Win32.Downloader found?

**thomas frank mas** · 2013-07-04, 14:24

Hi Gentlemen!
I have reinstalled XP SP3 on my computer, Norton Internetsecurity and Tuneup 2012 and after installation of SpyBot 2 and run of System-Scan it showed infection with WIN32.Downloader MalwareC ID F65FFCFA 13. I had SpyBot correct it and since that there is no indication of further infection wether in SpyBot or in Norton. I googled the threats of this malware and these informations tell, that it could not be removed by Spybot and other viruskilling programs and it does hide itself. The only sign of infection is after some time of running IE 8 stays trying to connect, but shoes no Homepage whatsoever. So I need your help to detect whats going on.
Before I posted Ideactivated TuneUpservices.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Tom at 13:17:41 on 2013-07-04
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1257 [GMT 2:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe
C:\Programme\Safer Networking\Spybot - Search & Destroy 2\SDTray.exe
C:\Programme\APPLE\iTunesHelper.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MagicTune Premium\GammaTray.exe
C:\Programme\Windows Desktop Search\WindowsSearch.exe
c:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre7\bin\jqs.exe
C:\Programme\MagicTune Premium\MagicTune.exe
C:\Programme\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Programme\Safer Networking\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Programme\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Programme\Safer Networking\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Programme\Logitech\SetPointP\SetPoint.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Gemeinsame Dateien\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\System32\alg.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Freecorder extension\BackgroundHost.exe
C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe
C:\Programme\Microsoft\Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.upc.at/
uProxyServer = localhost:21320
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\programme\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\programme\norton internet security\engine\20.4.0.40\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\programme\norton internet security\engine\20.4.0.40\ips\IPSBHO.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programme\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\programme\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Freecorder extension: {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - c:\programme\freecorder extension\ScriptHost.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programme\java\jre7\bin\jp2ssv.dll
BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\programme\gemeinsame dateien\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\programme\norton internet security\engine\20.4.0.40\CoIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\programme\norton internet security\engine\20.4.0.40\CoIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\programme\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
mRun: [DivXMediaServer] c:\programme\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\programme\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\programme\gemeinsame dateien\apple\apple application support\APSDaemon.exe"
mRun: [EvtMgr6] c:\programme\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MagicTuneLauncher] c:\programme\magictune premium\MagicTuneLauncher.exe
mRun: [SDTray] "c:\programme\safer networking\spybot - search & destroy 2\SDTray.exe"
mRun: [iTunesHelper] "c:\programme\apple\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\alluse~1.win\startm~1\progra~1\autost~1\gammat~1.lnk - c:\programme\magictune premium\GammaTray.exe
StartupFolder: c:\dokume~1\alluse~1.win\startm~1\progra~1\autost~1\window~1.lnk - c:\programme\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Free YouTube Download - c:\programme\gemeinsame dateien\dvdvideosoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\programme\gemeinsame dateien\dvdvideosoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\mi4d84~1\office\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\programme\gemeinsame dateien\dvdvideosoft\bin\IEDownloadMenuAndBtns.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1371604349625
TCP: NameServer = 212.186.211.21 195.34.133.21
TCP: Interfaces\{0D6775AE-C5DE-4202-A172-E809EB93E068} : DHCPNameServer = 212.186.211.21 195.34.133.21
Notify: LBTWlgn - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= c:\progra~1\gemein~1\jaksta~1\audioc~1\jaudcap.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\programme\windows desktop search\MSNLNamespaceMgr.dll
IFEO: connect.exe - "c:\programme\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: excel.exe - "c:\programme\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: finalmediaplayer.exe - "c:\programme\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: finder.exe - "c:\programme\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: infopath.exe - "c:\programme\tuneup utilities 2012\TUAutoReactivator32.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1404000.028\SymDS.sys [2013-6-20 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1404000.028\SymEFA.sys [2013-6-20 934488]
R1 BHDrvx86;BHDrvx86;c:\dokumente und einstellungen\all users.windows\anwendungsdaten\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.4.0.40\definitions\bashdefs\20130702.001\BHDrvx86.sys [2013-7-2 1002072]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1404000.028\ccSetx86.sys [2013-6-20 134744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1404000.028\Ironx86.sys [2013-6-20 175264]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2013-6-24 12808]
R2 NIS;Norton Internet Security;c:\programme\norton internet security\engine\20.4.0.40\ccSvcHst.exe [2013-6-20 144368]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programme\safer networking\spybot - search & destroy 2\SDFSSvc.exe [2013-6-29 1817560]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programme\safer networking\spybot - search & destroy 2\SDUpdSvc.exe [2013-6-29 1033688]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\gemeinsame dateien\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-6-20 106656]
R3 IDSxpx86;IDSxpx86;c:\dokumente und einstellungen\all users.windows\anwendungsdaten\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.4.0.40\definitions\ipsdefs\20130703.001\IDSXpx86.sys [2013-7-4 373728]
R3 NAVENG;NAVENG;c:\dokumente und einstellungen\all users.windows\anwendungsdaten\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.4.0.40\definitions\virusdefs\20130703.022\NAVENG.SYS [2013-7-4 93272]
R3 NAVEX15;NAVEX15;c:\dokumente und einstellungen\all users.windows\anwendungsdaten\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.4.0.40\definitions\virusdefs\20130703.022\NAVEX15.SYS [2013-7-4 1611992]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2011-12-12 10064]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2012-5-29 1528672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\programme\safer networking\spybot - search & destroy 2\SDWSCSvc.exe [2013-6-29 171928]
S3 cpuz135;cpuz135;c:\programme\cpuid\pc wizard 2012\pcwiz_x32.sys [2012-4-17 24328]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-06-29 18:13:06 -------- dc----w- c:\dokumente und einstellungen\all users.windows\anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-06-29 16:42:20 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-06-29 11:09:12 -------- dc----w- c:\dokumente und einstellungen\all users.windows\anwendungsdaten\Spybot - Search & Destroy
2013-06-29 10:20:46 5632 ----a-w- c:\windows\system32\ptpusb.dll
2013-06-29 10:20:43 159232 ----a-w- c:\windows\system32\ptpusd.dll
2013-06-29 10:20:42 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2013-06-29 10:20:42 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-06-28 18:57:13 84480 -c--a-w- c:\windows\system32\dllcache\ac97via.sys
2013-06-28 18:57:13 84480 ----a-w- c:\windows\system32\drivers\ac97via.sys
2013-06-28 12:56:37 102968 ----a-w- c:\windows\system32\IMEKR70.IME
2013-06-28 12:56:33 14336 ----a-w- c:\windows\system32\drivers\MTiCtwl.sys
2013-06-27 17:31:51 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\lokale einstellungen\anwendungsdaten\Help
2013-06-26 12:31:28 -------- d-----w- c:\programme\gemeinsame dateien\Jaksta Technologies
2013-06-26 12:04:48 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\lokale einstellungen\anwendungsdaten\Freecorder 7 Video
2013-06-26 12:04:21 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\anwendungsdaten\Freecorder 7 Video
2013-06-26 12:04:20 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\lokale einstellungen\anwendungsdaten\Jaksta_Technologies_Pty_L
2013-06-25 16:36:45 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\anwendungsdaten\Windows Search
2013-06-25 16:35:14 14048 ------w- c:\windows\system32\spmsg2.dll
2013-06-25 14:24:32 -------- d-----w- c:\windows\system32\winrm
2013-06-25 14:24:19 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-06-25 13:19:46 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-06-25 13:19:22 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-06-25 13:19:22 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-06-25 13:19:22 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-06-25 13:19:22 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-06-25 13:19:22 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-06-25 13:19:22 117760 ------w- c:\windows\system32\prntvpt.dll
2013-06-25 13:19:21 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2013-06-25 13:19:21 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-06-25 13:19:20 -------- dc----w- C:\ca9b08492440786b47e613
2013-06-25 13:13:30 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\anwendungsdaten\Windows Desktop Search
2013-06-25 13:10:36 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-06-24 11:55:22 53248 -c--a-r- c:\dokumente und einstellungen\tom.frank-b\anwendungsdaten\microsoft\installer\{3ee9bcae-e9a9-45e5-9b1c-83a4d357e05c}\ARPPRODUCTICON.exe
2013-06-24 11:54:43 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-06-24 11:54:26 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2013-06-24 11:52:50 12808 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2013-06-24 11:42:20 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\anwendungsdaten\Logishrd
2013-06-24 10:55:10 159744 ----a-w- c:\programme\internet explorer\plugins\npqtplugin5.dll
2013-06-24 10:55:10 159744 ----a-w- c:\programme\internet explorer\plugins\npqtplugin4.dll
2013-06-24 10:55:10 159744 ----a-w- c:\programme\internet explorer\plugins\npqtplugin3.dll
2013-06-24 10:55:10 159744 ----a-w- c:\programme\internet explorer\plugins\npqtplugin2.dll
2013-06-24 10:55:10 159744 ----a-w- c:\programme\internet explorer\plugins\npqtplugin.dll
2013-06-23 11:24:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll
2013-06-23 11:24:50 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2013-06-23 10:23:18 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\lokale einstellungen\anwendungsdaten\FileTypeAssistant
2013-06-23 10:22:37 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\lokale einstellungen\anwendungsdaten\FinalMediaPlayer
2013-06-23 10:17:57 -------- dc----w- c:\dokumente und einstellungen\all users.windows\anwendungsdaten\APN
2013-06-22 21:34:39 44 ----a-w- c:\windows\system32\msssc.dll
2013-06-22 20:28:07 729088 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\09\01\intel32\iKernel.dll
2013-06-22 20:28:07 69715 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\09\01\intel32\ctor.dll
2013-06-22 20:28:07 5632 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2013-06-22 20:28:07 266240 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\09\01\intel32\iscript.dll
2013-06-22 20:28:07 192512 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\09\01\intel32\iuser.dll
2013-06-22 20:28:06 188548 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\09\01\intel32\iGdi.dll
2013-06-22 20:28:05 311428 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\09\01\intel32\setup.dll
2013-06-22 20:27:19 22664 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys
2013-06-22 20:26:02 753664 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\11\00\intel32\iKernel.dll
2013-06-22 20:26:02 69714 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\11\00\intel32\ctor.dll
2013-06-22 20:26:02 5632 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2013-06-22 20:26:02 274432 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\11\00\intel32\iscript.dll
2013-06-22 20:26:02 184320 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\11\00\intel32\iuser.dll
2013-06-22 20:26:01 200836 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\11\00\intel32\iGdi.dll
2013-06-22 20:26:00 331908 ----a-w- c:\programme\gemeinsame dateien\installshield\professional\runtime\11\00\intel32\setup.dll
2013-06-22 20:22:05 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\lokale einstellungen\anwendungsdaten\LogiShrd
2013-06-22 20:07:48 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\anwendungsdaten\DVDVideoSoft
2013-06-22 20:01:24 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2013-06-22 20:01:22 466944 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2013-06-22 20:01:22 466944 ------w- c:\windows\system32\imapi2fs.dll
2013-06-22 20:01:22 320512 -c----w- c:\windows\system32\dllcache\imapi2.dll
2013-06-22 20:01:22 320512 ------w- c:\windows\system32\imapi2.dll
2013-06-22 19:30:06 -------- d-----w- c:\programme\gemeinsame dateien\DivX Shared
2013-06-22 19:18:19 -------- dcsh--w- c:\dokumente und einstellungen\tom.frank-b\wc
2013-06-22 19:18:12 -------- dcsh--w- c:\dokumente und einstellungen\tom.frank-b\anwendungsdaten\wyUpdate AU
2013-06-22 19:17:57 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\anwendungsdaten\Cyberduck
2013-06-22 18:53:29 -------- dc----w- C:\TEMP
2013-06-22 10:18:21 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\anwendungsdaten\Applian FLV and Media Player
2013-06-22 01:41:40 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2013-06-22 01:40:47 57728 ----a-w- c:\windows\system32\drivers\redbook.sys
2013-06-22 01:40:14 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2013-06-22 01:40:12 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2013-06-22 01:40:12 28160 ----a-w- c:\windows\system32\irmon.dll
2013-06-22 01:40:11 8192 ----a-w- c:\windows\system32\wshirda.dll
2013-06-22 01:40:11 153088 ----a-w- c:\windows\system32\irftp.exe
2013-06-22 01:40:06 18688 ----a-w- c:\windows\system32\drivers\irsir.sys
2013-06-22 01:39:41 77312 ----a-w- c:\windows\system32\usbui.dll
2013-06-22 01:39:32 44672 ----a-w- c:\windows\system32\drivers\UAGP35.SYS
2013-06-22 01:39:13 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2013-06-22 01:33:54 16825 ----a-r- c:\windows\SET8.tmp
2013-06-22 01:33:50 1088840 ----a-r- c:\windows\SET4.tmp
2013-06-22 01:33:47 1246537 ----a-r- c:\windows\SET3.tmp
2013-06-22 01:33:33 -------- dc-h--r- c:\dokumente und einstellungen\all users.windows\Anwendungsdaten
2013-06-22 01:27:11 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-22 01:27:11 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-22 00:57:44 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\lokale einstellungen\anwendungsdaten\Sun
2013-06-22 00:57:09 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-22 00:57:08 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-22 00:57:02 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-21 17:37:40 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-20 21:12:11 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\lokale einstellungen\anwendungsdaten\Google
2013-06-20 21:05:39 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\lokale einstellungen\anwendungsdaten\Adobe
2013-06-20 15:50:01 -------- dc----w- c:\dokumente und einstellungen\all users.windows\anwendungsdaten\DivX
2013-06-20 15:16:03 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\anwendungsdaten\DriverTurbo
2013-06-20 15:05:02 6272 -c--a-w- c:\windows\system32\dllcache\splitter.sys
2013-06-20 15:05:02 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2013-06-20 14:04:04 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\lokale einstellungen\anwendungsdaten\Apple Computer
2013-06-20 14:03:39 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-06-20 14:03:39 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2013-06-20 14:01:30 -------- dc----w- c:\dokumente und einstellungen\all users.windows\anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2013-06-20 14:01:30 -------- d-----w- c:\programme\APPLE
2013-06-20 14:00:57 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\lokale einstellungen\anwendungsdaten\Apple
2013-06-20 12:57:18 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-20 12:57:18 -------- d-----w- c:\programme\Symantec
2013-06-20 12:57:18 -------- d-----w- c:\programme\gemeinsame dateien\Symantec Shared
2013-06-20 12:56:38 934488 ----a-r- c:\windows\system32\drivers\nis\1404000.028\SymEFA.sys
2013-06-20 12:56:38 603224 ----a-r- c:\windows\system32\drivers\nis\1404000.028\srtsp.sys
2013-06-20 12:56:38 396760 ----a-r- c:\windows\system32\drivers\nis\1404000.028\symtdi.sys
2013-06-20 12:56:38 367704 ----a-r- c:\windows\system32\drivers\nis\1404000.028\SymDS.sys
2013-06-20 12:56:38 352344 ----a-r- c:\windows\system32\drivers\nis\1404000.028\symtdiv.sys
2013-06-20 12:56:38 339544 ----a-r- c:\windows\system32\drivers\nis\1404000.028\symnets.sys
2013-06-20 12:56:38 32344 ----a-r- c:\windows\system32\drivers\nis\1404000.028\srtspx.sys
2013-06-20 12:56:38 21400 ----a-r- c:\windows\system32\drivers\nis\1404000.028\SymELAM.sys
2013-06-20 12:56:38 175264 ----a-r- c:\windows\system32\drivers\nis\1404000.028\Ironx86.sys
2013-06-20 12:56:37 134744 ----a-r- c:\windows\system32\drivers\nis\1404000.028\ccSetx86.sys
2013-06-20 12:56:11 14818 ----a-r- c:\windows\system32\drivers\nis\1404000.028\SymVTcer.dat
2013-06-20 12:56:05 -------- d-----w- c:\programme\Norton Internet Security
2013-06-20 12:55:42 -------- d-----w- c:\programme\NortonInstaller
2013-06-20 11:43:54 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\lokale einstellungen\anwendungsdaten\LogMeIn Rescue Applet
2013-06-20 10:24:27 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\anwendungsdaten\XnView
2013-06-19 23:45:31 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\anwendungsdaten\FinalMediaPlayer
2013-06-19 22:55:57 54272 ----a-w- c:\windows\system32\nvwddi.dll
2013-06-19 22:38:34 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\anwendungsdaten\NVIDIA
2013-06-19 19:02:28 -------- d-----w- c:\windows\system32\drivers\nis\1404000.028
2013-06-19 19:02:28 -------- d-----w- c:\windows\system32\drivers\NIS
2013-06-19 19:01:25 -------- dc----w- c:\dokumente und einstellungen\all users.windows\anwendungsdaten\PCSettings
2013-06-19 17:21:00 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\anwendungsdaten\nView_Wallpaper
2013-06-19 16:47:46 -------- dc----w- c:\dokumente und einstellungen\all users.windows\anwendungsdaten\NortonInstaller
2013-06-19 16:32:57 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2013-06-19 16:13:26 -------- dcsh--w- c:\dokumente und einstellungen\tom.frank-b\IECompatCache
2013-06-19 16:08:49 -------- dcsh--w- c:\dokumente und einstellungen\tom.frank-b\PrivacIE
2013-06-19 16:05:33 -------- dcsh--w- c:\dokumente und einstellungen\tom.frank-b\IETldCache
2013-06-19 16:00:59 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-06-19 15:59:02 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-06-19 15:59:01 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-06-19 15:59:01 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-06-19 14:22:51 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\lokale einstellungen\anwendungsdaten\NPE
2013-06-19 14:21:01 -------- dc----w- c:\dokumente und einstellungen\all users.windows\anwendungsdaten\Norton
2013-06-19 10:56:26 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2013-06-19 10:56:26 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
2013-06-19 10:56:25 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-06-19 10:56:25 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2013-06-19 10:56:25 2005504 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-06-19 10:56:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-06-19 10:56:21 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2013-06-19 10:56:20 11112960 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-06-19 10:40:11 -------- dc-h--w- c:\dokumente und einstellungen\all users.windows\anwendungsdaten\Common Files
2013-06-19 10:38:28 29024 ----a-w- c:\windows\system32\uxtuneup.dll
2013-06-19 10:34:41 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2013-06-19 10:32:12 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\anwendungsdaten\TuneUp Software
2013-06-19 10:30:50 -------- dc----w- c:\dokumente und einstellungen\all users.windows\anwendungsdaten\TuneUp Software
2013-06-19 10:29:01 -------- dcsh--w- c:\dokumente und einstellungen\all users.windows\anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2013-06-19 10:04:43 -------- dc----w- c:\dokumente und einstellungen\all users.windows\anwendungsdaten\NVIDIA Corporation
2013-06-19 10:01:55 65536 ----a-w- c:\windows\system32\OpenCL.dll
2013-06-19 10:01:49 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-06-19 10:01:48 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-06-19 10:01:48 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-06-19 10:01:07 5967872 ----a-w- c:\windows\system32\nvopencl.dll
2013-06-19 10:01:04 19189760 ----a-w- c:\windows\system32\nvoglnt.dll
2013-06-19 10:01:03 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-06-19 10:01:02 7536640 ----a-w- c:\windows\system32\nvcuda.dll
2013-06-19 10:01:02 2581792 ----a-w- c:\windows\system32\nvcuvid.dll
2013-06-19 10:01:02 1869088 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-06-19 10:01:02 1010464 ----a-w- c:\windows\system32\nvdispco32.dll
2013-06-19 10:00:47 2389504 ----a-w- c:\windows\system32\nvapi.dll
2013-06-19 10:00:47 17551360 ----a-w- c:\windows\system32\nvcompiler.dll
2013-06-19 10:00:46 4494336 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2013-06-19 10:00:46 4494336 ----a-w- c:\windows\system32\nv4_disp.dll
2013-06-19 10:00:46 12648960 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2013-06-19 10:00:46 12648960 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2013-06-19 01:18:55 273024 -c----w- c:\windows\system32\dllcache\bthport.sys
2013-06-19 01:18:55 273024 ------w- c:\windows\system32\drivers\bthport.sys
2013-06-19 01:18:19 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2013-06-19 01:15:27 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-06-19 01:14:17 293376 ------w- c:\windows\system32\browserchoice.exe
2013-06-19 01:12:24 -------- dcsh--w- c:\dokumente und einstellungen\tom.frank-b\UserData
2013-06-19 01:11:34 -------- dc----w- c:\dokumente und einstellungen\tom.frank-b\lokale einstellungen\anwendungsdaten\Identities
2013-06-19 01:10:12 2152448 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2013-06-19 01:10:12 2031104 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2013-06-19 01:10:11 2195840 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2013-06-19 01:10:10 2072448 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2013-06-19 01:08:39 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-06-19 01:08:39 3072 ------w- c:\windows\system32\iacenc.dll
2013-06-19 01:00:30 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2013-06-19 00:45:10 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2013-06-19 00:44:59 21896 -c--a-w- c:\windows\system32\dllcache\tdipx.sys
2013-06-19 00:43:59 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2013-06-19 00:42:59 6656 -c--a-w- c:\windows\system32\dllcache\c_is2022.dll
2013-06-19 00:39:35 -------- dcsh--w- c:\dokumente und einstellungen\all users.windows\DRM
2013-06-19 00:37:54 565760 -c--a-w- c:\windows\system32\dllcache\msobmain.dll
2013-06-19 00:35:49 33792 ----a-w- c:\programme\messenger\custsat.dll
2013-06-18 21:41:41 83968 ----a-w- c:\programme\messenger\msgsc.dll
2013-06-18 21:41:41 180224 ----a-w- c:\programme\messenger\msgslang.dll
2013-06-18 21:41:41 1695232 ------w- c:\programme\messenger\msmsgs.exe
2013-06-18 21:41:40 -------- d-----w- c:\programme\Messenger
2013-06-18 16:57:09 -------- dc----w- C:\$WIN_NT$.~BT
2013-06-18 16:57:01 -------- d-----w- c:\windows\setup.pss
2013-06-18 16:56:38 -------- d-----w- c:\windows\setupupd
2013-06-11 13:59:37 -------- d-----w- c:\programme\iPod
2013-06-11 13:58:51 -------- d-----w- c:\programme\iTunes
.
==================== Find3M ====================
.
2013-05-07 22:28:27 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:28:26 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:28:26 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ------w- c:\windows\system32\html.iec
2013-05-03 05:39:13 2195840 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 05:39:13 2072448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-01 01:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 01:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-12 14:00:54 1876480 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 13:20:25,62 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-04 13:29:16
-----------------------------
13:29:16.250 OS Version: Windows 5.1.2600 Service Pack 3
13:29:16.250 Number of processors: 1 586 0x209
13:29:16.250 ComputerName: FRANK-B UserName: Tom
13:29:19.625 Initialize success
13:33:37.890 AVAST engine defs: 13070400
13:33:47.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
13:33:47.953 Disk 0 Vendor: ST380020A 3.34 Size: 76319MB BusType: 3
13:33:47.968 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
13:33:47.968 Disk 1 Vendor: WDC_WD1600BB-00GUA0 08.02D08 Size: 152627MB BusType: 3
13:33:48.453 Disk 0 MBR read successfully
13:33:48.453 Disk 0 MBR scan
13:33:48.453 Disk 0 Windows XP default MBR code
13:33:48.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
13:33:48.468 Disk 0 scanning sectors +156280320
13:33:48.734 Disk 0 scanning C:\WINDOWS\system32\drivers
13:34:03.187 Service scanning
13:34:54.343 Modules scanning
13:35:16.359 Disk 0 trace - called modules:
13:35:16.390 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys viaide.sys PCIIDEX.SYS
13:35:16.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b75ab8]
13:35:16.390 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000067[0x89bc3f18]
13:35:16.390 5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x89be1d98]
13:35:16.859 AVAST engine scan C:\WINDOWS
13:35:29.875 AVAST engine scan C:\WINDOWS\system32
13:39:59.484 AVAST engine scan C:\WINDOWS\system32\drivers
13:40:19.796 AVAST engine scan C:\Dokumente und Einstellungen\Tom.FRANK-B
13:41:38.765 Disk 0 MBR has been saved successfully to "\\Frank-a\unsere dokumente\Schriftstücke\Spybot\MBR.dat"
13:41:38.781 The log file has been saved successfully to "\\Frank-a\unsere dokumente\Schriftstücke\Spybot\aswMBR.txt"

**ken545** · 2013-07-04, 22:52

uProxyServer = localhost:21320 <--Did you set this proxy server ? Is this a company computer ?

**thomas frank mas** · 2013-07-05, 12:10

Hi!
Sorry I do not know anything about proxy. I have not set one. This is a private computer, it is in a net with an other one.

**ken545** · 2013-07-05, 12:37

Good Morning,

Lets do this

Please download Malwarebytes Anti-Malware to your desktop.

Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

**thomas frank mas** · 2013-07-05, 16:42

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.05.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Tom :: FRANK-B [Administrator]

Schutz: Aktiviert

05.07.2013 15:24:44
mbam-log-2013-07-05 (15-24-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 406304
Laufzeit: 37 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

**thomas frank mas** · 2013-07-05, 16:43

OTL Extras logfile created on: 05.07.2013 16:21:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Tom.FRANK-B\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,53% Memory free
3,85 Gb Paging File | 2,98 Gb Available in Paging File | 77,46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 43,71 Gb Free Space | 58,65% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 43,00 Gb Free Space | 28,85% Space Free | Partition Type: NTFS

Computer Name: FRANK-B | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft\Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft\Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Programme\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\File Type Assistant\tsassist.exe" = C:\Programme\File Type Assistant\tsassist.exe:*:Enabled:ProgramUpdateCheck -- (Trusted Software ApS)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\Applian Technologies\Freecorder 8 Applications\Torrent\aria2c.exe" = C:\Programme\Applian Technologies\Freecorder 8 Applications\Torrent\aria2c.exe:*:Enabled:Freecorder 8 Applications Torrent Module -- ()
"C:\Programme\Safer Networking\Spybot - Search & Destroy 2\SDTray.exe" = C:\Programme\Safer Networking\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Programme\Safer Networking\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Programme\Safer Networking\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Programme\Safer Networking\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Programme\Safer Networking\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Programme\Safer Networking\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Programme\Safer Networking\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Programme\APPLE\iTunes.exe" = C:\Programme\APPLE\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A844D8F-A965-11E2-9E77-B8AC6F98CCE3}" = Google Earth
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{69F962F7-3761-4704-9E4B-24FF10F77111}" = MagicTune Premium
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90260407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Cyberduck" = Cyberduck 4.1.2 (8999)
"DivX Setup" = DivX-Setup
"ERUNT_is1" = ERUNT 1.1j
"FinalMediaPlayer_is1" = Final Media Player 2012
"Free Studio_is1" = Free Studio version 2013
"Freecorder 8 Applications" = Freecorder 8 Applications (8.0.0.96)
"Freecorder extension" = Freecorder extension
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"sp6" = Logitech SetPoint 6.52
"Trusted Software Assistant_is1" = File Type Assistant
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27.06.2013 19:08:42 | Computer Name = FRANK-B | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich 1180947459.

Error - 27.06.2013 19:08:44 | Computer Name = FRANK-B | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich 1180947459.

Error - 27.06.2013 20:10:44 | Computer Name = FRANK-B | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung rundll32.exe, Version 5.1.2600.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 27.06.2013 20:10:57 | Computer Name = FRANK-B | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich 734562961.

Error - 29.06.2013 06:25:13 | Computer Name = FRANK-B | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iTunes.exe, Version 11.0.4.4, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 29.06.2013 06:25:20 | Computer Name = FRANK-B | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich -664088378.

Error - 29.06.2013 06:30:30 | Computer Name = FRANK-B | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 29.06.2013 06:31:39 | Computer Name = FRANK-B | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 29.06.2013 06:31:40 | Computer Name = FRANK-B | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich 1180947459.

Error - 29.06.2013 06:31:45 | Computer Name = FRANK-B | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich 1180947459.

[ System Events ]
Error - 02.07.2013 08:16:02 | Computer Name = FRANK-B | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 02.07.2013 08:20:42 | Computer Name = FRANK-B | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "WSearch"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 03.07.2013 08:21:30 | Computer Name = FRANK-B | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "WSearch"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 03.07.2013 08:22:01 | Computer Name = FRANK-B | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D
2 Security Center Service.

Error - 03.07.2013 08:22:01 | Computer Name = FRANK-B | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 03.07.2013 08:22:02 | Computer Name = FRANK-B | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "WSearch"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 03.07.2013 08:27:03 | Computer Name = FRANK-B | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "WSearch"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 04.07.2013 06:09:54 | Computer Name = FRANK-B | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "WSearch"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 04.07.2013 06:10:35 | Computer Name = FRANK-B | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D
2 Security Center Service.

Error - 04.07.2013 06:10:35 | Computer Name = FRANK-B | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

< End of report >

**thomas frank mas** · 2013-07-05, 17:32

OTL logfile created on: 05.07.2013 16:21:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Tom.FRANK-B\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 48,53% Memory free
3,85 Gb Paging File | 2,98 Gb Available in Paging File | 77,46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,52 Gb Total Space | 43,71 Gb Free Space | 58,65% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 43,00 Gb Free Space | 28,85% Space Free | Partition Type: NTFS

Computer Name: FRANK-B | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Tom.FRANK-B\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\APPLE\iTunesHelper.exe (Apple Inc.)
PRC - C:\Programme\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Programme\Safer Networking\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Safer Networking\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Safer Networking\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
PRC - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Freecorder extension\BackgroundHost.exe ()
PRC - c:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
PRC - C:\Programme\MagicTune Premium\MagicTune.exe (SEC)
PRC - C:\Programme\MagicTune Premium\GammaTray.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Programme\Safer Networking\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Programme\Safer Networking\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Programme\Safer Networking\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\Freecorder extension\BackgroundHost.exe ()
MOD - C:\Programme\Freecorder extension\ButtonSite.dll ()
MOD - C:\Programme\Freecorder extension\RegistryHelper.dll ()
MOD - C:\Programme\Safer Networking\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Programme\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll ()
MOD - C:\Programme\Safer Networking\Spybot - Search & Destroy 2\av\BDSmartDB.dll ()
MOD - C:\Programme\MagicTune Premium\MTResGer.dll ()
MOD - C:\Programme\MagicTune Premium\HzZone.dll ()
MOD - C:\Programme\MagicTune Premium\Highlight.dll ()
MOD - C:\Programme\MagicTune Premium\DProfile.dll ()
MOD - C:\Programme\MagicTune Premium\EProfile.dll ()
MOD - C:\Programme\MagicTune Premium\VESADll.dll ()
MOD - C:\Programme\MagicTune Premium\IProfile.dll ()
MOD - C:\Programme\MagicTune Premium\DeviceInterface.dll ()
MOD - c:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - c:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - \\?\C:\Programme\Safer Networking\Spybot - Search & Destroy 2\av\avxdisk.dll ()
MOD - C:\Programme\MagicTune Premium\GammaTray.exe ()

========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Programme\Safer Networking\Spybot File not found
SRV - (SDUpdateService) -- C:\Programme\Safer Networking\Spybot File not found
SRV - (SDScannerService) -- C:\Programme\Safer Networking\Spybot File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (NIS) -- C:\Programme\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Apple Mobile Device) -- c:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mbr) -- C:\DOKUME~1\TOM~1.FRA\LOKALE~1\Temp\mbr.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (aswMBR) -- C:\DOKUME~1\TOM~1.FRA\LOKALE~1\Temp\aswMBR.sys File not found
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130704.001\IDSXpx86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130705.002\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130705.002\NAVENG.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1404000.028\SymEFA.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1404000.028\SymDS.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130702.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1404000.028\srtsp.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1404000.028\symtdi.sys (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\WINDOWS\system32\drivers\NIS\1404000.028\ccSetx86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1404000.028\Ironx86.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NIS\1404000.028\srtspx.sys (Symantec Corporation)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (cpuz135) -- C:\Programme\CPUID\PC Wizard 2012\pcwiz_x32.sys (CPUID)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (MagicTune) -- C:\WINDOWS\system32\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (VIAudio) -- C:\WINDOWS\system32\drivers\ac97via.sys (VIA Technologies, Inc.)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {7A9335EE-C65E-4F2D-A40D-BE16B14FC07F}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{7A9335EE-C65E-4F2D-A40D-BE16B14FC07F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1614895754-1958367476-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.upc.at/
IE - HKU\S-1-5-21-1614895754-1958367476-1417001333-1003\..\SearchScopes,DefaultScope = {7A9335EE-C65E-4F2D-A40D-BE16B14FC07F}
IE - HKU\S-1-5-21-1614895754-1958367476-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1614895754-1958367476-1417001333-1003\..\SearchScopes\{7A9335EE-C65E-4F2D-A40D-BE16B14FC07F}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7WQIB_deAT541
IE - HKU\S-1-5-21-1614895754-1958367476-1417001333-1003\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=sb&qsrc=2869
IE - HKU\S-1-5-21-1614895754-1958367476-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1614895754-1958367476-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1614895754-1958367476-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\APPLE\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn\ [2013.06.20 15:02:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\ [2013.07.04 12:12:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.06.22 21:33:03 | 000,000,000 | ---D | M]

[2013.03.28 00:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

O1 HOSTS File: ([2013.07.03 00:31:31 | 000,449,428 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15430 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Freecorder extension) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Programme\Freecorder extension\ScriptHost.dll (Applian Technologies Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1614895754-1958367476-1417001333-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] c:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EvtMgr6] C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Programme\APPLE\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MagicTuneLauncher] C:\Programme\MagicTune Premium\MagicTuneLauncher.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SDTray] C:\Programme\Safer Networking\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart\GammaTray.lnk = C:\Programme\MagicTune Premium\GammaTray.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-1958367476-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft\Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Gemeinsame Dateien\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1371604349625 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D6775AE-C5DE-4202-A172-E809EB93E068}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\GEMEIN~1\JAKSTA~1\AUDIOC~1\jaudcap.dll) - C:\Programme\Gemeinsame Dateien\Jaksta Technologies\Audio Capture\jaudcap.dll (Jaksta Technologies Pty Ltd)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O27 - HKLM IFEO\connect.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\finalmediaplayer.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\setpoint.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\softwareupdate.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\unins000.exe: Debugger - C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1

**thomas frank mas** · 2013-07-05, 17:39

[2013.06.20 00:38:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Anwendungsdaten\NVIDIA
[2013.06.19 21:02:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2013.06.19 21:02:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1404000.028
[2013.06.19 21:01:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\PCSettings
[2013.06.19 19:21:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Anwendungsdaten\nView_Wallpaper
[2013.06.19 18:47:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\NortonInstaller
[2013.06.19 18:32:57 | 000,877,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll
[2013.06.19 18:13:26 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\IECompatCache
[2013.06.19 18:08:49 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\PrivacIE
[2013.06.19 18:07:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Windows Genuine Advantage
[2013.06.19 18:05:33 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\IETldCache
[2013.06.19 18:00:59 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013.06.19 17:59:01 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013.06.19 16:22:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Lokale Einstellungen\Anwendungsdaten\NPE
[2013.06.19 16:21:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Startmenü\Programme\Norton
[2013.06.19 16:21:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Dokumente\Norton
[2013.06.19 16:21:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Norton
[2013.06.19 12:56:26 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2013.06.19 12:56:26 | 001,302,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2013.06.19 12:56:26 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2013.06.19 12:56:25 | 002,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013.06.19 12:56:25 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013.06.19 12:56:25 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2013.06.19 12:56:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013.06.19 12:56:21 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2013.06.19 12:56:20 | 011,112,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013.06.19 12:40:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Common Files
[2013.06.19 12:38:28 | 000,029,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2013.06.19 12:34:41 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2013.06.19 12:34:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\TuneUp Utilities 2012
[2013.06.19 12:32:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Anwendungsdaten\TuneUp Software
[2013.06.19 12:30:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TuneUp Software
[2013.06.19 12:29:01 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013.06.19 12:04:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\NVIDIA Corporation
[2013.06.19 12:04:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\NVIDIA
[2013.06.19 12:01:55 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2013.06.19 12:01:07 | 005,967,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvopencl.dll
[2013.06.19 12:01:04 | 019,189,760 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2013.06.19 12:01:03 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispgenco32.dll
[2013.06.19 12:01:02 | 007,536,640 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2013.06.19 12:01:02 | 002,581,792 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2013.06.19 12:01:02 | 001,869,088 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2013.06.19 12:01:02 | 001,010,464 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2013.06.19 12:00:47 | 017,551,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2013.06.19 12:00:47 | 002,389,504 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2013.06.19 12:00:46 | 012,648,960 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2013.06.19 12:00:46 | 004,494,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2013.06.19 12:00:46 | 004,494,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll
[2013.06.19 03:18:55 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2013.06.19 03:18:19 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2013.06.19 03:15:27 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013.06.19 03:14:17 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2013.06.19 03:12:24 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\UserData
[2013.06.19 03:11:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Lokale Einstellungen\Anwendungsdaten\Identities
[2013.06.19 03:10:12 | 002,152,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2013.06.19 03:10:12 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2013.06.19 03:10:11 | 002,195,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2013.06.19 03:10:10 | 002,072,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2013.06.19 03:00:30 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2013.06.19 02:56:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Anwendungsdaten\Identities
[2013.06.19 02:54:58 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Eigene Dateien\Eigene Musik
[2013.06.19 02:54:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Eigene Dateien
[2013.06.19 02:54:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Eigene Dateien\Eigene Bilder
[2013.06.19 02:54:44 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Anwendungsdaten\Microsoft
[2013.06.19 02:54:44 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\SendTo
[2013.06.19 02:54:44 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Recent
[2013.06.19 02:54:44 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Anwendungsdaten
[2013.06.19 02:54:44 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Startmenü\Programme\Zubehör
[2013.06.19 02:54:44 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Startmenü
[2013.06.19 02:54:44 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Favoriten
[2013.06.19 02:54:44 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Startmenü\Programme\Autostart
[2013.06.19 02:54:44 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Cookies
[2013.06.19 02:54:44 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Vorlagen
[2013.06.19 02:54:44 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Netzwerkumgebung
[2013.06.19 02:54:44 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Lokale Einstellungen
[2013.06.19 02:54:44 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Druckumgebung
[2013.06.19 02:54:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2013.06.19 02:54:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tom.FRANK-B\Desktop
[2013.06.19 02:45:14 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2013.06.19 02:45:13 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2013.06.19 02:45:13 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2013.06.19 02:45:12 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2013.06.19 02:45:11 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2013.06.19 02:45:10 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2013.06.19 02:45:10 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2013.06.19 02:45:10 | 000,031,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2013.06.19 02:45:09 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2013.06.19 02:45:08 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2013.06.19 02:45:08 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2013.06.19 02:45:08 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2013.06.19 02:45:08 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2013.06.19 02:45:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2013.06.19 02:45:07 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2013.06.19 02:45:07 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2013.06.19 02:45:07 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2013.06.19 02:45:06 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2013.06.19 02:45:03 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2013.06.19 02:45:03 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2013.06.19 02:45:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2013.06.19 02:45:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2013.06.19 02:45:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2013.06.19 02:45:00 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2013.06.19 02:45:00 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2013.06.19 02:45:00 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2013.06.19 02:45:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2013.06.19 02:45:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2013.06.19 02:44:59 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2013.06.19 02:44:59 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2013.06.19 02:44:59 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2013.06.19 02:44:56 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2013.06.19 02:44:55 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2013.06.19 02:44:55 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2013.06.19 02:44:55 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2013.06.19 02:44:54 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2013.06.19 02:44:53 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2013.06.19 02:44:52 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2013.06.19 02:44:52 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2013.06.19 02:44:52 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2013.06.19 02:44:52 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2013.06.19 02:44:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2013.06.19 02:44:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2013.06.19 02:44:51 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2013.06.19 02:44:51 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2013.06.19 02:44:51 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2013.06.19 02:44:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2013.06.19 02:44:50 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2013.06.19 02:44:50 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2013.06.19 02:44:49 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2013.06.19 02:44:49 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2013.06.19 02:44:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2013.06.19 02:44:49 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2013.06.19 02:44:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2013.06.19 02:44:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2013.06.19 02:44:49 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2013.06.19 02:44:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2013.06.19 02:44:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2013.06.19 02:44:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2013.06.19 02:44:48 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2013.06.19 02:44:48 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2013.06.19 02:44:48 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2013.06.19 02:44:48 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2013.06.19 02:44:48 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2013.06.19 02:44:48 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2013.06.19 02:44:48 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2013.06.19 02:44:47 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2013.06.19 02:44:43 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2013.06.19 02:44:43 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2013.06.19 02:44:41 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2013.06.19 02:44:40 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2013.06.19 02:44:40 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2013.06.19 02:44:40 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2013.06.19 02:44:40 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2013.06.19 02:44:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2013.06.19 02:44:39 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2013.06.19 02:44:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2013.06.19 02:44:38 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2013.06.19 02:44:38 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2013.06.19 02:44:35 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2013.06.19 02:44:35 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2013.06.19 02:44:35 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2013.06.19 02:44:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2013.06.19 02:44:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2013.06.19 02:44:32 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2013.06.19 02:44:32 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2013.06.19 02:44:32 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2013.06.19 02:44:32 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2013.06.19 02:44:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2013.06.19 02:44:31 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2013.06.19 02:44:31 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2013.06.19 02:44:31 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2013.06.19 02:44:31 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2013.06.19 02:44:30 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2013.06.19 02:44:29 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2013.06.19 02:44:29 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2013.06.19 02:44:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2013.06.19 02:44:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2013.06.19 02:44:26 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2013.06.19 02:44:24 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2013.06.19 02:44:23 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2013.06.19 02:44:19 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2013.06.19 02:44:19 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2013.06.19 02:44:14 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2013.06.19 02:44:14 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2013.06.19 02:44:14 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiregmv.exe
[2013.06.19 02:44:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2013.06.19 02:44:01 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2013.06.19 02:44:01 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2013.06.19 02:44:01 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2013.06.19 02:44:00 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2013.06.19 02:44:00 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2013.06.19 02:43:59 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2013.06.19 02:43:58 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2013.06.19 02:43:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2013.06.19 02:43:57 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2013.06.19 02:43:57 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2013.06.19 02:43:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2013.06.19 02:43:56 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2013.06.19 02:43:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2013.06.19 02:43:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2013.06.19 02:43:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2013.06.19 02:43:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2013.06.19 02:43:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2013.06.19 02:43:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2013.06.19 02:43:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2013.06.19 02:43:54 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2013.06.19 02:43:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2013.06.19 02:43:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2013.06.19 02:43:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2013.06.19 02:43:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2013.06.19 02:43:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2013.06.19 02:43:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2013.06.19 02:43:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2013.06.19 02:43:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2013.06.19 02:43:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2013.06.19 02:43:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2013.06.19 02:43:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2013.06.19 02:43:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2013.06.19 02:43:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2013.06.19 02:43:53 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2013.06.19 02:43:52 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2013.06.19 02:43:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2013.06.19 02:43:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2013.06.19 02:43:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2013.06.19 02:43:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2013.06.19 02:43:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2013.06.19 02:43:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2013.06.19 02:43:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2013.06.19 02:43:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2013.06.19 02:43:51 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2013.06.19 02:43:51 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2013.06.19 02:43:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2013.06.19 02:43:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2013.06.19 02:43:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2013.06.19 02:43:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2013.06.19 02:43:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2013.06.19 02:43:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2013.06.19 02:43:50 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2013.06.19 02:43:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2013.06.19 02:43:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2013.06.19 02:43:47 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2013.06.19 02:43:47 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2013.06.19 02:43:47 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2013.06.19 02:43:47 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2013.06.19 02:43:47 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2013.06.19 02:43:46 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2013.06.19 02:43:46 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2013.06.19 02:43:46 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2013.06.19 02:43:46 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2013.06.19 02:43:46 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2013.06.19 02:43:46 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2013.06.19 02:43:46 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2013.06.19 02:43:45 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2013.06.19 02:43:45 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2013.06.19 02:43:45 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2013.06.19 02:43:45 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2013.06.19 02:43:45 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2013.06.19 02:43:45 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2013.06.19 02:43:45 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2013.06.19 02:43:44 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2013.06.19 02:43:44 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2013.06.19 02:43:44 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2013.06.19 02:43:44 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2013.06.19 02:43:44 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2013.06.19 02:43:44 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2013.06.19 02:43:44 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2013.06.19 02:43:44 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2013.06.19 02:43:43 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2013.06.19 02:43:43 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2013.06.19 02:43:43 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2013.06.19 02:43:43 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2013.06.19 02:43:43 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2013.06.19 02:43:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2013.06.19 02:43:43 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2013.06.19 02:43:38 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2013.06.19 02:43:32 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2013.06.19 02:43:31 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2013.06.19 02:43:31 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2013.06.19 02:43:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2013.06.19 02:43:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2013.06.19 02:43:30 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2013.06.19 02:43:29 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2013.06.19 02:43:27 | 000,563,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2013.06.19 02:43:27 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2013.06.19 02:43:27 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2013.06.19 02:43:27 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2013.06.19 02:43:27 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2013.06.19 02:43:27 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2013.06.19 02:43:27 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2013.06.19 02:43:27 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2013.06.19 02:43:27 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2013.06.19 02:43:26 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2013.06.19 02:43:26 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2013.06.19 02:43:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2013.06.19 02:43:26 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2013.06.19 02:43:26 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2013.06.19 02:43:26 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2013.06.19 02:43:26 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2013.06.19 02:43:26 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2013.06.19 02:43:26 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2013.06.19 02:43:26 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2013.06.19 02:43:26 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2013.06.19 02:43:25 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2013.06.19 02:43:25 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2013.06.19 02:43:25 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2013.06.19 02:43:25 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2013.06.19 02:43:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2013.06.19 02:43:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2013.06.19 02:43:24 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2013.06.19 02:43:24 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2013.06.19 02:43:23 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2013.06.19 02:43:23 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2013.06.19 02:43:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2013.06.19 02:43:22 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
n.dll

**thomas frank mas** · 2013-07-05, 17:42

[2013.06.19 02:43:22 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2013.06.19 02:43:22 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2013.06.19 02:43:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2013.06.19 02:43:21 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2013.06.19 02:43:21 | 000,045,568 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2013.06.19 02:43:21 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2013.06.19 02:43:21 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2013.06.19 02:43:20 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2013.06.19 02:43:11 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2013.06.19 02:43:11 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2013.06.19 02:43:07 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2013.06.19 02:43:07 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2013.06.19 02:43:07 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2013.06.19 02:43:07 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2013.06.19 02:43:07 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2013.06.19 02:43:06 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2013.06.19 02:43:03 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2013.06.19 02:43:03 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2013.06.19 02:43:02 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2013.06.19 02:43:02 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2013.06.19 02:43:02 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2013.06.19 02:43:01 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2013.06.19 02:43:01 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2013.06.19 02:43:01 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2013.06.19 02:43:01 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2013.06.19 02:43:01 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2013.06.19 02:43:00 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2013.06.19 02:43:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2013.06.19 02:42:59 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2013.06.19 02:42:59 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2013.06.19 02:42:59 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2013.06.19 02:42:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2013.06.19 02:42:52 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2013.06.19 02:42:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2013.06.19 02:42:49 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2013.06.19 02:42:49 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2013.06.19 02:42:49 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2013.06.19 02:42:49 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2013.06.19 02:42:48 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2013.06.19 02:42:48 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2013.06.19 02:42:48 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2013.06.19 02:42:48 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2013.06.19 02:42:48 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2013.06.19 02:42:47 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2013.06.19 02:42:46 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2013.06.19 02:42:46 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2013.06.19 02:42:45 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2013.06.19 02:42:44 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2013.06.19 02:42:44 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2013.06.19 02:42:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2013.06.19 02:42:39 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2013.06.19 02:42:38 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2013.06.19 02:42:38 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2013.06.19 02:42:38 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2013.06.19 02:42:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2013.06.19 02:42:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2013.06.19 02:42:36 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2013.06.19 02:42:36 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2013.06.19 02:42:27 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2013.06.19 02:42:27 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2013.06.19 02:42:27 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2013.06.19 02:42:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2013.06.19 02:42:26 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2013.06.19 02:42:26 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2013.06.19 02:42:26 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2013.06.19 02:42:26 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2013.06.19 02:42:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2013.06.19 02:42:26 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2013.06.19 02:42:26 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2013.06.19 02:42:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2013.06.19 02:42:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2013.06.19 02:42:25 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2013.06.19 02:42:25 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2013.06.19 02:42:25 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2013.06.19 02:42:25 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2013.06.19 02:42:25 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2013.06.19 02:42:25 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2013.06.19 02:42:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2013.06.19 02:42:24 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2013.06.19 02:42:24 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2013.06.19 02:42:24 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2013.06.19 02:42:24 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2013.06.19 02:42:24 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2013.06.19 02:42:24 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2013.06.19 02:42:24 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2013.06.19 02:42:24 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2013.06.19 02:42:24 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2013.06.19 02:42:23 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2013.06.19 02:42:23 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2013.06.19 02:42:23 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2013.06.19 02:42:23 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2013.06.19 02:42:22 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2013.06.19 02:42:22 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2013.06.19 02:42:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2013.06.19 02:42:22 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2013.06.19 02:42:22 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2013.06.19 02:42:21 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2013.06.19 02:42:21 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2013.06.19 02:42:21 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2013.06.19 02:41:00 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2013.06.19 02:39:35 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\DRM
[2013.06.19 02:38:20 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2013.06.19 02:38:20 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2013.06.19 02:38:20 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2013.06.19 02:38:20 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2013.06.19 02:38:20 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2013.06.19 02:38:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2013.06.19 02:38:13 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2013.06.19 02:38:13 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2013.06.19 02:38:13 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2013.06.19 02:38:12 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2013.06.19 02:38:12 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2013.06.19 02:38:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2013.06.19 02:38:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2013.06.19 02:38:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2013.06.19 02:38:10 | 000,727,614 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchui.dll
[2013.06.19 02:38:10 | 000,058,434 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchctls.dll
[2013.06.19 02:38:09 | 003,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll
[2013.06.19 02:38:08 | 000,329,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2013.06.19 02:38:08 | 000,210,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2013.06.19 02:38:08 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2013.06.19 02:38:08 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng1.dll
[2013.06.19 02:38:08 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2013.06.19 02:38:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauserv.dll
[2013.06.19 02:38:07 | 001,135,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2013.06.19 02:38:07 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2013.06.19 02:38:07 | 000,431,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2013.06.19 02:38:07 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll
[2013.06.19 02:38:07 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2013.06.19 02:38:07 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt1.exe
[2013.06.19 02:38:07 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2013.06.19 02:38:07 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2013.06.19 02:38:07 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2013.06.19 02:38:07 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2013.06.19 02:38:07 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2013.06.19 02:38:07 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgrprxy.dll
[2013.06.19 02:38:07 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx2.dll
[2013.06.19 02:38:07 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2013.06.19 02:38:07 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx4.dll
[2013.06.19 02:38:07 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2013.06.19 02:38:07 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx3.dll
[2013.06.19 02:38:07 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2013.06.19 02:37:54 | 000,565,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll
[2013.06.19 02:37:54 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobcomm.dll
[2013.06.19 02:37:54 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobshel.dll
[2013.06.19 02:37:54 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2013.06.19 02:37:54 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobweb.dll
[2013.06.19 02:37:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobdl.dll
[2013.06.19 02:37:53 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2013.06.19 02:37:50 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2013.06.19 02:37:50 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2013.06.19 02:37:50 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrslv.dll
[2013.06.19 02:37:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2013.06.19 02:37:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrcdlg.dll
[2013.06.19 02:37:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2013.06.19 02:37:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\racpldlg.dll
[2013.06.19 02:37:50 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2013.06.19 02:37:50 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrdm.dll
[2013.06.19 02:37:49 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchshell.dll
[2013.06.19 02:37:49 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchsvc.dll
[2013.06.19 02:37:48 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2013.06.19 02:37:48 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2013.06.19 02:37:48 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2013.06.19 02:37:47 | 000,769,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpctr.exe
[2013.06.19 02:37:47 | 000,385,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rstrui.exe
[2013.06.19 02:37:47 | 000,129,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2013.06.19 02:37:47 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2013.06.19 02:37:47 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2013.06.19 02:37:47 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2013.06.19 02:37:46 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2013.06.19 02:37:46 | 000,242,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srrstr.dll
[2013.06.19 02:37:46 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srsvc.dll
[2013.06.19 02:37:46 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2013.06.19 02:37:46 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ils.dll
[2013.06.19 02:37:46 | 000,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sr.sys
[2013.06.19 02:37:46 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srclient.dll
[2013.06.19 02:37:46 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2013.06.19 02:37:46 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmdd.dll
[2013.06.19 02:37:46 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2013.06.19 02:37:46 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\isrdbg32.dll
[2013.06.19 02:37:45 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2013.06.19 02:37:45 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2013.06.19 02:37:45 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeacct.dll
[2013.06.19 02:37:45 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2013.06.19 02:37:45 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoert2.dll
[2013.06.19 02:37:45 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2013.06.19 02:37:45 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconf.dll
[2013.06.19 02:37:45 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2013.06.19 02:37:45 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetres.dll
[2013.06.19 02:37:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmsrvc.exe
[2013.06.19 02:37:45 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2013.06.19 02:37:45 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmmkcert.dll
[2013.06.19 02:37:44 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2013.06.19 02:37:44 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll
[2013.06.19 02:37:44 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstask.dll
[2013.06.19 02:37:44 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schedsvc.dll
[2013.06.19 02:37:44 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2013.06.19 02:37:44 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2013.06.19 02:37:44 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2013.06.19 02:37:44 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdial.dll
[2013.06.19 02:37:44 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2013.06.19 02:37:44 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwphbk.dll
[2013.06.19 02:37:44 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2013.06.19 02:37:44 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstinit.exe
[2013.06.19 02:37:30 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Dokumente\Eigene Bilder
[2013.06.19 02:36:51 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Spiele
[2013.06.19 02:36:17 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Verwaltung
[2013.06.19 02:36:00 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS\Dokumente\Eigene Musik
[2013.06.19 02:35:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2013.06.19 02:35:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2013.06.19 02:35:42 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2013.06.19 02:35:42 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2013.06.19 02:35:42 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2013.06.19 02:35:41 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2013.06.19 02:35:41 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2013.06.19 02:35:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2013.06.19 02:35:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2013.06.19 02:35:41 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2013.06.19 02:35:41 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2013.06.19 02:35:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2013.06.19 02:35:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2013.06.19 02:35:34 | 000,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2013.06.19 02:35:34 | 000,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2013.06.19 02:35:34 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2013.06.19 02:35:34 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2013.06.19 02:35:34 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2013.06.19 02:35:34 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2013.06.19 02:35:33 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2013.06.19 02:35:33 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2013.06.19 02:35:33 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2013.06.19 02:35:33 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2013.06.19 02:35:33 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2013.06.19 02:35:33 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2013.06.19 02:35:32 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2013.06.19 02:35:32 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2013.06.19 02:35:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2013.06.19 02:35:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2013.06.19 02:35:32 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2013.06.19 02:35:32 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2013.06.19 02:35:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2013.06.19 02:35:32 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2013.06.19 02:35:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2013.06.19 02:35:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2013.06.19 02:35:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2013.06.19 02:35:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2013.06.19 02:35:32 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2013.06.19 02:35:32 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2013.06.19 02:35:32 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2013.06.19 02:35:32 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2013.06.19 02:35:32 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2013.06.19 02:35:32 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2013.06.19 02:35:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2013.06.19 02:35:32 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2013.06.19 02:35:32 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2013.06.19 02:35:32 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2013.06.19 02:35:31 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2013.06.19 02:35:31 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2013.06.19 02:35:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2013.06.19 02:35:31 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2013.06.19 02:35:31 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2013.06.19 02:35:31 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2013.06.19 02:35:31 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2013.06.19 02:35:31 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2013.06.19 02:35:31 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2013.06.19 02:35:30 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2013.06.19 02:35:27 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2013.06.19 02:35:27 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2013.06.19 02:35:27 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2013.06.19 02:35:27 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2013.06.19 02:35:27 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2013.06.19 02:35:27 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2013.06.19 02:35:27 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2013.06.19 02:35:27 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2013.06.19 02:35:26 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2013.06.19 02:35:26 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2013.06.19 02:35:26 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2013.06.19 02:35:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2013.06.19 02:35:26 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2013.06.19 02:35:26 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2013.06.19 02:35:26 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2013.06.19 02:35:26 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2013.06.19 02:35:25 | 000,356,352 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2013.06.19 02:35:25 | 000,188,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2013.06.19 02:35:25 | 000,188,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2013.06.19 02:35:25 | 000,133,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2013.06.19 02:35:25 | 000,133,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2013.06.19 02:35:25 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2013.06.19 02:35:25 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2013.06.19 02:35:25 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl
[2013.06.19 02:35:25 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2013.06.19 02:35:24 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2013.06.19 02:35:24 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2013.06.19 02:35:24 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2013.06.19 02:35:24 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2013.06.19 02:35:24 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2013.06.19 02:35:24 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2013.06.19 02:35:23 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2013.06.19 02:35:23 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rhttpaa.dll
[2013.06.19 02:35:23 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2013.06.19 02:35:23 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aaclient.dll
[2013.06.19 02:35:23 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2013.06.19 02:35:23 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2013.06.19 02:35:23 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscfgwmi.dll
[2013.06.19 02:35:23 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2013.06.19 02:35:23 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsgqec.dll
[2013.06.19 02:35:23 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdtcp.sys
[2013.06.19 02:35:23 | 000,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdpipe.sys
[2013.06.19 02:35:22 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2013.06.19 02:35:22 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2013.06.19 02:35:22 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2013.06.19 02:35:22 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2013.06.19 02:35:22 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe
[2013.06.19 02:35:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2013.06.19 02:35:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdshost.exe
[2013.06.19 02:35:22 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\remotepg.dll
[2013.06.19 02:35:22 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2013.06.19 02:35:22 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe
[2013.06.19 02:35:21 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2013.06.19 02:35:21 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2013.06.19 02:35:21 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll
[2013.06.19 02:35:21 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2013.06.19 02:35:21 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2013.06.19 02:35:21 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2013.06.19 02:35:21 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2013.06.19 02:35:21 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwsx.dll
[2013.06.19 02:35:21 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2013.06.19 02:35:21 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpclip.exe
[2013.06.19 02:35:21 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgbkend.dll
[2013.06.19 02:35:21 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2013.06.19 02:35:21 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2013.06.19 02:35:21 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qprocess.exe
[2013.06.19 02:35:21 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2013.06.19 02:35:21 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpsnd.dll
[2013.06.19 02:35:21 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll
[2013.06.19 02:35:20 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2013.06.19 02:35:20 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2013.06.19 02:35:20 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2013.06.19 02:35:20 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2013.06.19 02:35:20 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2013.06.19 02:35:20 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xolehlp.dll
[2013.06.19 02:35:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtc.exe
[2013.06.19 02:35:20 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2013.06.19 02:35:19 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2013.06.19 02:35:19 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2013.06.19 02:35:19 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2013.06.19 02:35:19 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2013.06.19 02:35:19 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2013.06.19 02:35:19 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2013.06.19 02:35:19 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2013.06.19 02:35:19 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2013.06.19 02:35:19 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2013.06.19 02:35:19 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2013.06.19 02:35:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2013.06.19 02:35:19 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddi

**ken545** · 2013-07-05, 21:55

Hi,

Hope your doing well .

Malwarebytes looks fine, lets get rid of that proxy.

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL
IE - HKU\S-1-5-21-1614895754-1958367476-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Then if you can post the log that Spybot produced showing the bad entry, if you cant find it than run a few scan with Spybot and post the log please

Thread: Win32.Downloader found?

Thread Tools

Display

Win32.Downloader found?

1st of three replies

2nd of three replies

3rd of three first third

3rd of three second third first half

3rd of three second third second half

Posting Permissions