | m] (avanquest software) -- c:\programdata\hpe3165.dll
[2010.04.16 11:26:26 | 000,148,736 | ---- | m] (avanquest software) -- c:\programdata\hpebbb9.dll
[2010.04.08 13:20:02 | 000,107,808 | ---- | m] (apple inc.) -- c:\windows\system32\dns-sd.exe
[2010.04.08 13:20:02 | 000,091,424 | ---- | m] (apple inc.) -- c:\windows\system32\dnssd.dll
[3 c:\windows\system32\*.tmp files -> c:\windows\system32\*.tmp -> ]
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

========== files created - no company name ==========

[2010.05.04 17:28:10 | 000,054,016 | ---- | c] () -- c:\windows\system32\drivers\iwclj.sys
[2010.05.04 17:16:20 | 000,000,943 | ---- | c] () -- c:\users\public\desktop\malwarebytes' anti-malware.lnk
[2010.05.04 16:18:15 | 000,524,288 | -hs- | c] () -- c:\users\zwackmix\ntuser.dat{d2c1b65b-5787-11df-aabb-000129a5d7b1}.tmcontainer00000000000000000002.regtrans-ms
[2010.05.04 16:18:15 | 000,524,288 | -hs- | c] () -- c:\users\zwackmix\ntuser.dat{d2c1b65b-5787-11df-aabb-000129a5d7b1}.tmcontainer00000000000000000001.regtrans-ms
[2010.05.04 16:18:15 | 000,065,536 | -hs- | c] () -- c:\users\zwackmix\ntuser.dat{d2c1b65b-5787-11df-aabb-000129a5d7b1}.tm.blf
[2010.05.04 14:28:45 | 000,000,401 | ---- | c] () -- \rkill.log
[2010.04.27 23:27:04 | 000,000,709 | ---- | c] () -- c:\users\public\desktop\poker 770.lnk
[2010.04.18 11:35:30 | 000,000,056 | -h-- | c] () -- c:\windows\system32\ezsidmv.dat
[2010.04.16 23:22:41 | 121,576,520 | ---- | c] () -- c:\windows\memory.dmp
[2010.04.16 22:26:30 | 000,041,872 | ---- | c] () -- c:\windows\system32\xfcodec.dll
[2010.03.31 10:09:09 | 000,022,328 | ---- | c] () -- c:\windows\system32\drivers\pnkbstrk.sys
[2010.03.31 10:08:41 | 000,000,319 | ---- | c] () -- c:\windows\game.ini
[2010.01.28 14:17:42 | 000,691,696 | ---- | c] () -- c:\windows\system32\drivers\sptd.sys
[2009.11.26 17:36:46 | 000,139,264 | ---- | c] () -- c:\windows\system32\lxbtcoin.dll
[2009.11.26 17:36:46 | 000,126,976 | ---- | c] () -- c:\windows\system32\lxbtsnls.dll
[2009.11.26 17:36:46 | 000,001,832 | ---- | c] () -- c:\windows\system32\lxbtprod.ini
[2009.11.22 19:36:51 | 000,000,069 | ---- | c] () -- c:\windows\nerodigital.ini
[2009.11.16 18:29:22 | 000,015,156 | ---- | c] () -- c:\windows\system32\self32.ini
[2009.11.16 18:29:03 | 000,000,400 | ---- | c] () -- c:\windows\odbc.ini
[2009.11.06 10:58:04 | 000,178,975 | ---- | c] () -- c:\windows\system32\xlive.dll.cat
[2009.07.14 01:51:43 | 000,073,728 | ---- | c] () -- c:\windows\system32\bthpancontexthandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | c] () -- c:\windows\system32\bwcontexthandler.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | c] () -- c:\windows\system32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | c] () -- c:\windows\system32\agcpaneltraditionalchinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | c] () -- c:\windows\system32\agcpanelswedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | c] () -- c:\windows\system32\agcpanelspanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | c] () -- c:\windows\system32\agcpanelsimplifiedchinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | c] () -- c:\windows\system32\agcpanelportugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | c] () -- c:\windows\system32\agcpanelkorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | c] () -- c:\windows\system32\agcpaneljapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | c] () -- c:\windows\system32\agcpanelgerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | c] () -- c:\windows\system32\agcpanelfrench.dll
[2006.11.01 17:01:12 | 000,110,592 | ---- | c] () -- c:\windows\system32\usbpager.dll
[2004.02.19 19:31:34 | 000,151,552 | ---- | c] () -- c:\windows\system32\lxbthwdf.dll
[2003.06.23 18:06:02 | 000,040,960 | ---- | c] () -- c:\windows\system32\lxbtvs.dll
< end of report >

.................