Hi,
anbei nochmal den FSRT Log
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2013
Ran by LYRTW (administrator) on LX14WV on 09-12-2013 23:17:04
Running from C:\Users\lyrtw\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AutoInstaller] - C:\Program Files (x86)\netinst\NiAgnt32.exe [236696 2011-11-17] (FrontRange Solutions Deutschland GmbH)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2851112 2011-11-17] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKLM\...\Policies\Explorer: [UseDefaultTile] 1
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex [829832 2013-11-22] (Adobe Systems Incorporated)
HKCU\...\Policies\system: [RunLogonScriptSync] 1
HKCU\...\Policies\system: [HideLegacyLogonScripts] 0
HKCU\...\Policies\system: [HideLogonScripts] 0
HKCU\...\Policies\system: [SetVisualStyle]
HKCU\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKCU\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKCU\...\Policies\Explorer: [Intellimenus] 1
HKCU\...\Policies\Explorer: [NoWindowsUpdate] 1
HKCU\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKCU\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKCU\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKCU\...\Policies\Explorer: [ForceRunOnStartMenu] 1
HKCU\...\Policies\Explorer: [NoStartMenuMyGames] 1
MountPoints2: {730d8283-c9e0-11e1-a3fe-806e6f6e6963} - F:\AutoRun.exe
MountPoints2: {730d82c8-c9e0-11e1-a3fe-2477037a2a50} - E:\AutoRun.exe
HKLM-x32\...\Run: [NetInstall NiTray] - C:\Program Files (x86)\netinst\eTray.exe [49808 2011-11-17] (FrontRange Solutions Deutschland GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35768 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Discovery User Input] - C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\User Input\userin32.exe [249856 2012-09-05] ()
HKLM-x32\...\Run: [InfoClientTray] - C:\Program Files (x86)\Lanxess-Support\LXTray.exe [727552 2011-09-14] (LANXESS)
HKLM-x32\...\Run: [MLAgent] - C:\Program Files (x86)\MasterLayout\MLAGENT.exe [1792680 2012-01-17] ()
HKLM-x32\...\Run: [SGNMasterApplication] - C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNMaster.exe [94208 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
HKLM-x32\...\Run: [OfficeScanNT Monitor] - C:\Program Files (x86)\OfficeScan NT\PccNTMon.exe [1378784 2012-02-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKU\DSM.install\...\Policies\system: [HideLogonScripts] 0
HKU\DSM.install\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\DSM.install\...\Policies\system: [RunLogonScriptSync] 1
HKU\lyjwi\...\Policies\system: [HideLogonScripts] 0
HKU\lyjwi\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\lyjwi\...\Policies\system: [RunLogonScriptSync] 1
AppInit_DLLs: C:\Program Files (x86)\netinst\Nia64.dll [52296 2011-11-17] (FrontRange Solutions Deutschland GmbH)
AppInit_DLLs-x32: C:\PROGRA~2\NetInst\NiAMH.dll [56464 2011-11-17] (FrontRange Solutions Deutschland GmbH)
IFEO\dinotify.exe: [Debugger] C:\Program Files (x86)\NetInst\dinotd64.exe
Startup: C:\Users\lyrtw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t7tde3.lnk
ShortcutTarget: 7t7tde3.lnk -> C:\ProgramData\3edt7t7.dss (Корпорация Майкрософт)
==================== Internet (Whitelisted) ====================
ProxyServer: http=lx-cache.services.lanxess:8080;https=lx-cache.services.lanxess:8080;ftp=lx-cache.services.lanxess:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.portal.lanxess/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4FA16F4FA9E7CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = english,de-DE;q=0.5
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {7266A53B-5AA1-4AC8-9294-06D52EA40448} URL = hxxp://www.bing.com/search?q=
SearchScopes: HKLM - {7F79D84C-88FB-40B0-80CC-AFAFC537C6B1} URL = hxxp://search.portal.lanxess/search?q={searchTerms}&proxystylesheet=intranet
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0DA547CC-6722-419D-9B20-A459FF7DA40D} URL = hxxp://search.portal.lanxess/search?q={searchTerms}&proxystylesheet=intranet
SearchScopes: HKLM-x32 - {47C08E58-F163-408C-95AB-4C3102F25D7B} URL = hxxp://www.bing.com/search?q=
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0DA547CC-6722-419D-9B20-A459FF7DA40D} URL =
SearchScopes: HKCU - {47C08E58-F163-408C-95AB-4C3102F25D7B} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL =
SearchScopes: HKCU - {E358B6ED-49E8-46AD-82F8-8FB9CFF418A6} URL =
BHO: Plus-HD-4.9 - {11111111-1111-1111-1111-110411591118} - C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho64.dll (Plus HD)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Plus-HD-4.9 - {11111111-1111-1111-1111-110411591118} - C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho.dll (Plus HD)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {A08463E2-BF3E-4E78-9938-E4CC1981483B} https://install.mc.iconf.net/gcc_installer/genesys/mcInstall.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4BDD6AF9-3256-40CF-A07A-C728C03276AE}: [NameServer]10.74.210.210 10.74.210.211
==================== Services (Whitelisted) =================
R2 BEDevCtl; C:\Windows\SysWOW64\BEDevCtl.exe [1306624 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R2 BEFCSvcn; C:\Windows\SysWOW64\BEFCSvcn.exe [20480 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R2 DiscoveryClientAgent; C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe [1572128 2012-09-05] ()
R2 DiscoveryIPTransferAgent; C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe [601376 2012-09-05] ()
R2 esiCore; C:\Program Files (x86)\NetInst\mgmtagnt.exe [220312 2011-11-17] (FrontRange Solutions Deutschland GmbH)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2012-07-09] ()
S3 iPassConnectEngine; C:\Program Files (x86)\iPass\iPassConnect LANXESS\iPassConnectEngine.exe [1757184 2010-04-07] (iPass, Inc.)
R3 iPassPeriodicUpdateApp; C:\Program Files (x86)\iPass\iPassConnect LANXESS\iPassPeriodicUpdateApp.exe [176128 2010-04-05] (iPass, Inc.)
R2 iPassPeriodicUpdateService; C:\Program Files (x86)\iPass\iPassConnect LANXESS\iPassPeriodicUpdateService.exe [114688 2010-04-05] (iPass, Inc.)
R3 LanProbe; C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\AUDIT\lpamd64.exe [275968 2012-09-05] ()
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 LNSUSvc; c:\Program Files (x86)\Notes\SUService.exe [189832 2011-09-16] (IBM Corp)
R2 Lotus Notes Diagnostics; c:\Program Files (x86)\Notes\nsd.exe [4455600 2012-07-03] (IBM)
R2 LXInfoClient; C:\Program Files (x86)\LANXESS-Support\infoclient.exe [1095680 2011-09-14] (Lanxess Deutschland GmbH)
R2 Multi-user Cleanup Service; c:\Program Files (x86)\Notes\ntmulti.exe [71048 2011-09-16] (IBM Corp)
R2 ntrtscan; C:\Program Files (x86)\OfficeScan NT\ntrtscan.exe [2140984 2012-02-09] (Trend Micro Inc.)
R2 ProxyHostService; C:\Program Files (x86)\Proxy Networks\PROXY Pro Host\phsvc.exe [709968 2011-04-06] (Proxy Networks, Inc.)
R2 SGNAuthService; C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNAuthServicen.exe [659456 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
S2 SGNSafeModeService; C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNSafeModeServicen.exe [237568 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_BEService; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_FEService; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_LogSystem; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_Sem; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
S2 tmlisten; C:\Program Files (x86)\OfficeScan NT\tmlisten.exe [2424480 2012-02-09] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files (x86)\OfficeScan NT\TmPfw.exe [596736 2011-04-15] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files (x86)\OfficeScan NT\TmProxy.exe [918032 2011-04-15] (Trend Micro Inc.)
R2 WiFiService; C:\Program Files\Lanxess-Support\LXS_WiFi_Service.exe [2126848 2012-05-04] (Lanxess)
S2 Winmgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ersupext; "C:\Program Files (x86)\NetInst\mgmtagnt.exe" /run=ersupext.dll [x]
==================== Drivers (Whitelisted) ====================
R0 BeFlt; C:\Windows\System32\DRIVERS\BEFLT.SYS [137472 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BeFlt; C:\Windows\SysWow64\DRIVERS\BEFLT.SYS [117504 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BE_FLTI; C:\Windows\System32\DRIVERS\be_fltim.sys [71936 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BE_FLTI; C:\Windows\SysWow64\DRIVERS\be_fltim.sys [59648 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2012-07-09] (Bytemobile, Inc.)
R3 cdprku; C:\Windows\system32\Drivers\cdprku.sys [27936 2012-09-12] ()
R0 CEAES2M; C:\Windows\System32\Drivers\cegaes2m.sys [57088 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAES2M; C:\Windows\SysWow64\Drivers\cegaes2m.sys [63232 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAESM; C:\Windows\System32\Drivers\cegaesm.sys [57088 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAESM; C:\Windows\SysWow64\Drivers\cegaesm.sys [62720 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEHMACM; C:\Windows\System32\Drivers\cehmacm.sys [27904 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CERNDM; C:\Windows\System32\Drivers\CERNDM.sys [17664 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CESHAM; C:\Windows\System32\Drivers\cesham.sys [26368 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CESHAM; C:\Windows\SysWow64\Drivers\cesham.sys [24832 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [132184 2011-08-03] (Citrix Systems, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2012-07-09] (Huawei Technologies Co., Ltd.)
R0 LCENCM; C:\Windows\System32\drivers\lcencvm.sys [1424640 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 LCFILTM; C:\Windows\System32\Drivers\lcfiltvm.sys [84224 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 LCRECM; C:\Windows\System32\Drivers\lcrecvm.sys [41216 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 SGSTDRVM; C:\Windows\System32\Drivers\sgstdrvm.sys [57088 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 SGSTDRVM; C:\Windows\SysWow64\Drivers\sgstdrvm.sys [51968 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2012-07-09] (Bytemobile, Inc.)
R2 TmFilter; C:\Program Files (x86)\OfficeScan NT\TmXPFlt.sys [344864 2013-08-14] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [196688 2010-11-08] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\OfficeScan NT\TmPreFlt.sys [42272 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-11-08] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [338000 2010-11-08] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\OfficeScan NT\VSApiNt.sys [2260768 2013-08-14] (Trend Micro Inc.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2012-07-09] (Huawei Technologies Co., Ltd.)
U5 SGN_Trans; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-09 23:17 - 2013-12-09 23:19 - 00020622 _____ C:\Users\lyrtw\Desktop\FRST.txt
2013-12-09 23:16 - 2013-12-09 23:16 - 01927982 _____ (Farbar) C:\Users\lyrtw\Desktop\FRST64.exe
2013-12-09 23:16 - 2013-12-09 23:16 - 00000000 ____D C:\FRST
2013-12-09 22:55 - 2013-12-09 22:55 - 00000000 ____D C:\Users\lyrtw\Desktop\Autoruns
2013-12-09 22:48 - 2013-12-09 23:18 - 00012600 _____ C:\ProgramData\7t7tde3.bxx
2013-12-09 22:21 - 2013-12-09 22:36 - 127231689 _____ (Igor Pavlov) C:\Users\lyrtw\Desktop\OTLPENet.exe
2013-12-09 22:21 - 2013-12-09 22:21 - 01191834 _____ C:\Users\lyrtw\Desktop\ProcessExplorer.zip
2013-12-09 22:20 - 2013-12-09 22:20 - 00550371 _____ C:\Users\lyrtw\Desktop\Autoruns.zip
2013-12-09 22:19 - 2013-12-09 22:19 - 00891184 _____ C:\Users\lyrtw\Desktop\SecurityCheck.exe
2013-12-09 22:18 - 2013-12-09 22:30 - 00023558 _____ C:\Users\lyrtw\Desktop\Addition.txt
2013-12-09 22:18 - 2013-12-09 22:18 - 00602112 _____ (OldTimer Tools) C:\Users\lyrtw\Desktop\OTL.exe
2013-12-09 22:18 - 2013-12-09 22:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\lyrtw\Desktop\HijackThis.exe
2013-11-22 20:10 - 2013-12-09 21:28 - 00000000 _____ C:\ProgramData\7t7tde3.fvv
2013-11-22 20:10 - 2013-11-22 20:10 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\3edt7t7.dss
2013-11-22 20:10 - 2013-11-22 20:10 - 00095850 _____ C:\Users\lyrtw\Documents_1131022_191025.dmp
2013-11-22 20:10 - 2013-11-22 20:10 - 00060520 ____T (Microsoft Corporation) C:\ProgramData\7t7tde3.pss
2013-11-22 20:10 - 2013-11-22 20:10 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_191025_main.txt
2013-11-22 19:26 - 2013-11-22 19:26 - 00093062 _____ C:\Users\lyrtw\Documents_1131022_182611.dmp
2013-11-22 19:26 - 2013-11-22 19:26 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_182611_main.txt
2013-11-22 19:22 - 2013-11-22 19:22 - 00001081 _____ C:\Users\lyrtw\Desktop\Free FLV Converter.lnk
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Users\lyrtw\AppData\Roaming\FreeFLVConverter
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Windows Searchqu Toolbar
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-11-22 19:22 - 2012-10-17 16:37 - 00397312 _____ (Koyote Soft) C:\Windows\SysWOW64\TubeFinder.exe
2013-11-22 19:22 - 2011-09-28 09:18 - 00364544 _____ C:\Windows\SysWOW64\PropertyGrid.ocx
2013-11-22 19:22 - 2011-09-28 09:18 - 00208500 _____ C:\Windows\SysWOW64\ReyXpBasics.tlb
2013-11-22 19:22 - 2011-09-28 09:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00084512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PICCLP32.OCX
2013-11-22 19:22 - 2011-09-28 09:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00024576 _____ C:\Windows\SysWOW64\ControlSubX.ocx
2013-11-22 19:22 - 2011-09-28 09:18 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCCLPFR.DLL
2013-11-22 19:19 - 2013-11-22 19:21 - 00000000 ____D C:\Users\lyrtw\AppData\Roaming\dcunningham.net
2013-11-22 19:19 - 2013-11-22 19:21 - 00000000 ____D C:\Users\lyrtw\AppData\Local\dcunningham.net
2013-11-22 19:19 - 2013-11-22 19:19 - 00000000 ____D C:\Users\lyrtw\Documents\EncodeHD Log Files
2013-11-22 18:56 - 2013-11-22 18:56 - 00098810 _____ C:\Users\lyrtw\Documents_1131022_175635.dmp
2013-11-22 18:56 - 2013-11-22 18:56 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_175635_main.txt
2013-11-22 18:54 - 2013-11-22 18:54 - 00111043 _____ C:\Users\lyrtw\Documents_1131022_175430.dmp
2013-11-22 18:54 - 2013-11-22 18:54 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_175430_main.txt
2013-11-22 18:43 - 2013-11-22 18:43 - 00116964 _____ C:\Users\lyrtw\Documents_1131022_174353.dmp
2013-11-22 18:43 - 2013-11-22 18:43 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_174353_main.txt
2013-11-22 18:40 - 2013-11-22 18:40 - 00116428 _____ C:\Users\lyrtw\Documents_1131022_174035.dmp
2013-11-22 18:34 - 2013-12-09 21:28 - 00001296 _____ C:\Windows\Tasks\Plus-HD-4.9-updater.job
2013-11-22 18:34 - 2013-12-09 21:28 - 00001098 _____ C:\Windows\Tasks\Plus-HD-4.9-enabler.job
2013-11-22 18:34 - 2013-11-22 18:34 - 00004326 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-updater
2013-11-22 18:34 - 2013-11-22 18:34 - 00004128 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-enabler
2013-11-22 18:34 - 2013-11-22 18:34 - 00000550 _____ C:\Windows\VideoDownloader.INI
2013-11-22 18:33 - 2013-12-09 21:28 - 00001904 _____ C:\Windows\Tasks\Plus-HD-4.9-chromeinstaller.job
2013-11-22 18:33 - 2013-12-09 21:28 - 00001198 _____ C:\Windows\Tasks\Plus-HD-4.9-codedownloader.job
2013-11-22 18:33 - 2013-11-22 18:34 - 00000000 ____D C:\Program Files (x86)\Plus-HD-4.9
2013-11-22 18:33 - 2013-11-22 18:33 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-codedownloader
2013-11-22 18:31 - 2013-11-22 20:37 - 00000000 ____D C:\Program Files (x86)\iWisoft Free Video Downloader
2013-11-22 18:31 - 2013-11-22 18:31 - 03127375 _____ (www.iwisoft.com ) C:\Users\lyrtw\Desktop\flashvideodownloader.exe
2013-11-22 18:31 - 2013-11-22 18:31 - 00001047 _____ C:\Users\lyrtw\Desktop\iWisoft Free Video Downloader.lnk
2013-11-22 18:31 - 2013-11-22 18:31 - 00000000 ____D C:\Users\lyrtw\Documents\iWisoft Free Video Downloader
==================== One Month Modified Files and Folders =======
2013-12-09 23:19 - 2013-12-09 23:17 - 00020622 _____ C:\Users\lyrtw\Desktop\FRST.txt
2013-12-09 23:18 - 2013-12-09 22:48 - 00012600 _____ C:\ProgramData\7t7tde3.bxx
2013-12-09 23:16 - 2013-12-09 23:16 - 01927982 _____ (Farbar) C:\Users\lyrtw\Desktop\FRST64.exe
2013-12-09 23:16 - 2013-12-09 23:16 - 00000000 ____D C:\FRST
2013-12-09 23:11 - 2012-07-03 08:48 - 01383143 _____ C:\Windows\WindowsUpdate.log
2013-12-09 22:59 - 2012-07-04 12:25 - 00000000 ___RD C:\Users\lyrtw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-09 22:55 - 2013-12-09 22:55 - 00000000 ____D C:\Users\lyrtw\Desktop\Autoruns
2013-12-09 22:38 - 2009-07-14 05:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-09 22:38 - 2009-07-14 05:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-09 22:36 - 2013-12-09 22:21 - 127231689 _____ (Igor Pavlov) C:\Users\lyrtw\Desktop\OTLPENet.exe
2013-12-09 22:31 - 2012-07-30 20:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-09 22:30 - 2013-12-09 22:18 - 00023558 _____ C:\Users\lyrtw\Desktop\Addition.txt
2013-12-09 22:21 - 2013-12-09 22:21 - 01191834 _____ C:\Users\lyrtw\Desktop\ProcessExplorer.zip
2013-12-09 22:20 - 2013-12-09 22:20 - 00550371 _____ C:\Users\lyrtw\Desktop\Autoruns.zip
2013-12-09 22:19 - 2013-12-09 22:19 - 00891184 _____ C:\Users\lyrtw\Desktop\SecurityCheck.exe
2013-12-09 22:18 - 2013-12-09 22:18 - 00602112 _____ (OldTimer Tools) C:\Users\lyrtw\Desktop\OTL.exe
2013-12-09 22:18 - 2013-12-09 22:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\lyrtw\Desktop\HijackThis.exe
2013-12-09 21:58 - 2012-07-30 20:21 - 00000000 ____D C:\Users\lyrtw\AppData\Local\Google
2013-12-09 21:58 - 2012-07-30 20:21 - 00000000 ____D C:\ProgramData\Google
2013-12-09 21:58 - 2012-07-30 20:21 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-09 21:28 - 2013-11-22 20:10 - 00000000 _____ C:\ProgramData\7t7tde3.fvv
2013-12-09 21:28 - 2013-11-22 18:34 - 00001296 _____ C:\Windows\Tasks\Plus-HD-4.9-updater.job
2013-12-09 21:28 - 2013-11-22 18:34 - 00001098 _____ C:\Windows\Tasks\Plus-HD-4.9-enabler.job
2013-12-09 21:28 - 2013-11-22 18:33 - 00001904 _____ C:\Windows\Tasks\Plus-HD-4.9-chromeinstaller.job
2013-12-09 21:28 - 2013-11-22 18:33 - 00001198 _____ C:\Windows\Tasks\Plus-HD-4.9-codedownloader.job
2013-12-09 21:28 - 2012-07-03 09:17 - 00030726 _____ C:\SUService.log
2013-12-09 21:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-09 21:27 - 2009-07-14 05:51 - 00056559 _____ C:\Windows\setupact.log
2013-11-22 20:48 - 2012-07-03 12:01 - 00000000 ____D C:\Program Files (x86)\OfficeScan NT
2013-11-22 20:37 - 2013-11-22 18:31 - 00000000 ____D C:\Program Files (x86)\iWisoft Free Video Downloader
2013-11-22 20:15 - 2012-03-27 16:01 - 00741832 _____ C:\Windows\system32\prfh0816.dat
2013-11-22 20:15 - 2012-03-27 16:01 - 00159494 _____ C:\Windows\system32\prfc0816.dat
2013-11-22 20:15 - 2012-03-27 15:42 - 00726620 _____ C:\Windows\system32\prfh0416.dat
2013-11-22 20:15 - 2012-03-27 15:42 - 00154086 _____ C:\Windows\system32\prfc0416.dat
2013-11-22 20:15 - 2012-03-27 15:26 - 00756010 _____ C:\Windows\system32\perfh013.dat
2013-11-22 20:15 - 2012-03-27 15:26 - 00159522 _____ C:\Windows\system32\perfc013.dat
2013-11-22 20:15 - 2012-03-27 15:05 - 00442216 _____ C:\Windows\system32\perfh012.dat
2013-11-22 20:15 - 2012-03-27 15:05 - 00127088 _____ C:\Windows\system32\perfc012.dat
2013-11-22 20:15 - 2012-03-27 14:45 - 00430622 _____ C:\Windows\system32\perfh011.dat
2013-11-22 20:15 - 2012-03-27 14:45 - 00128800 _____ C:\Windows\system32\perfc011.dat
2013-11-22 20:15 - 2012-03-27 14:30 - 00752832 _____ C:\Windows\system32\perfh010.dat
2013-11-22 20:15 - 2012-03-27 14:30 - 00153394 _____ C:\Windows\system32\perfc010.dat
2013-11-22 20:15 - 2012-03-27 14:17 - 00758296 _____ C:\Windows\system32\perfh00C.dat
2013-11-22 20:15 - 2012-03-27 14:17 - 00155898 _____ C:\Windows\system32\perfc00C.dat
2013-11-22 20:15 - 2012-03-27 14:06 - 00758140 _____ C:\Windows\system32\perfh00A.dat
2013-11-22 20:15 - 2012-03-27 14:06 - 00164930 _____ C:\Windows\system32\perfc00A.dat
2013-11-22 20:15 - 2012-03-27 13:54 - 00717750 _____ C:\Windows\system32\perfh007.dat
2013-11-22 20:15 - 2012-03-27 13:54 - 00155522 _____ C:\Windows\system32\perfc007.dat
2013-11-22 20:15 - 2009-07-14 06:13 - 08243856 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 20:10 - 2013-11-22 20:10 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\3edt7t7.dss
2013-11-22 20:10 - 2013-11-22 20:10 - 00095850 _____ C:\Users\lyrtw\Documents_1131022_191025.dmp
2013-11-22 20:10 - 2013-11-22 20:10 - 00060520 ____T (Microsoft Corporation) C:\ProgramData\7t7tde3.pss
2013-11-22 20:10 - 2013-11-22 20:10 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_191025_main.txt
2013-11-22 20:10 - 2012-07-04 12:24 - 00000000 ____D C:\Users\lyrtw
2013-11-22 19:32 - 2012-07-30 20:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-22 19:32 - 2012-07-30 20:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-22 19:32 - 2012-07-30 20:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-22 19:26 - 2013-11-22 19:26 - 00093062 _____ C:\Users\lyrtw\Documents_1131022_182611.dmp
2013-11-22 19:26 - 2013-11-22 19:26 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_182611_main.txt
2013-11-22 19:22 - 2013-11-22 19:22 - 00001081 _____ C:\Users\lyrtw\Desktop\Free FLV Converter.lnk
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Users\lyrtw\AppData\Roaming\FreeFLVConverter
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Windows Searchqu Toolbar
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-11-22 19:21 - 2013-11-22 19:19 - 00000000 ____D C:\Users\lyrtw\AppData\Roaming\dcunningham.net
2013-11-22 19:21 - 2013-11-22 19:19 - 00000000 ____D C:\Users\lyrtw\AppData\Local\dcunningham.net
2013-11-22 19:19 - 2013-11-22 19:19 - 00000000 ____D C:\Users\lyrtw\Documents\EncodeHD Log Files
2013-11-22 18:56 - 2013-11-22 18:56 - 00098810 _____ C:\Users\lyrtw\Documents_1131022_175635.dmp
2013-11-22 18:56 - 2013-11-22 18:56 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_175635_main.txt
2013-11-22 18:54 - 2013-11-22 18:54 - 00111043 _____ C:\Users\lyrtw\Documents_1131022_175430.dmp
2013-11-22 18:54 - 2013-11-22 18:54 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_175430_main.txt
2013-11-22 18:50 - 2010-11-21 04:47 - 00036830 _____ C:\Windows\PFRO.log
2013-11-22 18:43 - 2013-11-22 18:43 - 00116964 _____ C:\Users\lyrtw\Documents_1131022_174353.dmp
2013-11-22 18:43 - 2013-11-22 18:43 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_174353_main.txt
2013-11-22 18:40 - 2013-11-22 18:40 - 00116428 _____ C:\Users\lyrtw\Documents_1131022_174035.dmp
2013-11-22 18:34 - 2013-11-22 18:34 - 00004326 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-updater
2013-11-22 18:34 - 2013-11-22 18:34 - 00004128 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-enabler
2013-11-22 18:34 - 2013-11-22 18:34 - 00000550 _____ C:\Windows\VideoDownloader.INI
2013-11-22 18:34 - 2013-11-22 18:33 - 00000000 ____D C:\Program Files (x86)\Plus-HD-4.9
2013-11-22 18:33 - 2013-11-22 18:33 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-codedownloader
2013-11-22 18:31 - 2013-11-22 18:31 - 03127375 _____ (www.iwisoft.com ) C:\Users\lyrtw\Desktop\flashvideodownloader.exe
2013-11-22 18:31 - 2013-11-22 18:31 - 00001047 _____ C:\Users\lyrtw\Desktop\iWisoft Free Video Downloader.lnk
2013-11-22 18:31 - 2013-11-22 18:31 - 00000000 ____D C:\Users\lyrtw\Documents\iWisoft Free Video Downloader
2013-11-22 18:25 - 2012-07-04 12:26 - 00000000 ____D C:\Users\lyrtw\AppData\Roaming\SAP
2013-11-22 18:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-22 18:14 - 2009-07-14 05:45 - 00419416 _____ C:\Windows\system32\FNTCACHE.DAT
Files to move or delete:
====================
C:\ProgramData\3edt7t7.dss
C:\ProgramData\7t7tde3.bxx
C:\ProgramData\7t7tde3.fvv
C:\ProgramData\7t7tde3.pss
Some content of TEMP:
====================
C:\Users\lyrtw\AppData\Local\Temp\0710.dll
C:\Users\lyrtw\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\lyrtw\AppData\Local\Temp\IMsetup.exe
C:\Users\lyrtw\AppData\Local\Temp\installhelper.dll
C:\Users\lyrtw\AppData\Local\Temp\lx1sngha.dll
C:\Users\lyrtw\AppData\Local\Temp\plus-hd-4-9.exe
C:\Users\lyrtw\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\lyrtw\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\lyrtw\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-09-28 13:43
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
--- --- ---
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2013
Ran by WTRYL (administrator) on VW41XL on 09-12-2013 23:17:04
Running from C:\Users\WTRYL\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AutoInstaller] - C:\Program Files (x86)\netinst\NiAgnt32.exe [236696 2011-11-17] (FrontRange Solutions Deutschland GmbH)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2851112 2011-11-17] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKLM\...\Policies\Explorer: [UseDefaultTile] 1
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex [829832 2013-11-22] (Adobe Systems Incorporated)
HKCU\...\Policies\system: [RunLogonScriptSync] 1
HKCU\...\Policies\system: [HideLegacyLogonScripts] 0
HKCU\...\Policies\system: [HideLogonScripts] 0
HKCU\...\Policies\system: [SetVisualStyle]
HKCU\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKCU\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKCU\...\Policies\Explorer: [Intellimenus] 1
HKCU\...\Policies\Explorer: [NoWindowsUpdate] 1
HKCU\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKCU\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKCU\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKCU\...\Policies\Explorer: [ForceRunOnStartMenu] 1
HKCU\...\Policies\Explorer: [NoStartMenuMyGames] 1
MountPoints2: {730d8283-c9e0-11e1-a3fe-806e6f6e6963} - F:\AutoRun.exe
MountPoints2: {730d82c8-c9e0-11e1-a3fe-2477037a2a50} - E:\AutoRun.exe
HKLM-x32\...\Run: [NetInstall NiTray] - C:\Program Files (x86)\netinst\eTray.exe [49808 2011-11-17] (FrontRange Solutions Deutschland GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35768 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Discovery User Input] - C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\User Input\userin32.exe [249856 2012-09-05] ()
HKLM-x32\...\Run: [InfoClientTray] - C:\Program Files (x86)\Lanxess-Support\LXTray.exe [727552 2011-09-14] (LANXESS)
HKLM-x32\...\Run: [MLAgent] - C:\Program Files (x86)\MasterLayout\MLAGENT.exe [1792680 2012-01-17] ()
HKLM-x32\...\Run: [SGNMasterApplication] - C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNMaster.exe [94208 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
HKLM-x32\...\Run: [OfficeScanNT Monitor] - C:\Program Files (x86)\OfficeScan NT\PccNTMon.exe [1378784 2012-02-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKU\DSM.install\...\Policies\system: [HideLogonScripts] 0
HKU\DSM.install\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\DSM.install\...\Policies\system: [RunLogonScriptSync] 1
HKU\lyjwi\...\Policies\system: [HideLogonScripts] 0
HKU\lyjwi\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\lyjwi\...\Policies\system: [RunLogonScriptSync] 1
AppInit_DLLs: C:\Program Files (x86)\netinst\Nia64.dll [52296 2011-11-17] (FrontRange Solutions Deutschland GmbH)
AppInit_DLLs-x32: C:\PROGRA~2\NetInst\NiAMH.dll [56464 2011-11-17] (FrontRange Solutions Deutschland GmbH)
IFEO\dinotify.exe: [Debugger] C:\Program Files (x86)\NetInst\dinotd64.exe
Startup: C:\Users\WTRYL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t7tde3.lnk
ShortcutTarget: 7t7tde3.lnk -> C:\ProgramData\3edt7t7.dss (Корпорация Майкрософт)
==================== Internet (Whitelisted) ====================
ProxyServer: http=lx-cache.services.lanxess:8080;https=lx-cache.services.lanxess:8080;ftp=lx-cache.services.lanxess:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.portal.lanxess/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4FA16F4FA9E7CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = english,de-DE;q=0.5
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {7266A53B-5AA1-4AC8-9294-06D52EA40448} URL = hxxp://www.bing.com/search?q=
SearchScopes: HKLM - {7F79D84C-88FB-40B0-80CC-AFAFC537C6B1} URL = hxxp://search.portal.lanxess/search?q={searchTerms}&proxystylesheet=intranet
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0DA547CC-6722-419D-9B20-A459FF7DA40D} URL = hxxp://search.portal.lanxess/search?q={searchTerms}&proxystylesheet=intranet
SearchScopes: HKLM-x32 - {47C08E58-F163-408C-95AB-4C3102F25D7B} URL = hxxp://www.bing.com/search?q=
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0DA547CC-6722-419D-9B20-A459FF7DA40D} URL =
SearchScopes: HKCU - {47C08E58-F163-408C-95AB-4C3102F25D7B} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL =
SearchScopes: HKCU - {E358B6ED-49E8-46AD-82F8-8FB9CFF418A6} URL =
BHO: Plus-HD-4.9 - {11111111-1111-1111-1111-110411591118} - C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho64.dll (Plus HD)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Plus-HD-4.9 - {11111111-1111-1111-1111-110411591118} - C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho.dll (Plus HD)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {A08463E2-BF3E-4E78-9938-E4CC1981483B} https://install.mc.iconf.net/gcc_installer/genesys/mcInstall.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4BDD6AF9-3256-40CF-A07A-C728C03276AE}: [NameServer]10.74.210.210 10.74.210.211
==================== Services (Whitelisted) =================
R2 BEDevCtl; C:\Windows\SysWOW64\BEDevCtl.exe [1306624 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R2 BEFCSvcn; C:\Windows\SysWOW64\BEFCSvcn.exe [20480 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R2 DiscoveryClientAgent; C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe [1572128 2012-09-05] ()
R2 DiscoveryIPTransferAgent; C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe [601376 2012-09-05] ()
R2 esiCore; C:\Program Files (x86)\NetInst\mgmtagnt.exe [220312 2011-11-17] (FrontRange Solutions Deutschland GmbH)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2012-07-09] ()
S3 iPassConnectEngine; C:\Program Files (x86)\iPass\iPassConnect LANXESS\iPassConnectEngine.exe [1757184 2010-04-07] (iPass, Inc.)
R3 iPassPeriodicUpdateApp; C:\Program Files (x86)\iPass\iPassConnect LANXESS\iPassPeriodicUpdateApp.exe [176128 2010-04-05] (iPass, Inc.)
R2 iPassPeriodicUpdateService; C:\Program Files (x86)\iPass\iPassConnect LANXESS\iPassPeriodicUpdateService.exe [114688 2010-04-05] (iPass, Inc.)
R3 LanProbe; C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\AUDIT\lpamd64.exe [275968 2012-09-05] ()
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 LNSUSvc; c:\Program Files (x86)\Notes\SUService.exe [189832 2011-09-16] (IBM Corp)
R2 Lotus Notes Diagnostics; c:\Program Files (x86)\Notes\nsd.exe [4455600 2012-07-03] (IBM)
R2 LXInfoClient; C:\Program Files (x86)\LANXESS-Support\infoclient.exe [1095680 2011-09-14] (Lanxess Deutschland GmbH)
R2 Multi-user Cleanup Service; c:\Program Files (x86)\Notes\ntmulti.exe [71048 2011-09-16] (IBM Corp)
R2 ntrtscan; C:\Program Files (x86)\OfficeScan NT\ntrtscan.exe [2140984 2012-02-09] (Trend Micro Inc.)
R2 ProxyHostService; C:\Program Files (x86)\Proxy Networks\PROXY Pro Host\phsvc.exe [709968 2011-04-06] (Proxy Networks, Inc.)
R2 SGNAuthService; C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNAuthServicen.exe [659456 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
S2 SGNSafeModeService; C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNSafeModeServicen.exe [237568 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_BEService; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_FEService; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_LogSystem; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_Sem; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
S2 tmlisten; C:\Program Files (x86)\OfficeScan NT\tmlisten.exe [2424480 2012-02-09] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files (x86)\OfficeScan NT\TmPfw.exe [596736 2011-04-15] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files (x86)\OfficeScan NT\TmProxy.exe [918032 2011-04-15] (Trend Micro Inc.)
R2 WiFiService; C:\Program Files\Lanxess-Support\LXS_WiFi_Service.exe [2126848 2012-05-04] (Lanxess)
S2 Winmgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ersupext; "C:\Program Files (x86)\NetInst\mgmtagnt.exe" /run=ersupext.dll [x]
==================== Drivers (Whitelisted) ====================
R0 BeFlt; C:\Windows\System32\DRIVERS\BEFLT.SYS [137472 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BeFlt; C:\Windows\SysWow64\DRIVERS\BEFLT.SYS [117504 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BE_FLTI; C:\Windows\System32\DRIVERS\be_fltim.sys [71936 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BE_FLTI; C:\Windows\SysWow64\DRIVERS\be_fltim.sys [59648 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2012-07-09] (Bytemobile, Inc.)
R3 cdprku; C:\Windows\system32\Drivers\cdprku.sys [27936 2012-09-12] ()
R0 CEAES2M; C:\Windows\System32\Drivers\cegaes2m.sys [57088 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAES2M; C:\Windows\SysWow64\Drivers\cegaes2m.sys [63232 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAESM; C:\Windows\System32\Drivers\cegaesm.sys [57088 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAESM; C:\Windows\SysWow64\Drivers\cegaesm.sys [62720 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEHMACM; C:\Windows\System32\Drivers\cehmacm.sys [27904 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CERNDM; C:\Windows\System32\Drivers\CERNDM.sys [17664 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CESHAM; C:\Windows\System32\Drivers\cesham.sys [26368 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CESHAM; C:\Windows\SysWow64\Drivers\cesham.sys [24832 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [132184 2011-08-03] (Citrix Systems, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2012-07-09] (Huawei Technologies Co., Ltd.)
R0 LCENCM; C:\Windows\System32\drivers\lcencvm.sys [1424640 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 LCFILTM; C:\Windows\System32\Drivers\lcfiltvm.sys [84224 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 LCRECM; C:\Windows\System32\Drivers\lcrecvm.sys [41216 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 SGSTDRVM; C:\Windows\System32\Drivers\sgstdrvm.sys [57088 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 SGSTDRVM; C:\Windows\SysWow64\Drivers\sgstdrvm.sys [51968 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2012-07-09] (Bytemobile, Inc.)
R2 TmFilter; C:\Program Files (x86)\OfficeScan NT\TmXPFlt.sys [344864 2013-08-14] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [196688 2010-11-08] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\OfficeScan NT\TmPreFlt.sys [42272 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-11-08] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [338000 2010-11-08] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\OfficeScan NT\VSApiNt.sys [2260768 2013-08-14] (Trend Micro Inc.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2012-07-09] (Huawei Technologies Co., Ltd.)
U5 SGN_Trans; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-09 23:17 - 2013-12-09 23:19 - 00020622 _____ C:\Users\WTRYL\Desktop\FRST.txt
2013-12-09 23:16 - 2013-12-09 23:16 - 01927982 _____ (Farbar) C:\Users\WTRYL\Desktop\FRST64.exe
2013-12-09 23:16 - 2013-12-09 23:16 - 00000000 ____D C:\FRST
2013-12-09 22:55 - 2013-12-09 22:55 - 00000000 ____D C:\Users\WTRYL\Desktop\Autoruns
2013-12-09 22:48 - 2013-12-09 23:18 - 00012600 _____ C:\ProgramData\7t7tde3.bxx
2013-12-09 22:21 - 2013-12-09 22:36 - 127231689 _____ (Igor Pavlov) C:\Users\WTRYL\Desktop\OTLPENet.exe
2013-12-09 22:21 - 2013-12-09 22:21 - 01191834 _____ C:\Users\WTRYL\Desktop\ProcessExplorer.zip
2013-12-09 22:20 - 2013-12-09 22:20 - 00550371 _____ C:\Users\WTRYL\Desktop\Autoruns.zip
2013-12-09 22:19 - 2013-12-09 22:19 - 00891184 _____ C:\Users\WTRYL\Desktop\SecurityCheck.exe
2013-12-09 22:18 - 2013-12-09 22:30 - 00023558 _____ C:\Users\WTRYL\Desktop\Addition.txt
2013-12-09 22:18 - 2013-12-09 22:18 - 00602112 _____ (OldTimer Tools) C:\Users\WTRYL\Desktop\OTL.exe
2013-12-09 22:18 - 2013-12-09 22:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\WTRYL\Desktop\HijackThis.exe
2013-11-22 20:10 - 2013-12-09 21:28 - 00000000 _____ C:\ProgramData\7t7tde3.fvv
2013-11-22 20:10 - 2013-11-22 20:10 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\3edt7t7.dss
2013-11-22 20:10 - 2013-11-22 20:10 - 00095850 _____ C:\Users\WTRYL\Documents_1131022_191025.dmp
2013-11-22 20:10 - 2013-11-22 20:10 - 00060520 ____T (Microsoft Corporation) C:\ProgramData\7t7tde3.pss
2013-11-22 20:10 - 2013-11-22 20:10 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_191025_main.txt
2013-11-22 19:26 - 2013-11-22 19:26 - 00093062 _____ C:\Users\WTRYL\Documents_1131022_182611.dmp
2013-11-22 19:26 - 2013-11-22 19:26 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_182611_main.txt
2013-11-22 19:22 - 2013-11-22 19:22 - 00001081 _____ C:\Users\WTRYL\Desktop\Free FLV Converter.lnk
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\FreeFLVConverter
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Windows Searchqu Toolbar
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-11-22 19:22 - 2012-10-17 16:37 - 00397312 _____ (Koyote Soft) C:\Windows\SysWOW64\TubeFinder.exe
2013-11-22 19:22 - 2011-09-28 09:18 - 00364544 _____ C:\Windows\SysWOW64\PropertyGrid.ocx
2013-11-22 19:22 - 2011-09-28 09:18 - 00208500 _____ C:\Windows\SysWOW64\ReyXpBasics.tlb
2013-11-22 19:22 - 2011-09-28 09:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00084512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PICCLP32.OCX
2013-11-22 19:22 - 2011-09-28 09:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00024576 _____ C:\Windows\SysWOW64\ControlSubX.ocx
2013-11-22 19:22 - 2011-09-28 09:18 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCCLPFR.DLL
2013-11-22 19:19 - 2013-11-22 19:21 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\dcunningham.net
2013-11-22 19:19 - 2013-11-22 19:21 - 00000000 ____D C:\Users\WTRYL\AppData\Local\dcunningham.net
2013-11-22 19:19 - 2013-11-22 19:19 - 00000000 ____D C:\Users\WTRYL\Documents\EncodeHD Log Files
2013-11-22 18:56 - 2013-11-22 18:56 - 00098810 _____ C:\Users\WTRYL\Documents_1131022_175635.dmp
2013-11-22 18:56 - 2013-11-22 18:56 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_175635_main.txt
2013-11-22 18:54 - 2013-11-22 18:54 - 00111043 _____ C:\Users\WTRYL\Documents_1131022_175430.dmp
2013-11-22 18:54 - 2013-11-22 18:54 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_175430_main.txt
2013-11-22 18:43 - 2013-11-22 18:43 - 00116964 _____ C:\Users\WTRYL\Documents_1131022_174353.dmp
2013-11-22 18:43 - 2013-11-22 18:43 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_174353_main.txt
2013-11-22 18:40 - 2013-11-22 18:40 - 00116428 _____ C:\Users\WTRYL\Documents_1131022_174035.dmp
2013-11-22 18:34 - 2013-12-09 21:28 - 00001296 _____ C:\Windows\Tasks\Plus-HD-4.9-updater.job
2013-11-22 18:34 - 2013-12-09 21:28 - 00001098 _____ C:\Windows\Tasks\Plus-HD-4.9-enabler.job
2013-11-22 18:34 - 2013-11-22 18:34 - 00004326 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-updater
2013-11-22 18:34 - 2013-11-22 18:34 - 00004128 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-enabler
2013-11-22 18:34 - 2013-11-22 18:34 - 00000550 _____ C:\Windows\VideoDownloader.INI
2013-11-22 18:33 - 2013-12-09 21:28 - 00001904 _____ C:\Windows\Tasks\Plus-HD-4.9-chromeinstaller.job
2013-11-22 18:33 - 2013-12-09 21:28 - 00001198 _____ C:\Windows\Tasks\Plus-HD-4.9-codedownloader.job
2013-11-22 18:33 - 2013-11-22 18:34 - 00000000 ____D C:\Program Files (x86)\Plus-HD-4.9
2013-11-22 18:33 - 2013-11-22 18:33 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-codedownloader
2013-11-22 18:31 - 2013-11-22 20:37 - 00000000 ____D C:\Program Files (x86)\iWisoft Free Video Downloader
2013-11-22 18:31 - 2013-11-22 18:31 - 03127375 _____ (www.iwisoft.com ) C:\Users\WTRYL\Desktop\flashvideodownloader.exe
2013-11-22 18:31 - 2013-11-22 18:31 - 00001047 _____ C:\Users\WTRYL\Desktop\iWisoft Free Video Downloader.lnk
2013-11-22 18:31 - 2013-11-22 18:31 - 00000000 ____D C:\Users\WTRYL\Documents\iWisoft Free Video Downloader
==================== One Month Modified Files and Folders =======
2013-12-09 23:19 - 2013-12-09 23:17 - 00020622 _____ C:\Users\WTRYL\Desktop\FRST.txt
2013-12-09 23:18 - 2013-12-09 22:48 - 00012600 _____ C:\ProgramData\7t7tde3.bxx
2013-12-09 23:16 - 2013-12-09 23:16 - 01927982 _____ (Farbar) C:\Users\WTRYL\Desktop\FRST64.exe
2013-12-09 23:16 - 2013-12-09 23:16 - 00000000 ____D C:\FRST
2013-12-09 23:11 - 2012-07-03 08:48 - 01383143 _____ C:\Windows\WindowsUpdate.log
2013-12-09 22:59 - 2012-07-04 12:25 - 00000000 ___RD C:\Users\WTRYL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-09 22:55 - 2013-12-09 22:55 - 00000000 ____D C:\Users\WTRYL\Desktop\Autoruns
2013-12-09 22:38 - 2009-07-14 05:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-09 22:38 - 2009-07-14 05:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-09 22:36 - 2013-12-09 22:21 - 127231689 _____ (Igor Pavlov) C:\Users\WTRYL\Desktop\OTLPENet.exe
2013-12-09 22:31 - 2012-07-30 20:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-09 22:30 - 2013-12-09 22:18 - 00023558 _____ C:\Users\WTRYL\Desktop\Addition.txt
2013-12-09 22:21 - 2013-12-09 22:21 - 01191834 _____ C:\Users\WTRYL\Desktop\ProcessExplorer.zip
2013-12-09 22:20 - 2013-12-09 22:20 - 00550371 _____ C:\Users\WTRYL\Desktop\Autoruns.zip
2013-12-09 22:19 - 2013-12-09 22:19 - 00891184 _____ C:\Users\WTRYL\Desktop\SecurityCheck.exe
2013-12-09 22:18 - 2013-12-09 22:18 - 00602112 _____ (OldTimer Tools) C:\Users\WTRYL\Desktop\OTL.exe
2013-12-09 22:18 - 2013-12-09 22:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\WTRYL\Desktop\HijackThis.exe
2013-12-09 21:58 - 2012-07-30 20:21 - 00000000 ____D C:\Users\WTRYL\AppData\Local\Google
2013-12-09 21:58 - 2012-07-30 20:21 - 00000000 ____D C:\ProgramData\Google
2013-12-09 21:58 - 2012-07-30 20:21 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-09 21:28 - 2013-11-22 20:10 - 00000000 _____ C:\ProgramData\7t7tde3.fvv
2013-12-09 21:28 - 2013-11-22 18:34 - 00001296 _____ C:\Windows\Tasks\Plus-HD-4.9-updater.job
2013-12-09 21:28 - 2013-11-22 18:34 - 00001098 _____ C:\Windows\Tasks\Plus-HD-4.9-enabler.job
2013-12-09 21:28 - 2013-11-22 18:33 - 00001904 _____ C:\Windows\Tasks\Plus-HD-4.9-chromeinstaller.job
2013-12-09 21:28 - 2013-11-22 18:33 - 00001198 _____ C:\Windows\Tasks\Plus-HD-4.9-codedownloader.job
2013-12-09 21:28 - 2012-07-03 09:17 - 00030726 _____ C:\SUService.log
2013-12-09 21:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-09 21:27 - 2009-07-14 05:51 - 00056559 _____ C:\Windows\setupact.log
2013-11-22 20:48 - 2012-07-03 12:01 - 00000000 ____D C:\Program Files (x86)\OfficeScan NT
2013-11-22 20:37 - 2013-11-22 18:31 - 00000000 ____D C:\Program Files (x86)\iWisoft Free Video Downloader
2013-11-22 20:15 - 2012-03-27 16:01 - 00741832 _____ C:\Windows\system32\prfh0816.dat
2013-11-22 20:15 - 2012-03-27 16:01 - 00159494 _____ C:\Windows\system32\prfc0816.dat
2013-11-22 20:15 - 2012-03-27 15:42 - 00726620 _____ C:\Windows\system32\prfh0416.dat
2013-11-22 20:15 - 2012-03-27 15:42 - 00154086 _____ C:\Windows\system32\prfc0416.dat
2013-11-22 20:15 - 2012-03-27 15:26 - 00756010 _____ C:\Windows\system32\perfh013.dat
2013-11-22 20:15 - 2012-03-27 15:26 - 00159522 _____ C:\Windows\system32\perfc013.dat
2013-11-22 20:15 - 2012-03-27 15:05 - 00442216 _____ C:\Windows\system32\perfh012.dat
2013-11-22 20:15 - 2012-03-27 15:05 - 00127088 _____ C:\Windows\system32\perfc012.dat
2013-11-22 20:15 - 2012-03-27 14:45 - 00430622 _____ C:\Windows\system32\perfh011.dat
2013-11-22 20:15 - 2012-03-27 14:45 - 00128800 _____ C:\Windows\system32\perfc011.dat
2013-11-22 20:15 - 2012-03-27 14:30 - 00752832 _____ C:\Windows\system32\perfh010.dat
2013-11-22 20:15 - 2012-03-27 14:30 - 00153394 _____ C:\Windows\system32\perfc010.dat
2013-11-22 20:15 - 2012-03-27 14:17 - 00758296 _____ C:\Windows\system32\perfh00C.dat
2013-11-22 20:15 - 2012-03-27 14:17 - 00155898 _____ C:\Windows\system32\perfc00C.dat
2013-11-22 20:15 - 2012-03-27 14:06 - 00758140 _____ C:\Windows\system32\perfh00A.dat
2013-11-22 20:15 - 2012-03-27 14:06 - 00164930 _____ C:\Windows\system32\perfc00A.dat
2013-11-22 20:15 - 2012-03-27 13:54 - 00717750 _____ C:\Windows\system32\perfh007.dat
2013-11-22 20:15 - 2012-03-27 13:54 - 00155522 _____ C:\Windows\system32\perfc007.dat
2013-11-22 20:15 - 2009-07-14 06:13 - 08243856 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 20:10 - 2013-11-22 20:10 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\3edt7t7.dss
2013-11-22 20:10 - 2013-11-22 20:10 - 00095850 _____ C:\Users\WTRYL\Documents_1131022_191025.dmp
2013-11-22 20:10 - 2013-11-22 20:10 - 00060520 ____T (Microsoft Corporation) C:\ProgramData\7t7tde3.pss
2013-11-22 20:10 - 2013-11-22 20:10 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_191025_main.txt
2013-11-22 20:10 - 2012-07-04 12:24 - 00000000 ____D C:\Users\WTRYL
2013-11-22 19:32 - 2012-07-30 20:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-22 19:32 - 2012-07-30 20:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-22 19:32 - 2012-07-30 20:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-22 19:26 - 2013-11-22 19:26 - 00093062 _____ C:\Users\WTRYL\Documents_1131022_182611.dmp
2013-11-22 19:26 - 2013-11-22 19:26 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_182611_main.txt
2013-11-22 19:22 - 2013-11-22 19:22 - 00001081 _____ C:\Users\WTRYL\Desktop\Free FLV Converter.lnk
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\FreeFLVConverter
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Windows Searchqu Toolbar
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-11-22 19:21 - 2013-11-22 19:19 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\dcunningham.net
2013-11-22 19:21 - 2013-11-22 19:19 - 00000000 ____D C:\Users\WTRYL\AppData\Local\dcunningham.net
2013-11-22 19:19 - 2013-11-22 19:19 - 00000000 ____D C:\Users\WTRYL\Documents\EncodeHD Log Files
2013-11-22 18:56 - 2013-11-22 18:56 - 00098810 _____ C:\Users\WTRYL\Documents_1131022_175635.dmp
2013-11-22 18:56 - 2013-11-22 18:56 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_175635_main.txt
2013-11-22 18:54 - 2013-11-22 18:54 - 00111043 _____ C:\Users\WTRYL\Documents_1131022_175430.dmp
2013-11-22 18:54 - 2013-11-22 18:54 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_175430_main.txt
2013-11-22 18:50 - 2010-11-21 04:47 - 00036830 _____ C:\Windows\PFRO.log
2013-11-22 18:43 - 2013-11-22 18:43 - 00116964 _____ C:\Users\WTRYL\Documents_1131022_174353.dmp
2013-11-22 18:43 - 2013-11-22 18:43 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_174353_main.txt
2013-11-22 18:40 - 2013-11-22 18:40 - 00116428 _____ C:\Users\WTRYL\Documents_1131022_174035.dmp
2013-11-22 18:34 - 2013-11-22 18:34 - 00004326 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-updater
2013-11-22 18:34 - 2013-11-22 18:34 - 00004128 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-enabler
2013-11-22 18:34 - 2013-11-22 18:34 - 00000550 _____ C:\Windows\VideoDownloader.INI
2013-11-22 18:34 - 2013-11-22 18:33 - 00000000 ____D C:\Program Files (x86)\Plus-HD-4.9
2013-11-22 18:33 - 2013-11-22 18:33 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-codedownloader
2013-11-22 18:31 - 2013-11-22 18:31 - 03127375 _____ (www.iwisoft.com ) C:\Users\WTRYL\Desktop\flashvideodownloader.exe
2013-11-22 18:31 - 2013-11-22 18:31 - 00001047 _____ C:\Users\WTRYL\Desktop\iWisoft Free Video Downloader.lnk
2013-11-22 18:31 - 2013-11-22 18:31 - 00000000 ____D C:\Users\WTRYL\Documents\iWisoft Free Video Downloader
2013-11-22 18:25 - 2012-07-04 12:26 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\SAP
2013-11-22 18:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-22 18:14 - 2009-07-14 05:45 - 00419416 _____ C:\Windows\system32\FNTCACHE.DAT
Files to move or delete:
====================
C:\ProgramData\3edt7t7.dss
C:\ProgramData\7t7tde3.bxx
C:\ProgramData\7t7tde3.fvv
C:\ProgramData\7t7tde3.pss
Some content of TEMP:
====================
C:\Users\WTRYL\AppData\Local\Temp\0710.dll
C:\Users\WTRYL\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\WTRYL\AppData\Local\Temp\IMsetup.exe
C:\Users\WTRYL\AppData\Local\Temp\installhelper.dll
C:\Users\WTRYL\AppData\Local\Temp\lx1sngha.dll
C:\Users\WTRYL\AppData\Local\Temp\plus-hd-4-9.exe
C:\Users\WTRYL\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\WTRYL\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\WTRYL\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-09-28 13:43
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
Hi,
anbei das Log:applaus:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2013
Ran by WTRYL (administrator) on VW41XL on 09-12-2013 23:17:04
Running from C:\Users\WTRYL\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AutoInstaller] - C:\Program Files (x86)\netinst\NiAgnt32.exe [236696 2011-11-17] (FrontRange Solutions Deutschland GmbH)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2851112 2011-11-17] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKLM\...\Policies\Explorer: [UseDefaultTile] 1
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex [829832 2013-11-22] (Adobe Systems Incorporated)
HKCU\...\Policies\system: [RunLogonScriptSync] 1
HKCU\...\Policies\system: [HideLegacyLogonScripts] 0
HKCU\...\Policies\system: [HideLogonScripts] 0
HKCU\...\Policies\system: [SetVisualStyle]
HKCU\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKCU\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKCU\...\Policies\Explorer: [Intellimenus] 1
HKCU\...\Policies\Explorer: [NoWindowsUpdate] 1
HKCU\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKCU\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKCU\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKCU\...\Policies\Explorer: [ForceRunOnStartMenu] 1
HKCU\...\Policies\Explorer: [NoStartMenuMyGames] 1
MountPoints2: {730d8283-c9e0-11e1-a3fe-806e6f6e6963} - F:\AutoRun.exe
MountPoints2: {730d82c8-c9e0-11e1-a3fe-2477037a2a50} - E:\AutoRun.exe
HKLM-x32\...\Run: [NetInstall NiTray] - C:\Program Files (x86)\netinst\eTray.exe [49808 2011-11-17] (FrontRange Solutions Deutschland GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35768 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Discovery User Input] - C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\User Input\userin32.exe [249856 2012-09-05] ()
HKLM-x32\...\Run: [InfoClientTray] - C:\Program Files (x86)\Lanxess-Support\LXTray.exe [727552 2011-09-14] (LANXESS)
HKLM-x32\...\Run: [MLAgent] - C:\Program Files (x86)\MasterLayout\MLAGENT.exe [1792680 2012-01-17] ()
HKLM-x32\...\Run: [SGNMasterApplication] - C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNMaster.exe [94208 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
HKLM-x32\...\Run: [OfficeScanNT Monitor] - C:\Program Files (x86)\OfficeScan NT\PccNTMon.exe [1378784 2012-02-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKU\DSM.install\...\Policies\system: [HideLogonScripts] 0
HKU\DSM.install\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\DSM.install\...\Policies\system: [RunLogonScriptSync] 1
HKU\lyjwi\...\Policies\system: [HideLogonScripts] 0
HKU\lyjwi\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\lyjwi\...\Policies\system: [RunLogonScriptSync] 1
AppInit_DLLs: C:\Program Files (x86)\netinst\Nia64.dll [52296 2011-11-17] (FrontRange Solutions Deutschland GmbH)
AppInit_DLLs-x32: C:\PROGRA~2\NetInst\NiAMH.dll [56464 2011-11-17] (FrontRange Solutions Deutschland GmbH)
IFEO\dinotify.exe: [Debugger] C:\Program Files (x86)\NetInst\dinotd64.exe
Startup: C:\Users\WTRYL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t7tde3.lnk
ShortcutTarget: 7t7tde3.lnk -> C:\ProgramData\3edt7t7.dss (Корпорация Майкрософт)
==================== Internet (Whitelisted) ====================
ProxyServer: http=lx-cache.services.lanxess:8080;https=lx-cache.services.lanxess:8080;ftp=lx-cache.services.lanxess:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.portal.lanxess/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4FA16F4FA9E7CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = english,de-DE;q=0.5
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {7266A53B-5AA1-4AC8-9294-06D52EA40448} URL = hxxp://www.bing.com/search?q=
SearchScopes: HKLM - {7F79D84C-88FB-40B0-80CC-AFAFC537C6B1} URL = hxxp://search.portal.lanxess/search?q={searchTerms}&proxystylesheet=intranet
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0DA547CC-6722-419D-9B20-A459FF7DA40D} URL = hxxp://search.portal.lanxess/search?q={searchTerms}&proxystylesheet=intranet
SearchScopes: HKLM-x32 - {47C08E58-F163-408C-95AB-4C3102F25D7B} URL = hxxp://www.bing.com/search?q=
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0DA547CC-6722-419D-9B20-A459FF7DA40D} URL =
SearchScopes: HKCU - {47C08E58-F163-408C-95AB-4C3102F25D7B} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL =
SearchScopes: HKCU - {E358B6ED-49E8-46AD-82F8-8FB9CFF418A6} URL =
BHO: Plus-HD-4.9 - {11111111-1111-1111-1111-110411591118} - C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho64.dll (Plus HD)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Plus-HD-4.9 - {11111111-1111-1111-1111-110411591118} - C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho.dll (Plus HD)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {A08463E2-BF3E-4E78-9938-E4CC1981483B} https://install.mc.iconf.net/gcc_installer/genesys/mcInstall.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4BDD6AF9-3256-40CF-A07A-C728C03276AE}: [NameServer]10.74.210.210 10.74.210.211
==================== Services (Whitelisted) =================
R2 BEDevCtl; C:\Windows\SysWOW64\BEDevCtl.exe [1306624 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R2 BEFCSvcn; C:\Windows\SysWOW64\BEFCSvcn.exe [20480 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R2 DiscoveryClientAgent; C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe [1572128 2012-09-05] ()
R2 DiscoveryIPTransferAgent; C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe [601376 2012-09-05] ()
R2 esiCore; C:\Program Files (x86)\NetInst\mgmtagnt.exe [220312 2011-11-17] (FrontRange Solutions Deutschland GmbH)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2012-07-09] ()
S3 iPassConnectEngine; C:\Program Files (x86)\iPass\iPassConnect LANXESS\iPassConnectEngine.exe [1757184 2010-04-07] (iPass, Inc.)
R3 iPassPeriodicUpdateApp; C:\Program Files (x86)\iPass\iPassConnect LANXESS\iPassPeriodicUpdateApp.exe [176128 2010-04-05] (iPass, Inc.)
R2 iPassPeriodicUpdateService; C:\Program Files (x86)\iPass\iPassConnect LANXESS\iPassPeriodicUpdateService.exe [114688 2010-04-05] (iPass, Inc.)
R3 LanProbe; C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\AUDIT\lpamd64.exe [275968 2012-09-05] ()
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 LNSUSvc; c:\Program Files (x86)\Notes\SUService.exe [189832 2011-09-16] (IBM Corp)
R2 Lotus Notes Diagnostics; c:\Program Files (x86)\Notes\nsd.exe [4455600 2012-07-03] (IBM)
R2 LXInfoClient; C:\Program Files (x86)\LANXESS-Support\infoclient.exe [1095680 2011-09-14] (Lanxess Deutschland GmbH)
R2 Multi-user Cleanup Service; c:\Program Files (x86)\Notes\ntmulti.exe [71048 2011-09-16] (IBM Corp)
R2 ntrtscan; C:\Program Files (x86)\OfficeScan NT\ntrtscan.exe [2140984 2012-02-09] (Trend Micro Inc.)
R2 ProxyHostService; C:\Program Files (x86)\Proxy Networks\PROXY Pro Host\phsvc.exe [709968 2011-04-06] (Proxy Networks, Inc.)
R2 SGNAuthService; C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNAuthServicen.exe [659456 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
S2 SGNSafeModeService; C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNSafeModeServicen.exe [237568 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_BEService; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_FEService; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_LogSystem; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_Sem; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
S2 tmlisten; C:\Program Files (x86)\OfficeScan NT\tmlisten.exe [2424480 2012-02-09] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files (x86)\OfficeScan NT\TmPfw.exe [596736 2011-04-15] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files (x86)\OfficeScan NT\TmProxy.exe [918032 2011-04-15] (Trend Micro Inc.)
R2 WiFiService; C:\Program Files\Lanxess-Support\LXS_WiFi_Service.exe [2126848 2012-05-04] (Lanxess)
S2 Winmgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ersupext; "C:\Program Files (x86)\NetInst\mgmtagnt.exe" /run=ersupext.dll [x]
==================== Drivers (Whitelisted) ====================
R0 BeFlt; C:\Windows\System32\DRIVERS\BEFLT.SYS [137472 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BeFlt; C:\Windows\SysWow64\DRIVERS\BEFLT.SYS [117504 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BE_FLTI; C:\Windows\System32\DRIVERS\be_fltim.sys [71936 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BE_FLTI; C:\Windows\SysWow64\DRIVERS\be_fltim.sys [59648 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2012-07-09] (Bytemobile, Inc.)
R3 cdprku; C:\Windows\system32\Drivers\cdprku.sys [27936 2012-09-12] ()
R0 CEAES2M; C:\Windows\System32\Drivers\cegaes2m.sys [57088 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAES2M; C:\Windows\SysWow64\Drivers\cegaes2m.sys [63232 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAESM; C:\Windows\System32\Drivers\cegaesm.sys [57088 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAESM; C:\Windows\SysWow64\Drivers\cegaesm.sys [62720 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEHMACM; C:\Windows\System32\Drivers\cehmacm.sys [27904 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CERNDM; C:\Windows\System32\Drivers\CERNDM.sys [17664 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CESHAM; C:\Windows\System32\Drivers\cesham.sys [26368 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CESHAM; C:\Windows\SysWow64\Drivers\cesham.sys [24832 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [132184 2011-08-03] (Citrix Systems, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2012-07-09] (Huawei Technologies Co., Ltd.)
R0 LCENCM; C:\Windows\System32\drivers\lcencvm.sys [1424640 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 LCFILTM; C:\Windows\System32\Drivers\lcfiltvm.sys [84224 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 LCRECM; C:\Windows\System32\Drivers\lcrecvm.sys [41216 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 SGSTDRVM; C:\Windows\System32\Drivers\sgstdrvm.sys [57088 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 SGSTDRVM; C:\Windows\SysWow64\Drivers\sgstdrvm.sys [51968 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2012-07-09] (Bytemobile, Inc.)
R2 TmFilter; C:\Program Files (x86)\OfficeScan NT\TmXPFlt.sys [344864 2013-08-14] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [196688 2010-11-08] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\OfficeScan NT\TmPreFlt.sys [42272 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-11-08] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [338000 2010-11-08] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\OfficeScan NT\VSApiNt.sys [2260768 2013-08-14] (Trend Micro Inc.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2012-07-09] (Huawei Technologies Co., Ltd.)
U5 SGN_Trans; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-09 23:17 - 2013-12-09 23:19 - 00020622 _____ C:\Users\WTRYL\Desktop\FRST.txt
2013-12-09 23:16 - 2013-12-09 23:16 - 01927982 _____ (Farbar) C:\Users\WTRYL\Desktop\FRST64.exe
2013-12-09 23:16 - 2013-12-09 23:16 - 00000000 ____D C:\FRST
2013-12-09 22:55 - 2013-12-09 22:55 - 00000000 ____D C:\Users\WTRYL\Desktop\Autoruns
2013-12-09 22:48 - 2013-12-09 23:18 - 00012600 _____ C:\ProgramData\7t7tde3.bxx
2013-12-09 22:21 - 2013-12-09 22:36 - 127231689 _____ (Igor Pavlov) C:\Users\WTRYL\Desktop\OTLPENet.exe
2013-12-09 22:21 - 2013-12-09 22:21 - 01191834 _____ C:\Users\WTRYL\Desktop\ProcessExplorer.zip
2013-12-09 22:20 - 2013-12-09 22:20 - 00550371 _____ C:\Users\WTRYL\Desktop\Autoruns.zip
2013-12-09 22:19 - 2013-12-09 22:19 - 00891184 _____ C:\Users\WTRYL\Desktop\SecurityCheck.exe
2013-12-09 22:18 - 2013-12-09 22:30 - 00023558 _____ C:\Users\WTRYL\Desktop\Addition.txt
2013-12-09 22:18 - 2013-12-09 22:18 - 00602112 _____ (OldTimer Tools) C:\Users\WTRYL\Desktop\OTL.exe
2013-12-09 22:18 - 2013-12-09 22:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\WTRYL\Desktop\HijackThis.exe
2013-11-22 20:10 - 2013-12-09 21:28 - 00000000 _____ C:\ProgramData\7t7tde3.fvv
2013-11-22 20:10 - 2013-11-22 20:10 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\3edt7t7.dss
2013-11-22 20:10 - 2013-11-22 20:10 - 00095850 _____ C:\Users\WTRYL\Documents_1131022_191025.dmp
2013-11-22 20:10 - 2013-11-22 20:10 - 00060520 ____T (Microsoft Corporation) C:\ProgramData\7t7tde3.pss
2013-11-22 20:10 - 2013-11-22 20:10 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_191025_main.txt
2013-11-22 19:26 - 2013-11-22 19:26 - 00093062 _____ C:\Users\WTRYL\Documents_1131022_182611.dmp
2013-11-22 19:26 - 2013-11-22 19:26 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_182611_main.txt
2013-11-22 19:22 - 2013-11-22 19:22 - 00001081 _____ C:\Users\WTRYL\Desktop\Free FLV Converter.lnk
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\FreeFLVConverter
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Windows Searchqu Toolbar
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-11-22 19:22 - 2012-10-17 16:37 - 00397312 _____ (Koyote Soft) C:\Windows\SysWOW64\TubeFinder.exe
2013-11-22 19:22 - 2011-09-28 09:18 - 00364544 _____ C:\Windows\SysWOW64\PropertyGrid.ocx
2013-11-22 19:22 - 2011-09-28 09:18 - 00208500 _____ C:\Windows\SysWOW64\ReyXpBasics.tlb
2013-11-22 19:22 - 2011-09-28 09:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00084512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PICCLP32.OCX
2013-11-22 19:22 - 2011-09-28 09:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00024576 _____ C:\Windows\SysWOW64\ControlSubX.ocx
2013-11-22 19:22 - 2011-09-28 09:18 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCCLPFR.DLL
2013-11-22 19:19 - 2013-11-22 19:21 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\dcunningham.net
2013-11-22 19:19 - 2013-11-22 19:21 - 00000000 ____D C:\Users\WTRYL\AppData\Local\dcunningham.net
2013-11-22 19:19 - 2013-11-22 19:19 - 00000000 ____D C:\Users\WTRYL\Documents\EncodeHD Log Files
2013-11-22 18:56 - 2013-11-22 18:56 - 00098810 _____ C:\Users\WTRYL\Documents_1131022_175635.dmp
2013-11-22 18:56 - 2013-11-22 18:56 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_175635_main.txt
2013-11-22 18:54 - 2013-11-22 18:54 - 00111043 _____ C:\Users\WTRYL\Documents_1131022_175430.dmp
2013-11-22 18:54 - 2013-11-22 18:54 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_175430_main.txt
2013-11-22 18:43 - 2013-11-22 18:43 - 00116964 _____ C:\Users\WTRYL\Documents_1131022_174353.dmp
2013-11-22 18:43 - 2013-11-22 18:43 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_174353_main.txt
2013-11-22 18:40 - 2013-11-22 18:40 - 00116428 _____ C:\Users\WTRYL\Documents_1131022_174035.dmp
2013-11-22 18:34 - 2013-12-09 21:28 - 00001296 _____ C:\Windows\Tasks\Plus-HD-4.9-updater.job
2013-11-22 18:34 - 2013-12-09 21:28 - 00001098 _____ C:\Windows\Tasks\Plus-HD-4.9-enabler.job
2013-11-22 18:34 - 2013-11-22 18:34 - 00004326 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-updater
2013-11-22 18:34 - 2013-11-22 18:34 - 00004128 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-enabler
2013-11-22 18:34 - 2013-11-22 18:34 - 00000550 _____ C:\Windows\VideoDownloader.INI
2013-11-22 18:33 - 2013-12-09 21:28 - 00001904 _____ C:\Windows\Tasks\Plus-HD-4.9-chromeinstaller.job
2013-11-22 18:33 - 2013-12-09 21:28 - 00001198 _____ C:\Windows\Tasks\Plus-HD-4.9-codedownloader.job
2013-11-22 18:33 - 2013-11-22 18:34 - 00000000 ____D C:\Program Files (x86)\Plus-HD-4.9
2013-11-22 18:33 - 2013-11-22 18:33 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-codedownloader
2013-11-22 18:31 - 2013-11-22 20:37 - 00000000 ____D C:\Program Files (x86)\iWisoft Free Video Downloader
2013-11-22 18:31 - 2013-11-22 18:31 - 03127375 _____ (www.iwisoft.com ) C:\Users\WTRYL\Desktop\flashvideodownloader.exe
2013-11-22 18:31 - 2013-11-22 18:31 - 00001047 _____ C:\Users\WTRYL\Desktop\iWisoft Free Video Downloader.lnk
2013-11-22 18:31 - 2013-11-22 18:31 - 00000000 ____D C:\Users\WTRYL\Documents\iWisoft Free Video Downloader
==================== One Month Modified Files and Folders =======
2013-12-09 23:19 - 2013-12-09 23:17 - 00020622 _____ C:\Users\WTRYL\Desktop\FRST.txt
2013-12-09 23:18 - 2013-12-09 22:48 - 00012600 _____ C:\ProgramData\7t7tde3.bxx
2013-12-09 23:16 - 2013-12-09 23:16 - 01927982 _____ (Farbar) C:\Users\WTRYL\Desktop\FRST64.exe
2013-12-09 23:16 - 2013-12-09 23:16 - 00000000 ____D C:\FRST
2013-12-09 23:11 - 2012-07-03 08:48 - 01383143 _____ C:\Windows\WindowsUpdate.log
2013-12-09 22:59 - 2012-07-04 12:25 - 00000000 ___RD C:\Users\WTRYL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-09 22:55 - 2013-12-09 22:55 - 00000000 ____D C:\Users\WTRYL\Desktop\Autoruns
2013-12-09 22:38 - 2009-07-14 05:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-09 22:38 - 2009-07-14 05:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-09 22:36 - 2013-12-09 22:21 - 127231689 _____ (Igor Pavlov) C:\Users\WTRYL\Desktop\OTLPENet.exe
2013-12-09 22:31 - 2012-07-30 20:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-09 22:30 - 2013-12-09 22:18 - 00023558 _____ C:\Users\WTRYL\Desktop\Addition.txt
2013-12-09 22:21 - 2013-12-09 22:21 - 01191834 _____ C:\Users\WTRYL\Desktop\ProcessExplorer.zip
2013-12-09 22:20 - 2013-12-09 22:20 - 00550371 _____ C:\Users\WTRYL\Desktop\Autoruns.zip
2013-12-09 22:19 - 2013-12-09 22:19 - 00891184 _____ C:\Users\WTRYL\Desktop\SecurityCheck.exe
2013-12-09 22:18 - 2013-12-09 22:18 - 00602112 _____ (OldTimer Tools) C:\Users\WTRYL\Desktop\OTL.exe
2013-12-09 22:18 - 2013-12-09 22:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\WTRYL\Desktop\HijackThis.exe
2013-12-09 21:58 - 2012-07-30 20:21 - 00000000 ____D C:\Users\WTRYL\AppData\Local\Google
2013-12-09 21:58 - 2012-07-30 20:21 - 00000000 ____D C:\ProgramData\Google
2013-12-09 21:58 - 2012-07-30 20:21 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-09 21:28 - 2013-11-22 20:10 - 00000000 _____ C:\ProgramData\7t7tde3.fvv
2013-12-09 21:28 - 2013-11-22 18:34 - 00001296 _____ C:\Windows\Tasks\Plus-HD-4.9-updater.job
2013-12-09 21:28 - 2013-11-22 18:34 - 00001098 _____ C:\Windows\Tasks\Plus-HD-4.9-enabler.job
2013-12-09 21:28 - 2013-11-22 18:33 - 00001904 _____ C:\Windows\Tasks\Plus-HD-4.9-chromeinstaller.job
2013-12-09 21:28 - 2013-11-22 18:33 - 00001198 _____ C:\Windows\Tasks\Plus-HD-4.9-codedownloader.job
2013-12-09 21:28 - 2012-07-03 09:17 - 00030726 _____ C:\SUService.log
2013-12-09 21:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-09 21:27 - 2009-07-14 05:51 - 00056559 _____ C:\Windows\setupact.log
2013-11-22 20:48 - 2012-07-03 12:01 - 00000000 ____D C:\Program Files (x86)\OfficeScan NT
2013-11-22 20:37 - 2013-11-22 18:31 - 00000000 ____D C:\Program Files (x86)\iWisoft Free Video Downloader
2013-11-22 20:15 - 2012-03-27 16:01 - 00741832 _____ C:\Windows\system32\prfh0816.dat
2013-11-22 20:15 - 2012-03-27 16:01 - 00159494 _____ C:\Windows\system32\prfc0816.dat
2013-11-22 20:15 - 2012-03-27 15:42 - 00726620 _____ C:\Windows\system32\prfh0416.dat
2013-11-22 20:15 - 2012-03-27 15:42 - 00154086 _____ C:\Windows\system32\prfc0416.dat
2013-11-22 20:15 - 2012-03-27 15:26 - 00756010 _____ C:\Windows\system32\perfh013.dat
2013-11-22 20:15 - 2012-03-27 15:26 - 00159522 _____ C:\Windows\system32\perfc013.dat
2013-11-22 20:15 - 2012-03-27 15:05 - 00442216 _____ C:\Windows\system32\perfh012.dat
2013-11-22 20:15 - 2012-03-27 15:05 - 00127088 _____ C:\Windows\system32\perfc012.dat
2013-11-22 20:15 - 2012-03-27 14:45 - 00430622 _____ C:\Windows\system32\perfh011.dat
2013-11-22 20:15 - 2012-03-27 14:45 - 00128800 _____ C:\Windows\system32\perfc011.dat
2013-11-22 20:15 - 2012-03-27 14:30 - 00752832 _____ C:\Windows\system32\perfh010.dat
2013-11-22 20:15 - 2012-03-27 14:30 - 00153394 _____ C:\Windows\system32\perfc010.dat
2013-11-22 20:15 - 2012-03-27 14:17 - 00758296 _____ C:\Windows\system32\perfh00C.dat
2013-11-22 20:15 - 2012-03-27 14:17 - 00155898 _____ C:\Windows\system32\perfc00C.dat
2013-11-22 20:15 - 2012-03-27 14:06 - 00758140 _____ C:\Windows\system32\perfh00A.dat
2013-11-22 20:15 - 2012-03-27 14:06 - 00164930 _____ C:\Windows\system32\perfc00A.dat
2013-11-22 20:15 - 2012-03-27 13:54 - 00717750 _____ C:\Windows\system32\perfh007.dat
2013-11-22 20:15 - 2012-03-27 13:54 - 00155522 _____ C:\Windows\system32\perfc007.dat
2013-11-22 20:15 - 2009-07-14 06:13 - 08243856 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 20:10 - 2013-11-22 20:10 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\3edt7t7.dss
2013-11-22 20:10 - 2013-11-22 20:10 - 00095850 _____ C:\Users\WTRYL\Documents_1131022_191025.dmp
2013-11-22 20:10 - 2013-11-22 20:10 - 00060520 ____T (Microsoft Corporation) C:\ProgramData\7t7tde3.pss
2013-11-22 20:10 - 2013-11-22 20:10 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_191025_main.txt
2013-11-22 20:10 - 2012-07-04 12:24 - 00000000 ____D C:\Users\WTRYL
2013-11-22 19:32 - 2012-07-30 20:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-22 19:32 - 2012-07-30 20:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-22 19:32 - 2012-07-30 20:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-22 19:26 - 2013-11-22 19:26 - 00093062 _____ C:\Users\WTRYL\Documents_1131022_182611.dmp
2013-11-22 19:26 - 2013-11-22 19:26 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_182611_main.txt
2013-11-22 19:22 - 2013-11-22 19:22 - 00001081 _____ C:\Users\WTRYL\Desktop\Free FLV Converter.lnk
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\FreeFLVConverter
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Windows Searchqu Toolbar
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-11-22 19:21 - 2013-11-22 19:19 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\dcunningham.net
2013-11-22 19:21 - 2013-11-22 19:19 - 00000000 ____D C:\Users\WTRYL\AppData\Local\dcunningham.net
2013-11-22 19:19 - 2013-11-22 19:19 - 00000000 ____D C:\Users\WTRYL\Documents\EncodeHD Log Files
2013-11-22 18:56 - 2013-11-22 18:56 - 00098810 _____ C:\Users\WTRYL\Documents_1131022_175635.dmp
2013-11-22 18:56 - 2013-11-22 18:56 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_175635_main.txt
2013-11-22 18:54 - 2013-11-22 18:54 - 00111043 _____ C:\Users\WTRYL\Documents_1131022_175430.dmp
2013-11-22 18:54 - 2013-11-22 18:54 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_175430_main.txt
2013-11-22 18:50 - 2010-11-21 04:47 - 00036830 _____ C:\Windows\PFRO.log
2013-11-22 18:43 - 2013-11-22 18:43 - 00116964 _____ C:\Users\WTRYL\Documents_1131022_174353.dmp
2013-11-22 18:43 - 2013-11-22 18:43 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_174353_main.txt
2013-11-22 18:40 - 2013-11-22 18:40 - 00116428 _____ C:\Users\WTRYL\Documents_1131022_174035.dmp
2013-11-22 18:34 - 2013-11-22 18:34 - 00004326 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-updater
2013-11-22 18:34 - 2013-11-22 18:34 - 00004128 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-enabler
2013-11-22 18:34 - 2013-11-22 18:34 - 00000550 _____ C:\Windows\VideoDownloader.INI
2013-11-22 18:34 - 2013-11-22 18:33 - 00000000 ____D C:\Program Files (x86)\Plus-HD-4.9
2013-11-22 18:33 - 2013-11-22 18:33 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-codedownloader
2013-11-22 18:31 - 2013-11-22 18:31 - 03127375 _____ (www.iwisoft.com ) C:\Users\WTRYL\Desktop\flashvideodownloader.exe
2013-11-22 18:31 - 2013-11-22 18:31 - 00001047 _____ C:\Users\WTRYL\Desktop\iWisoft Free Video Downloader.lnk
2013-11-22 18:31 - 2013-11-22 18:31 - 00000000 ____D C:\Users\WTRYL\Documents\iWisoft Free Video Downloader
2013-11-22 18:25 - 2012-07-04 12:26 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\SAP
2013-11-22 18:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-22 18:14 - 2009-07-14 05:45 - 00419416 _____ C:\Windows\system32\FNTCACHE.DAT
Files to move or delete:
====================
C:\ProgramData\3edt7t7.dss
C:\ProgramData\7t7tde3.bxx
C:\ProgramData\7t7tde3.fvv
C:\ProgramData\7t7tde3.pss
Some content of TEMP:
====================
C:\Users\WTRYL\AppData\Local\Temp\0710.dll
C:\Users\WTRYL\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\WTRYL\AppData\Local\Temp\IMsetup.exe
C:\Users\WTRYL\AppData\Local\Temp\installhelper.dll
C:\Users\WTRYL\AppData\Local\Temp\lx1sngha.dll
C:\Users\WTRYL\AppData\Local\Temp\plus-hd-4-9.exe
C:\Users\WTRYL\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\WTRYL\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\WTRYL\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-09-28 13:43
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- --- |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
