| |
| |||||||
Log-Analyse und Auswertung: Interpol Virus eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
25.11.2013, 18:04
| #1 |
| |  Interpol Virus eingefangen Hallo, ich habe mir einen Interpol Virus eingefangen. der rechner kann nicht im abgesicherten Modus hochgefahren werden. Was kann ich tun? Anbei der FRST Log; vielen Dank für die Unterstützung Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2013 01
Ran by SYSTEM on MININT-86PH5U2 on 23-11-2013 00:06:52
Running from E:\
WIN_7 Service Pack 1 (X64) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.
==================== Registry (Whitelisted) ==================
Attention: Software hive is missing.
ATTENTION: Software hive is not loaded.
==================== Services (Whitelisted) =================
==================== Drivers (Whitelisted) ====================
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
==================== One Month Modified Files and Folders =======
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 12%
Total physical RAM: 3979.21 MB
Available physical RAM: 3481.43 MB
Total Pagefile: 3977.41 MB
Available Pagefile: 3467.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
==================== Drives ================================
Drive e: (INTENSO) (Removable) (Total:14.91 GB) (Free:3.68 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: F6210314)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)
==================== End Of Log ============================
|
|
26.11.2013, 08:57
| #2 |
| /// the machine /// TB-Ausbilder    | Interpol Virus eingefangen Hi,
__________________Scan bitte wiederholen, FRST konnte die Registry nicht lesen.
__________________ |
|
02.12.2013, 22:18
| #3 |
| | Interpol Virus eingefangen Hi,
__________________ich habe mehrfach probiert FRST auszuführen und bekomme immer wieder die selbe Datei. Kann es sein, dass FRST immer per default auf C:\ liest? Bei mir befindet sich die Installation aber auf X:\ Kann ich FRST mitgeben, wi er suchen soll? Andernfalls habe ich im DOS Modus mit RegEdit die Registy extrahiert. Kannst Du mir damit ggf. helfen? Danke ADAG |
|
03.12.2013, 12:32
| #4 |
| /// the machine /// TB-Ausbilder | Interpol Virus eingefangen Die komplette Registry von hand durchsuchen?  schick mir heut abend mal pm, ich kann auf Arbeit keine Anhänge öffnen. Ich schau mal ob ich zeit hab, das dauert stunden und ich hab 140 aktive user hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.12.2013, 17:56
| #5 |
| |  Interpol Virus eingefangen Sorry, ich habe leider nur den Registry abzug und kann FRST nicht ausführen. Wie kann ich Dir helfen? Ist zum verzweifeln ... Was meinst Du mit pm? Sorry, ich habe leider nur das http://www.trojaner-board.de/images/icons/icon9.gif Was kann ich tun, wie kann ich Dir helfen ...? Was meinst Du mit pm? |
|
06.12.2013, 10:22
| #6 |
| /// the machine /// TB-Ausbilder | Interpol Virus eingefangen Ne Private Nachricht. Schick mir bitte eine Heute Abend, ich lad dann den Abzug und kontrollier ihn am Samstag in der Früh, vorher kann ich leider nicht.
__________________ --> Interpol Virus eingefangen |
|
09.12.2013, 23:37
| #7 |
| | Interpol Virus eingefangen Hi, zwischenzeitlich habe ich es irgendwie geschafft, mich ohne den Sperrbildschirm anzumelden. Habe aber im Startup ein dubioses Program 7t7tde3 von Igor Pavlov. Außerdem ein paar dubiose Einträge unter C:\ProgramData. Die Dateien sind 3edt7t7.dss, 7t7tde3.bxx, 7t7tde3.fvv und 7t7tde3.pss und lassen sich nicht löschen Anbei der richtige Fabrar64 Scan. Außerdem habe ich OTL laufen lassen, aber den Rechner noch nicht durchgestartet. Gruß adag008 |
|
10.12.2013, 12:11
| #8 |
| /// the machine /// TB-Ausbilder | Interpol Virus eingefangen Wenn Du die FRST Logs jetzt noch direkt in den Thread postest, zur Not aufteilst und mehrere Posts nutzt, ist alles in Butter und das Ding schnurrt in 5 Minuten wieder 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.12.2013, 17:06
| #9 |
| | Interpol Virus eingefangen Hi, anbei nochmal den FSRT Log FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2013
Ran by LYRTW (administrator) on LX14WV on 09-12-2013 23:17:04
Running from C:\Users\lyrtw\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AutoInstaller] - C:\Program Files (x86)\netinst\NiAgnt32.exe [236696 2011-11-17] (FrontRange Solutions Deutschland GmbH)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2851112 2011-11-17] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKLM\...\Policies\Explorer: [UseDefaultTile] 1
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex [829832 2013-11-22] (Adobe Systems Incorporated)
HKCU\...\Policies\system: [RunLogonScriptSync] 1
HKCU\...\Policies\system: [HideLegacyLogonScripts] 0
HKCU\...\Policies\system: [HideLogonScripts] 0
HKCU\...\Policies\system: [SetVisualStyle]
HKCU\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKCU\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKCU\...\Policies\Explorer: [Intellimenus] 1
HKCU\...\Policies\Explorer: [NoWindowsUpdate] 1
HKCU\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKCU\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKCU\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKCU\...\Policies\Explorer: [ForceRunOnStartMenu] 1
HKCU\...\Policies\Explorer: [NoStartMenuMyGames] 1
MountPoints2: {730d8283-c9e0-11e1-a3fe-806e6f6e6963} - F:\AutoRun.exe
MountPoints2: {730d82c8-c9e0-11e1-a3fe-2477037a2a50} - E:\AutoRun.exe
HKLM-x32\...\Run: [NetInstall NiTray] - C:\Program Files (x86)\netinst\eTray.exe [49808 2011-11-17] (FrontRange Solutions Deutschland GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35768 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Discovery User Input] - C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\User Input\userin32.exe [249856 2012-09-05] ()
HKLM-x32\...\Run: [InfoClientTray] - C:\Program Files (x86)\Lanxess-Support\LXTray.exe [727552 2011-09-14] (LANXESS)
HKLM-x32\...\Run: [MLAgent] - C:\Program Files (x86)\MasterLayout\MLAGENT.exe [1792680 2012-01-17] ()
HKLM-x32\...\Run: [SGNMasterApplication] - C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNMaster.exe [94208 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
HKLM-x32\...\Run: [OfficeScanNT Monitor] - C:\Program Files (x86)\OfficeScan NT\PccNTMon.exe [1378784 2012-02-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKU\DSM.install\...\Policies\system: [HideLogonScripts] 0
HKU\DSM.install\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\DSM.install\...\Policies\system: [RunLogonScriptSync] 1
HKU\lyjwi\...\Policies\system: [HideLogonScripts] 0
HKU\lyjwi\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\lyjwi\...\Policies\system: [RunLogonScriptSync] 1
AppInit_DLLs: C:\Program Files (x86)\netinst\Nia64.dll [52296 2011-11-17] (FrontRange Solutions Deutschland GmbH)
AppInit_DLLs-x32: C:\PROGRA~2\NetInst\NiAMH.dll [56464 2011-11-17] (FrontRange Solutions Deutschland GmbH)
IFEO\dinotify.exe: [Debugger] C:\Program Files (x86)\NetInst\dinotd64.exe
Startup: C:\Users\lyrtw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t7tde3.lnk
ShortcutTarget: 7t7tde3.lnk -> C:\ProgramData\3edt7t7.dss (Корпорация Майкрософт)
==================== Internet (Whitelisted) ====================
ProxyServer: http=lx-cache.services.lanxess:8080;https=lx-cache.services.lanxess:8080;ftp=lx-cache.services.lanxess:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.portal.lanxess/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4FA16F4FA9E7CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = english,de-DE;q=0.5
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {7266A53B-5AA1-4AC8-9294-06D52EA40448} URL = hxxp://www.bing.com/search?q=
SearchScopes: HKLM - {7F79D84C-88FB-40B0-80CC-AFAFC537C6B1} URL = hxxp://search.portal.lanxess/search?q={searchTerms}&proxystylesheet=intranet
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0DA547CC-6722-419D-9B20-A459FF7DA40D} URL = hxxp://search.portal.lanxess/search?q={searchTerms}&proxystylesheet=intranet
SearchScopes: HKLM-x32 - {47C08E58-F163-408C-95AB-4C3102F25D7B} URL = hxxp://www.bing.com/search?q=
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0DA547CC-6722-419D-9B20-A459FF7DA40D} URL =
SearchScopes: HKCU - {47C08E58-F163-408C-95AB-4C3102F25D7B} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL =
SearchScopes: HKCU - {E358B6ED-49E8-46AD-82F8-8FB9CFF418A6} URL =
BHO: Plus-HD-4.9 - {11111111-1111-1111-1111-110411591118} - C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho64.dll (Plus HD)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Plus-HD-4.9 - {11111111-1111-1111-1111-110411591118} - C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho.dll (Plus HD)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {A08463E2-BF3E-4E78-9938-E4CC1981483B} https://install.mc.iconf.net/gcc_installer/genesys/mcInstall.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4BDD6AF9-3256-40CF-A07A-C728C03276AE}: [NameServer]10.74.210.210 10.74.210.211
==================== Services (Whitelisted) =================
R2 BEDevCtl; C:\Windows\SysWOW64\BEDevCtl.exe [1306624 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R2 BEFCSvcn; C:\Windows\SysWOW64\BEFCSvcn.exe [20480 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R2 DiscoveryClientAgent; C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe [1572128 2012-09-05] ()
R2 DiscoveryIPTransferAgent; C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe [601376 2012-09-05] ()
R2 esiCore; C:\Program Files (x86)\NetInst\mgmtagnt.exe [220312 2011-11-17] (FrontRange Solutions Deutschland GmbH)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2012-07-09] ()
S3 iPassConnectEngine; C:\Program Files (x86)\iPass\iPassConnect LANXESS\iPassConnectEngine.exe [1757184 2010-04-07] (iPass, Inc.)
R3 iPassPeriodicUpdateApp; C:\Program Files (x86)\iPass\iPassConnect LANXESS\iPassPeriodicUpdateApp.exe [176128 2010-04-05] (iPass, Inc.)
R2 iPassPeriodicUpdateService; C:\Program Files (x86)\iPass\iPassConnect LANXESS\iPassPeriodicUpdateService.exe [114688 2010-04-05] (iPass, Inc.)
R3 LanProbe; C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\AUDIT\lpamd64.exe [275968 2012-09-05] ()
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 LNSUSvc; c:\Program Files (x86)\Notes\SUService.exe [189832 2011-09-16] (IBM Corp)
R2 Lotus Notes Diagnostics; c:\Program Files (x86)\Notes\nsd.exe [4455600 2012-07-03] (IBM)
R2 LXInfoClient; C:\Program Files (x86)\LANXESS-Support\infoclient.exe [1095680 2011-09-14] (Lanxess Deutschland GmbH)
R2 Multi-user Cleanup Service; c:\Program Files (x86)\Notes\ntmulti.exe [71048 2011-09-16] (IBM Corp)
R2 ntrtscan; C:\Program Files (x86)\OfficeScan NT\ntrtscan.exe [2140984 2012-02-09] (Trend Micro Inc.)
R2 ProxyHostService; C:\Program Files (x86)\Proxy Networks\PROXY Pro Host\phsvc.exe [709968 2011-04-06] (Proxy Networks, Inc.)
R2 SGNAuthService; C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNAuthServicen.exe [659456 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
S2 SGNSafeModeService; C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNSafeModeServicen.exe [237568 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_BEService; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_FEService; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_LogSystem; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_Sem; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
S2 tmlisten; C:\Program Files (x86)\OfficeScan NT\tmlisten.exe [2424480 2012-02-09] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files (x86)\OfficeScan NT\TmPfw.exe [596736 2011-04-15] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files (x86)\OfficeScan NT\TmProxy.exe [918032 2011-04-15] (Trend Micro Inc.)
R2 WiFiService; C:\Program Files\Lanxess-Support\LXS_WiFi_Service.exe [2126848 2012-05-04] (Lanxess)
S2 Winmgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ersupext; "C:\Program Files (x86)\NetInst\mgmtagnt.exe" /run=ersupext.dll [x]
==================== Drivers (Whitelisted) ====================
R0 BeFlt; C:\Windows\System32\DRIVERS\BEFLT.SYS [137472 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BeFlt; C:\Windows\SysWow64\DRIVERS\BEFLT.SYS [117504 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BE_FLTI; C:\Windows\System32\DRIVERS\be_fltim.sys [71936 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BE_FLTI; C:\Windows\SysWow64\DRIVERS\be_fltim.sys [59648 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2012-07-09] (Bytemobile, Inc.)
R3 cdprku; C:\Windows\system32\Drivers\cdprku.sys [27936 2012-09-12] ()
R0 CEAES2M; C:\Windows\System32\Drivers\cegaes2m.sys [57088 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAES2M; C:\Windows\SysWow64\Drivers\cegaes2m.sys [63232 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAESM; C:\Windows\System32\Drivers\cegaesm.sys [57088 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAESM; C:\Windows\SysWow64\Drivers\cegaesm.sys [62720 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEHMACM; C:\Windows\System32\Drivers\cehmacm.sys [27904 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CERNDM; C:\Windows\System32\Drivers\CERNDM.sys [17664 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CESHAM; C:\Windows\System32\Drivers\cesham.sys [26368 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CESHAM; C:\Windows\SysWow64\Drivers\cesham.sys [24832 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [132184 2011-08-03] (Citrix Systems, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2012-07-09] (Huawei Technologies Co., Ltd.)
R0 LCENCM; C:\Windows\System32\drivers\lcencvm.sys [1424640 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 LCFILTM; C:\Windows\System32\Drivers\lcfiltvm.sys [84224 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 LCRECM; C:\Windows\System32\Drivers\lcrecvm.sys [41216 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 SGSTDRVM; C:\Windows\System32\Drivers\sgstdrvm.sys [57088 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 SGSTDRVM; C:\Windows\SysWow64\Drivers\sgstdrvm.sys [51968 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2012-07-09] (Bytemobile, Inc.)
R2 TmFilter; C:\Program Files (x86)\OfficeScan NT\TmXPFlt.sys [344864 2013-08-14] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [196688 2010-11-08] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\OfficeScan NT\TmPreFlt.sys [42272 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-11-08] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [338000 2010-11-08] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\OfficeScan NT\VSApiNt.sys [2260768 2013-08-14] (Trend Micro Inc.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2012-07-09] (Huawei Technologies Co., Ltd.)
U5 SGN_Trans; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-09 23:17 - 2013-12-09 23:19 - 00020622 _____ C:\Users\lyrtw\Desktop\FRST.txt
2013-12-09 23:16 - 2013-12-09 23:16 - 01927982 _____ (Farbar) C:\Users\lyrtw\Desktop\FRST64.exe
2013-12-09 23:16 - 2013-12-09 23:16 - 00000000 ____D C:\FRST
2013-12-09 22:55 - 2013-12-09 22:55 - 00000000 ____D C:\Users\lyrtw\Desktop\Autoruns
2013-12-09 22:48 - 2013-12-09 23:18 - 00012600 _____ C:\ProgramData\7t7tde3.bxx
2013-12-09 22:21 - 2013-12-09 22:36 - 127231689 _____ (Igor Pavlov) C:\Users\lyrtw\Desktop\OTLPENet.exe
2013-12-09 22:21 - 2013-12-09 22:21 - 01191834 _____ C:\Users\lyrtw\Desktop\ProcessExplorer.zip
2013-12-09 22:20 - 2013-12-09 22:20 - 00550371 _____ C:\Users\lyrtw\Desktop\Autoruns.zip
2013-12-09 22:19 - 2013-12-09 22:19 - 00891184 _____ C:\Users\lyrtw\Desktop\SecurityCheck.exe
2013-12-09 22:18 - 2013-12-09 22:30 - 00023558 _____ C:\Users\lyrtw\Desktop\Addition.txt
2013-12-09 22:18 - 2013-12-09 22:18 - 00602112 _____ (OldTimer Tools) C:\Users\lyrtw\Desktop\OTL.exe
2013-12-09 22:18 - 2013-12-09 22:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\lyrtw\Desktop\HijackThis.exe
2013-11-22 20:10 - 2013-12-09 21:28 - 00000000 _____ C:\ProgramData\7t7tde3.fvv
2013-11-22 20:10 - 2013-11-22 20:10 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\3edt7t7.dss
2013-11-22 20:10 - 2013-11-22 20:10 - 00095850 _____ C:\Users\lyrtw\Documents_1131022_191025.dmp
2013-11-22 20:10 - 2013-11-22 20:10 - 00060520 ____T (Microsoft Corporation) C:\ProgramData\7t7tde3.pss
2013-11-22 20:10 - 2013-11-22 20:10 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_191025_main.txt
2013-11-22 19:26 - 2013-11-22 19:26 - 00093062 _____ C:\Users\lyrtw\Documents_1131022_182611.dmp
2013-11-22 19:26 - 2013-11-22 19:26 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_182611_main.txt
2013-11-22 19:22 - 2013-11-22 19:22 - 00001081 _____ C:\Users\lyrtw\Desktop\Free FLV Converter.lnk
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Users\lyrtw\AppData\Roaming\FreeFLVConverter
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Windows Searchqu Toolbar
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-11-22 19:22 - 2012-10-17 16:37 - 00397312 _____ (Koyote Soft) C:\Windows\SysWOW64\TubeFinder.exe
2013-11-22 19:22 - 2011-09-28 09:18 - 00364544 _____ C:\Windows\SysWOW64\PropertyGrid.ocx
2013-11-22 19:22 - 2011-09-28 09:18 - 00208500 _____ C:\Windows\SysWOW64\ReyXpBasics.tlb
2013-11-22 19:22 - 2011-09-28 09:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00084512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PICCLP32.OCX
2013-11-22 19:22 - 2011-09-28 09:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00024576 _____ C:\Windows\SysWOW64\ControlSubX.ocx
2013-11-22 19:22 - 2011-09-28 09:18 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCCLPFR.DLL
2013-11-22 19:19 - 2013-11-22 19:21 - 00000000 ____D C:\Users\lyrtw\AppData\Roaming\dcunningham.net
2013-11-22 19:19 - 2013-11-22 19:21 - 00000000 ____D C:\Users\lyrtw\AppData\Local\dcunningham.net
2013-11-22 19:19 - 2013-11-22 19:19 - 00000000 ____D C:\Users\lyrtw\Documents\EncodeHD Log Files
2013-11-22 18:56 - 2013-11-22 18:56 - 00098810 _____ C:\Users\lyrtw\Documents_1131022_175635.dmp
2013-11-22 18:56 - 2013-11-22 18:56 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_175635_main.txt
2013-11-22 18:54 - 2013-11-22 18:54 - 00111043 _____ C:\Users\lyrtw\Documents_1131022_175430.dmp
2013-11-22 18:54 - 2013-11-22 18:54 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_175430_main.txt
2013-11-22 18:43 - 2013-11-22 18:43 - 00116964 _____ C:\Users\lyrtw\Documents_1131022_174353.dmp
2013-11-22 18:43 - 2013-11-22 18:43 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_174353_main.txt
2013-11-22 18:40 - 2013-11-22 18:40 - 00116428 _____ C:\Users\lyrtw\Documents_1131022_174035.dmp
2013-11-22 18:34 - 2013-12-09 21:28 - 00001296 _____ C:\Windows\Tasks\Plus-HD-4.9-updater.job
2013-11-22 18:34 - 2013-12-09 21:28 - 00001098 _____ C:\Windows\Tasks\Plus-HD-4.9-enabler.job
2013-11-22 18:34 - 2013-11-22 18:34 - 00004326 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-updater
2013-11-22 18:34 - 2013-11-22 18:34 - 00004128 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-enabler
2013-11-22 18:34 - 2013-11-22 18:34 - 00000550 _____ C:\Windows\VideoDownloader.INI
2013-11-22 18:33 - 2013-12-09 21:28 - 00001904 _____ C:\Windows\Tasks\Plus-HD-4.9-chromeinstaller.job
2013-11-22 18:33 - 2013-12-09 21:28 - 00001198 _____ C:\Windows\Tasks\Plus-HD-4.9-codedownloader.job
2013-11-22 18:33 - 2013-11-22 18:34 - 00000000 ____D C:\Program Files (x86)\Plus-HD-4.9
2013-11-22 18:33 - 2013-11-22 18:33 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-codedownloader
2013-11-22 18:31 - 2013-11-22 20:37 - 00000000 ____D C:\Program Files (x86)\iWisoft Free Video Downloader
2013-11-22 18:31 - 2013-11-22 18:31 - 03127375 _____ (www.iwisoft.com ) C:\Users\lyrtw\Desktop\flashvideodownloader.exe
2013-11-22 18:31 - 2013-11-22 18:31 - 00001047 _____ C:\Users\lyrtw\Desktop\iWisoft Free Video Downloader.lnk
2013-11-22 18:31 - 2013-11-22 18:31 - 00000000 ____D C:\Users\lyrtw\Documents\iWisoft Free Video Downloader
==================== One Month Modified Files and Folders =======
2013-12-09 23:19 - 2013-12-09 23:17 - 00020622 _____ C:\Users\lyrtw\Desktop\FRST.txt
2013-12-09 23:18 - 2013-12-09 22:48 - 00012600 _____ C:\ProgramData\7t7tde3.bxx
2013-12-09 23:16 - 2013-12-09 23:16 - 01927982 _____ (Farbar) C:\Users\lyrtw\Desktop\FRST64.exe
2013-12-09 23:16 - 2013-12-09 23:16 - 00000000 ____D C:\FRST
2013-12-09 23:11 - 2012-07-03 08:48 - 01383143 _____ C:\Windows\WindowsUpdate.log
2013-12-09 22:59 - 2012-07-04 12:25 - 00000000 ___RD C:\Users\lyrtw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-09 22:55 - 2013-12-09 22:55 - 00000000 ____D C:\Users\lyrtw\Desktop\Autoruns
2013-12-09 22:38 - 2009-07-14 05:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-09 22:38 - 2009-07-14 05:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-09 22:36 - 2013-12-09 22:21 - 127231689 _____ (Igor Pavlov) C:\Users\lyrtw\Desktop\OTLPENet.exe
2013-12-09 22:31 - 2012-07-30 20:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-09 22:30 - 2013-12-09 22:18 - 00023558 _____ C:\Users\lyrtw\Desktop\Addition.txt
2013-12-09 22:21 - 2013-12-09 22:21 - 01191834 _____ C:\Users\lyrtw\Desktop\ProcessExplorer.zip
2013-12-09 22:20 - 2013-12-09 22:20 - 00550371 _____ C:\Users\lyrtw\Desktop\Autoruns.zip
2013-12-09 22:19 - 2013-12-09 22:19 - 00891184 _____ C:\Users\lyrtw\Desktop\SecurityCheck.exe
2013-12-09 22:18 - 2013-12-09 22:18 - 00602112 _____ (OldTimer Tools) C:\Users\lyrtw\Desktop\OTL.exe
2013-12-09 22:18 - 2013-12-09 22:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\lyrtw\Desktop\HijackThis.exe
2013-12-09 21:58 - 2012-07-30 20:21 - 00000000 ____D C:\Users\lyrtw\AppData\Local\Google
2013-12-09 21:58 - 2012-07-30 20:21 - 00000000 ____D C:\ProgramData\Google
2013-12-09 21:58 - 2012-07-30 20:21 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-09 21:28 - 2013-11-22 20:10 - 00000000 _____ C:\ProgramData\7t7tde3.fvv
2013-12-09 21:28 - 2013-11-22 18:34 - 00001296 _____ C:\Windows\Tasks\Plus-HD-4.9-updater.job
2013-12-09 21:28 - 2013-11-22 18:34 - 00001098 _____ C:\Windows\Tasks\Plus-HD-4.9-enabler.job
2013-12-09 21:28 - 2013-11-22 18:33 - 00001904 _____ C:\Windows\Tasks\Plus-HD-4.9-chromeinstaller.job
2013-12-09 21:28 - 2013-11-22 18:33 - 00001198 _____ C:\Windows\Tasks\Plus-HD-4.9-codedownloader.job
2013-12-09 21:28 - 2012-07-03 09:17 - 00030726 _____ C:\SUService.log
2013-12-09 21:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-09 21:27 - 2009-07-14 05:51 - 00056559 _____ C:\Windows\setupact.log
2013-11-22 20:48 - 2012-07-03 12:01 - 00000000 ____D C:\Program Files (x86)\OfficeScan NT
2013-11-22 20:37 - 2013-11-22 18:31 - 00000000 ____D C:\Program Files (x86)\iWisoft Free Video Downloader
2013-11-22 20:15 - 2012-03-27 16:01 - 00741832 _____ C:\Windows\system32\prfh0816.dat
2013-11-22 20:15 - 2012-03-27 16:01 - 00159494 _____ C:\Windows\system32\prfc0816.dat
2013-11-22 20:15 - 2012-03-27 15:42 - 00726620 _____ C:\Windows\system32\prfh0416.dat
2013-11-22 20:15 - 2012-03-27 15:42 - 00154086 _____ C:\Windows\system32\prfc0416.dat
2013-11-22 20:15 - 2012-03-27 15:26 - 00756010 _____ C:\Windows\system32\perfh013.dat
2013-11-22 20:15 - 2012-03-27 15:26 - 00159522 _____ C:\Windows\system32\perfc013.dat
2013-11-22 20:15 - 2012-03-27 15:05 - 00442216 _____ C:\Windows\system32\perfh012.dat
2013-11-22 20:15 - 2012-03-27 15:05 - 00127088 _____ C:\Windows\system32\perfc012.dat
2013-11-22 20:15 - 2012-03-27 14:45 - 00430622 _____ C:\Windows\system32\perfh011.dat
2013-11-22 20:15 - 2012-03-27 14:45 - 00128800 _____ C:\Windows\system32\perfc011.dat
2013-11-22 20:15 - 2012-03-27 14:30 - 00752832 _____ C:\Windows\system32\perfh010.dat
2013-11-22 20:15 - 2012-03-27 14:30 - 00153394 _____ C:\Windows\system32\perfc010.dat
2013-11-22 20:15 - 2012-03-27 14:17 - 00758296 _____ C:\Windows\system32\perfh00C.dat
2013-11-22 20:15 - 2012-03-27 14:17 - 00155898 _____ C:\Windows\system32\perfc00C.dat
2013-11-22 20:15 - 2012-03-27 14:06 - 00758140 _____ C:\Windows\system32\perfh00A.dat
2013-11-22 20:15 - 2012-03-27 14:06 - 00164930 _____ C:\Windows\system32\perfc00A.dat
2013-11-22 20:15 - 2012-03-27 13:54 - 00717750 _____ C:\Windows\system32\perfh007.dat
2013-11-22 20:15 - 2012-03-27 13:54 - 00155522 _____ C:\Windows\system32\perfc007.dat
2013-11-22 20:15 - 2009-07-14 06:13 - 08243856 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 20:10 - 2013-11-22 20:10 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\3edt7t7.dss
2013-11-22 20:10 - 2013-11-22 20:10 - 00095850 _____ C:\Users\lyrtw\Documents_1131022_191025.dmp
2013-11-22 20:10 - 2013-11-22 20:10 - 00060520 ____T (Microsoft Corporation) C:\ProgramData\7t7tde3.pss
2013-11-22 20:10 - 2013-11-22 20:10 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_191025_main.txt
2013-11-22 20:10 - 2012-07-04 12:24 - 00000000 ____D C:\Users\lyrtw
2013-11-22 19:32 - 2012-07-30 20:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-22 19:32 - 2012-07-30 20:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-22 19:32 - 2012-07-30 20:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-22 19:26 - 2013-11-22 19:26 - 00093062 _____ C:\Users\lyrtw\Documents_1131022_182611.dmp
2013-11-22 19:26 - 2013-11-22 19:26 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_182611_main.txt
2013-11-22 19:22 - 2013-11-22 19:22 - 00001081 _____ C:\Users\lyrtw\Desktop\Free FLV Converter.lnk
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Users\lyrtw\AppData\Roaming\FreeFLVConverter
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Windows Searchqu Toolbar
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-11-22 19:21 - 2013-11-22 19:19 - 00000000 ____D C:\Users\lyrtw\AppData\Roaming\dcunningham.net
2013-11-22 19:21 - 2013-11-22 19:19 - 00000000 ____D C:\Users\lyrtw\AppData\Local\dcunningham.net
2013-11-22 19:19 - 2013-11-22 19:19 - 00000000 ____D C:\Users\lyrtw\Documents\EncodeHD Log Files
2013-11-22 18:56 - 2013-11-22 18:56 - 00098810 _____ C:\Users\lyrtw\Documents_1131022_175635.dmp
2013-11-22 18:56 - 2013-11-22 18:56 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_175635_main.txt
2013-11-22 18:54 - 2013-11-22 18:54 - 00111043 _____ C:\Users\lyrtw\Documents_1131022_175430.dmp
2013-11-22 18:54 - 2013-11-22 18:54 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_175430_main.txt
2013-11-22 18:50 - 2010-11-21 04:47 - 00036830 _____ C:\Windows\PFRO.log
2013-11-22 18:43 - 2013-11-22 18:43 - 00116964 _____ C:\Users\lyrtw\Documents_1131022_174353.dmp
2013-11-22 18:43 - 2013-11-22 18:43 - 00000471 _____ C:\Users\lyrtw\Documents_1131022_174353_main.txt
2013-11-22 18:40 - 2013-11-22 18:40 - 00116428 _____ C:\Users\lyrtw\Documents_1131022_174035.dmp
2013-11-22 18:34 - 2013-11-22 18:34 - 00004326 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-updater
2013-11-22 18:34 - 2013-11-22 18:34 - 00004128 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-enabler
2013-11-22 18:34 - 2013-11-22 18:34 - 00000550 _____ C:\Windows\VideoDownloader.INI
2013-11-22 18:34 - 2013-11-22 18:33 - 00000000 ____D C:\Program Files (x86)\Plus-HD-4.9
2013-11-22 18:33 - 2013-11-22 18:33 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-codedownloader
2013-11-22 18:31 - 2013-11-22 18:31 - 03127375 _____ (www.iwisoft.com ) C:\Users\lyrtw\Desktop\flashvideodownloader.exe
2013-11-22 18:31 - 2013-11-22 18:31 - 00001047 _____ C:\Users\lyrtw\Desktop\iWisoft Free Video Downloader.lnk
2013-11-22 18:31 - 2013-11-22 18:31 - 00000000 ____D C:\Users\lyrtw\Documents\iWisoft Free Video Downloader
2013-11-22 18:25 - 2012-07-04 12:26 - 00000000 ____D C:\Users\lyrtw\AppData\Roaming\SAP
2013-11-22 18:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-22 18:14 - 2009-07-14 05:45 - 00419416 _____ C:\Windows\system32\FNTCACHE.DAT
Files to move or delete:
====================
C:\ProgramData\3edt7t7.dss
C:\ProgramData\7t7tde3.bxx
C:\ProgramData\7t7tde3.fvv
C:\ProgramData\7t7tde3.pss
Some content of TEMP:
====================
C:\Users\lyrtw\AppData\Local\Temp\0710.dll
C:\Users\lyrtw\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\lyrtw\AppData\Local\Temp\IMsetup.exe
C:\Users\lyrtw\AppData\Local\Temp\installhelper.dll
C:\Users\lyrtw\AppData\Local\Temp\lx1sngha.dll
C:\Users\lyrtw\AppData\Local\Temp\plus-hd-4-9.exe
C:\Users\lyrtw\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\lyrtw\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\lyrtw\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-09-28 13:43
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2013
Ran by WTRYL (administrator) on VW41XL on 09-12-2013 23:17:04
Running from C:\Users\WTRYL\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AutoInstaller] - C:\Program Files (x86)\netinst\NiAgnt32.exe [236696 2011-11-17] (FrontRange Solutions Deutschland GmbH)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2851112 2011-11-17] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKLM\...\Policies\Explorer: [UseDefaultTile] 1
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex [829832 2013-11-22] (Adobe Systems Incorporated)
HKCU\...\Policies\system: [RunLogonScriptSync] 1
HKCU\...\Policies\system: [HideLegacyLogonScripts] 0
HKCU\...\Policies\system: [HideLogonScripts] 0
HKCU\...\Policies\system: [SetVisualStyle]
HKCU\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKCU\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKCU\...\Policies\Explorer: [Intellimenus] 1
HKCU\...\Policies\Explorer: [NoWindowsUpdate] 1
HKCU\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKCU\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKCU\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKCU\...\Policies\Explorer: [ForceRunOnStartMenu] 1
HKCU\...\Policies\Explorer: [NoStartMenuMyGames] 1
MountPoints2: {730d8283-c9e0-11e1-a3fe-806e6f6e6963} - F:\AutoRun.exe
MountPoints2: {730d82c8-c9e0-11e1-a3fe-2477037a2a50} - E:\AutoRun.exe
HKLM-x32\...\Run: [NetInstall NiTray] - C:\Program Files (x86)\netinst\eTray.exe [49808 2011-11-17] (FrontRange Solutions Deutschland GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35768 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Discovery User Input] - C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\User Input\userin32.exe [249856 2012-09-05] ()
HKLM-x32\...\Run: [InfoClientTray] - C:\Program Files (x86)\Lanxess-Support\LXTray.exe [727552 2011-09-14] (LANXESS)
HKLM-x32\...\Run: [MLAgent] - C:\Program Files (x86)\MasterLayout\MLAGENT.exe [1792680 2012-01-17] ()
HKLM-x32\...\Run: [SGNMasterApplication] - C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNMaster.exe [94208 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
HKLM-x32\...\Run: [OfficeScanNT Monitor] - C:\Program Files (x86)\OfficeScan NT\PccNTMon.exe [1378784 2012-02-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKU\DSM.install\...\Policies\system: [HideLogonScripts] 0
HKU\DSM.install\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\DSM.install\...\Policies\system: [RunLogonScriptSync] 1
HKU\lyjwi\...\Policies\system: [HideLogonScripts] 0
HKU\lyjwi\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\lyjwi\...\Policies\system: [RunLogonScriptSync] 1
AppInit_DLLs: C:\Program Files (x86)\netinst\Nia64.dll [52296 2011-11-17] (FrontRange Solutions Deutschland GmbH)
AppInit_DLLs-x32: C:\PROGRA~2\NetInst\NiAMH.dll [56464 2011-11-17] (FrontRange Solutions Deutschland GmbH)
IFEO\dinotify.exe: [Debugger] C:\Program Files (x86)\NetInst\dinotd64.exe
Startup: C:\Users\WTRYL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t7tde3.lnk
ShortcutTarget: 7t7tde3.lnk -> C:\ProgramData\3edt7t7.dss (Корпорация Майкрософт)
==================== Internet (Whitelisted) ====================
ProxyServer: http=lx-cache.services.lanxess:8080;https=lx-cache.services.lanxess:8080;ftp=lx-cache.services.lanxess:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.portal.lanxess/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4FA16F4FA9E7CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = english,de-DE;q=0.5
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {7266A53B-5AA1-4AC8-9294-06D52EA40448} URL = hxxp://www.bing.com/search?q=
SearchScopes: HKLM - {7F79D84C-88FB-40B0-80CC-AFAFC537C6B1} URL = hxxp://search.portal.lanxess/search?q={searchTerms}&proxystylesheet=intranet
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0DA547CC-6722-419D-9B20-A459FF7DA40D} URL = hxxp://search.portal.lanxess/search?q={searchTerms}&proxystylesheet=intranet
SearchScopes: HKLM-x32 - {47C08E58-F163-408C-95AB-4C3102F25D7B} URL = hxxp://www.bing.com/search?q=
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0DA547CC-6722-419D-9B20-A459FF7DA40D} URL =
SearchScopes: HKCU - {47C08E58-F163-408C-95AB-4C3102F25D7B} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL =
SearchScopes: HKCU - {E358B6ED-49E8-46AD-82F8-8FB9CFF418A6} URL =
BHO: Plus-HD-4.9 - {11111111-1111-1111-1111-110411591118} - C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho64.dll (Plus HD)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Plus-HD-4.9 - {11111111-1111-1111-1111-110411591118} - C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho.dll (Plus HD)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {A08463E2-BF3E-4E78-9938-E4CC1981483B} https://install.mc.iconf.net/gcc_installer/genesys/mcInstall.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4BDD6AF9-3256-40CF-A07A-C728C03276AE}: [NameServer]10.74.210.210 10.74.210.211
==================== Services (Whitelisted) =================
R2 BEDevCtl; C:\Windows\SysWOW64\BEDevCtl.exe [1306624 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R2 BEFCSvcn; C:\Windows\SysWOW64\BEFCSvcn.exe [20480 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R2 DiscoveryClientAgent; C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe [1572128 2012-09-05] ()
R2 DiscoveryIPTransferAgent; C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe [601376 2012-09-05] ()
R2 esiCore; C:\Program Files (x86)\NetInst\mgmtagnt.exe [220312 2011-11-17] (FrontRange Solutions Deutschland GmbH)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2012-07-09] ()
S3 iPassConnectEngine; C:\Program Files (x86)\iPass\iPassConnect LANXESS\iPassConnectEngine.exe [1757184 2010-04-07] (iPass, Inc.)
R3 iPassPeriodicUpdateApp; C:\Program Files (x86)\iPass\iPassConnect LANXESS\iPassPeriodicUpdateApp.exe [176128 2010-04-05] (iPass, Inc.)
R2 iPassPeriodicUpdateService; C:\Program Files (x86)\iPass\iPassConnect LANXESS\iPassPeriodicUpdateService.exe [114688 2010-04-05] (iPass, Inc.)
R3 LanProbe; C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\AUDIT\lpamd64.exe [275968 2012-09-05] ()
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 LNSUSvc; c:\Program Files (x86)\Notes\SUService.exe [189832 2011-09-16] (IBM Corp)
R2 Lotus Notes Diagnostics; c:\Program Files (x86)\Notes\nsd.exe [4455600 2012-07-03] (IBM)
R2 LXInfoClient; C:\Program Files (x86)\LANXESS-Support\infoclient.exe [1095680 2011-09-14] (Lanxess Deutschland GmbH)
R2 Multi-user Cleanup Service; c:\Program Files (x86)\Notes\ntmulti.exe [71048 2011-09-16] (IBM Corp)
R2 ntrtscan; C:\Program Files (x86)\OfficeScan NT\ntrtscan.exe [2140984 2012-02-09] (Trend Micro Inc.)
R2 ProxyHostService; C:\Program Files (x86)\Proxy Networks\PROXY Pro Host\phsvc.exe [709968 2011-04-06] (Proxy Networks, Inc.)
R2 SGNAuthService; C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNAuthServicen.exe [659456 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
S2 SGNSafeModeService; C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNSafeModeServicen.exe [237568 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_BEService; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_FEService; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_LogSystem; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_Sem; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
S2 tmlisten; C:\Program Files (x86)\OfficeScan NT\tmlisten.exe [2424480 2012-02-09] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files (x86)\OfficeScan NT\TmPfw.exe [596736 2011-04-15] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files (x86)\OfficeScan NT\TmProxy.exe [918032 2011-04-15] (Trend Micro Inc.)
R2 WiFiService; C:\Program Files\Lanxess-Support\LXS_WiFi_Service.exe [2126848 2012-05-04] (Lanxess)
S2 Winmgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ersupext; "C:\Program Files (x86)\NetInst\mgmtagnt.exe" /run=ersupext.dll [x]
==================== Drivers (Whitelisted) ====================
R0 BeFlt; C:\Windows\System32\DRIVERS\BEFLT.SYS [137472 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BeFlt; C:\Windows\SysWow64\DRIVERS\BEFLT.SYS [117504 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BE_FLTI; C:\Windows\System32\DRIVERS\be_fltim.sys [71936 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BE_FLTI; C:\Windows\SysWow64\DRIVERS\be_fltim.sys [59648 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2012-07-09] (Bytemobile, Inc.)
R3 cdprku; C:\Windows\system32\Drivers\cdprku.sys [27936 2012-09-12] ()
R0 CEAES2M; C:\Windows\System32\Drivers\cegaes2m.sys [57088 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAES2M; C:\Windows\SysWow64\Drivers\cegaes2m.sys [63232 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAESM; C:\Windows\System32\Drivers\cegaesm.sys [57088 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAESM; C:\Windows\SysWow64\Drivers\cegaesm.sys [62720 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEHMACM; C:\Windows\System32\Drivers\cehmacm.sys [27904 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CERNDM; C:\Windows\System32\Drivers\CERNDM.sys [17664 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CESHAM; C:\Windows\System32\Drivers\cesham.sys [26368 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CESHAM; C:\Windows\SysWow64\Drivers\cesham.sys [24832 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [132184 2011-08-03] (Citrix Systems, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2012-07-09] (Huawei Technologies Co., Ltd.)
R0 LCENCM; C:\Windows\System32\drivers\lcencvm.sys [1424640 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 LCFILTM; C:\Windows\System32\Drivers\lcfiltvm.sys [84224 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 LCRECM; C:\Windows\System32\Drivers\lcrecvm.sys [41216 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 SGSTDRVM; C:\Windows\System32\Drivers\sgstdrvm.sys [57088 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 SGSTDRVM; C:\Windows\SysWow64\Drivers\sgstdrvm.sys [51968 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2012-07-09] (Bytemobile, Inc.)
R2 TmFilter; C:\Program Files (x86)\OfficeScan NT\TmXPFlt.sys [344864 2013-08-14] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [196688 2010-11-08] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\OfficeScan NT\TmPreFlt.sys [42272 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-11-08] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [338000 2010-11-08] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\OfficeScan NT\VSApiNt.sys [2260768 2013-08-14] (Trend Micro Inc.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2012-07-09] (Huawei Technologies Co., Ltd.)
U5 SGN_Trans; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-09 23:17 - 2013-12-09 23:19 - 00020622 _____ C:\Users\WTRYL\Desktop\FRST.txt
2013-12-09 23:16 - 2013-12-09 23:16 - 01927982 _____ (Farbar) C:\Users\WTRYL\Desktop\FRST64.exe
2013-12-09 23:16 - 2013-12-09 23:16 - 00000000 ____D C:\FRST
2013-12-09 22:55 - 2013-12-09 22:55 - 00000000 ____D C:\Users\WTRYL\Desktop\Autoruns
2013-12-09 22:48 - 2013-12-09 23:18 - 00012600 _____ C:\ProgramData\7t7tde3.bxx
2013-12-09 22:21 - 2013-12-09 22:36 - 127231689 _____ (Igor Pavlov) C:\Users\WTRYL\Desktop\OTLPENet.exe
2013-12-09 22:21 - 2013-12-09 22:21 - 01191834 _____ C:\Users\WTRYL\Desktop\ProcessExplorer.zip
2013-12-09 22:20 - 2013-12-09 22:20 - 00550371 _____ C:\Users\WTRYL\Desktop\Autoruns.zip
2013-12-09 22:19 - 2013-12-09 22:19 - 00891184 _____ C:\Users\WTRYL\Desktop\SecurityCheck.exe
2013-12-09 22:18 - 2013-12-09 22:30 - 00023558 _____ C:\Users\WTRYL\Desktop\Addition.txt
2013-12-09 22:18 - 2013-12-09 22:18 - 00602112 _____ (OldTimer Tools) C:\Users\WTRYL\Desktop\OTL.exe
2013-12-09 22:18 - 2013-12-09 22:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\WTRYL\Desktop\HijackThis.exe
2013-11-22 20:10 - 2013-12-09 21:28 - 00000000 _____ C:\ProgramData\7t7tde3.fvv
2013-11-22 20:10 - 2013-11-22 20:10 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\3edt7t7.dss
2013-11-22 20:10 - 2013-11-22 20:10 - 00095850 _____ C:\Users\WTRYL\Documents_1131022_191025.dmp
2013-11-22 20:10 - 2013-11-22 20:10 - 00060520 ____T (Microsoft Corporation) C:\ProgramData\7t7tde3.pss
2013-11-22 20:10 - 2013-11-22 20:10 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_191025_main.txt
2013-11-22 19:26 - 2013-11-22 19:26 - 00093062 _____ C:\Users\WTRYL\Documents_1131022_182611.dmp
2013-11-22 19:26 - 2013-11-22 19:26 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_182611_main.txt
2013-11-22 19:22 - 2013-11-22 19:22 - 00001081 _____ C:\Users\WTRYL\Desktop\Free FLV Converter.lnk
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\FreeFLVConverter
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Windows Searchqu Toolbar
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-11-22 19:22 - 2012-10-17 16:37 - 00397312 _____ (Koyote Soft) C:\Windows\SysWOW64\TubeFinder.exe
2013-11-22 19:22 - 2011-09-28 09:18 - 00364544 _____ C:\Windows\SysWOW64\PropertyGrid.ocx
2013-11-22 19:22 - 2011-09-28 09:18 - 00208500 _____ C:\Windows\SysWOW64\ReyXpBasics.tlb
2013-11-22 19:22 - 2011-09-28 09:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00084512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PICCLP32.OCX
2013-11-22 19:22 - 2011-09-28 09:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00024576 _____ C:\Windows\SysWOW64\ControlSubX.ocx
2013-11-22 19:22 - 2011-09-28 09:18 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCCLPFR.DLL
2013-11-22 19:19 - 2013-11-22 19:21 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\dcunningham.net
2013-11-22 19:19 - 2013-11-22 19:21 - 00000000 ____D C:\Users\WTRYL\AppData\Local\dcunningham.net
2013-11-22 19:19 - 2013-11-22 19:19 - 00000000 ____D C:\Users\WTRYL\Documents\EncodeHD Log Files
2013-11-22 18:56 - 2013-11-22 18:56 - 00098810 _____ C:\Users\WTRYL\Documents_1131022_175635.dmp
2013-11-22 18:56 - 2013-11-22 18:56 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_175635_main.txt
2013-11-22 18:54 - 2013-11-22 18:54 - 00111043 _____ C:\Users\WTRYL\Documents_1131022_175430.dmp
2013-11-22 18:54 - 2013-11-22 18:54 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_175430_main.txt
2013-11-22 18:43 - 2013-11-22 18:43 - 00116964 _____ C:\Users\WTRYL\Documents_1131022_174353.dmp
2013-11-22 18:43 - 2013-11-22 18:43 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_174353_main.txt
2013-11-22 18:40 - 2013-11-22 18:40 - 00116428 _____ C:\Users\WTRYL\Documents_1131022_174035.dmp
2013-11-22 18:34 - 2013-12-09 21:28 - 00001296 _____ C:\Windows\Tasks\Plus-HD-4.9-updater.job
2013-11-22 18:34 - 2013-12-09 21:28 - 00001098 _____ C:\Windows\Tasks\Plus-HD-4.9-enabler.job
2013-11-22 18:34 - 2013-11-22 18:34 - 00004326 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-updater
2013-11-22 18:34 - 2013-11-22 18:34 - 00004128 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-enabler
2013-11-22 18:34 - 2013-11-22 18:34 - 00000550 _____ C:\Windows\VideoDownloader.INI
2013-11-22 18:33 - 2013-12-09 21:28 - 00001904 _____ C:\Windows\Tasks\Plus-HD-4.9-chromeinstaller.job
2013-11-22 18:33 - 2013-12-09 21:28 - 00001198 _____ C:\Windows\Tasks\Plus-HD-4.9-codedownloader.job
2013-11-22 18:33 - 2013-11-22 18:34 - 00000000 ____D C:\Program Files (x86)\Plus-HD-4.9
2013-11-22 18:33 - 2013-11-22 18:33 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-codedownloader
2013-11-22 18:31 - 2013-11-22 20:37 - 00000000 ____D C:\Program Files (x86)\iWisoft Free Video Downloader
2013-11-22 18:31 - 2013-11-22 18:31 - 03127375 _____ (www.iwisoft.com ) C:\Users\WTRYL\Desktop\flashvideodownloader.exe
2013-11-22 18:31 - 2013-11-22 18:31 - 00001047 _____ C:\Users\WTRYL\Desktop\iWisoft Free Video Downloader.lnk
2013-11-22 18:31 - 2013-11-22 18:31 - 00000000 ____D C:\Users\WTRYL\Documents\iWisoft Free Video Downloader
==================== One Month Modified Files and Folders =======
2013-12-09 23:19 - 2013-12-09 23:17 - 00020622 _____ C:\Users\WTRYL\Desktop\FRST.txt
2013-12-09 23:18 - 2013-12-09 22:48 - 00012600 _____ C:\ProgramData\7t7tde3.bxx
2013-12-09 23:16 - 2013-12-09 23:16 - 01927982 _____ (Farbar) C:\Users\WTRYL\Desktop\FRST64.exe
2013-12-09 23:16 - 2013-12-09 23:16 - 00000000 ____D C:\FRST
2013-12-09 23:11 - 2012-07-03 08:48 - 01383143 _____ C:\Windows\WindowsUpdate.log
2013-12-09 22:59 - 2012-07-04 12:25 - 00000000 ___RD C:\Users\WTRYL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-09 22:55 - 2013-12-09 22:55 - 00000000 ____D C:\Users\WTRYL\Desktop\Autoruns
2013-12-09 22:38 - 2009-07-14 05:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-09 22:38 - 2009-07-14 05:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-09 22:36 - 2013-12-09 22:21 - 127231689 _____ (Igor Pavlov) C:\Users\WTRYL\Desktop\OTLPENet.exe
2013-12-09 22:31 - 2012-07-30 20:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-09 22:30 - 2013-12-09 22:18 - 00023558 _____ C:\Users\WTRYL\Desktop\Addition.txt
2013-12-09 22:21 - 2013-12-09 22:21 - 01191834 _____ C:\Users\WTRYL\Desktop\ProcessExplorer.zip
2013-12-09 22:20 - 2013-12-09 22:20 - 00550371 _____ C:\Users\WTRYL\Desktop\Autoruns.zip
2013-12-09 22:19 - 2013-12-09 22:19 - 00891184 _____ C:\Users\WTRYL\Desktop\SecurityCheck.exe
2013-12-09 22:18 - 2013-12-09 22:18 - 00602112 _____ (OldTimer Tools) C:\Users\WTRYL\Desktop\OTL.exe
2013-12-09 22:18 - 2013-12-09 22:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\WTRYL\Desktop\HijackThis.exe
2013-12-09 21:58 - 2012-07-30 20:21 - 00000000 ____D C:\Users\WTRYL\AppData\Local\Google
2013-12-09 21:58 - 2012-07-30 20:21 - 00000000 ____D C:\ProgramData\Google
2013-12-09 21:58 - 2012-07-30 20:21 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-09 21:28 - 2013-11-22 20:10 - 00000000 _____ C:\ProgramData\7t7tde3.fvv
2013-12-09 21:28 - 2013-11-22 18:34 - 00001296 _____ C:\Windows\Tasks\Plus-HD-4.9-updater.job
2013-12-09 21:28 - 2013-11-22 18:34 - 00001098 _____ C:\Windows\Tasks\Plus-HD-4.9-enabler.job
2013-12-09 21:28 - 2013-11-22 18:33 - 00001904 _____ C:\Windows\Tasks\Plus-HD-4.9-chromeinstaller.job
2013-12-09 21:28 - 2013-11-22 18:33 - 00001198 _____ C:\Windows\Tasks\Plus-HD-4.9-codedownloader.job
2013-12-09 21:28 - 2012-07-03 09:17 - 00030726 _____ C:\SUService.log
2013-12-09 21:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-09 21:27 - 2009-07-14 05:51 - 00056559 _____ C:\Windows\setupact.log
2013-11-22 20:48 - 2012-07-03 12:01 - 00000000 ____D C:\Program Files (x86)\OfficeScan NT
2013-11-22 20:37 - 2013-11-22 18:31 - 00000000 ____D C:\Program Files (x86)\iWisoft Free Video Downloader
2013-11-22 20:15 - 2012-03-27 16:01 - 00741832 _____ C:\Windows\system32\prfh0816.dat
2013-11-22 20:15 - 2012-03-27 16:01 - 00159494 _____ C:\Windows\system32\prfc0816.dat
2013-11-22 20:15 - 2012-03-27 15:42 - 00726620 _____ C:\Windows\system32\prfh0416.dat
2013-11-22 20:15 - 2012-03-27 15:42 - 00154086 _____ C:\Windows\system32\prfc0416.dat
2013-11-22 20:15 - 2012-03-27 15:26 - 00756010 _____ C:\Windows\system32\perfh013.dat
2013-11-22 20:15 - 2012-03-27 15:26 - 00159522 _____ C:\Windows\system32\perfc013.dat
2013-11-22 20:15 - 2012-03-27 15:05 - 00442216 _____ C:\Windows\system32\perfh012.dat
2013-11-22 20:15 - 2012-03-27 15:05 - 00127088 _____ C:\Windows\system32\perfc012.dat
2013-11-22 20:15 - 2012-03-27 14:45 - 00430622 _____ C:\Windows\system32\perfh011.dat
2013-11-22 20:15 - 2012-03-27 14:45 - 00128800 _____ C:\Windows\system32\perfc011.dat
2013-11-22 20:15 - 2012-03-27 14:30 - 00752832 _____ C:\Windows\system32\perfh010.dat
2013-11-22 20:15 - 2012-03-27 14:30 - 00153394 _____ C:\Windows\system32\perfc010.dat
2013-11-22 20:15 - 2012-03-27 14:17 - 00758296 _____ C:\Windows\system32\perfh00C.dat
2013-11-22 20:15 - 2012-03-27 14:17 - 00155898 _____ C:\Windows\system32\perfc00C.dat
2013-11-22 20:15 - 2012-03-27 14:06 - 00758140 _____ C:\Windows\system32\perfh00A.dat
2013-11-22 20:15 - 2012-03-27 14:06 - 00164930 _____ C:\Windows\system32\perfc00A.dat
2013-11-22 20:15 - 2012-03-27 13:54 - 00717750 _____ C:\Windows\system32\perfh007.dat
2013-11-22 20:15 - 2012-03-27 13:54 - 00155522 _____ C:\Windows\system32\perfc007.dat
2013-11-22 20:15 - 2009-07-14 06:13 - 08243856 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 20:10 - 2013-11-22 20:10 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\3edt7t7.dss
2013-11-22 20:10 - 2013-11-22 20:10 - 00095850 _____ C:\Users\WTRYL\Documents_1131022_191025.dmp
2013-11-22 20:10 - 2013-11-22 20:10 - 00060520 ____T (Microsoft Corporation) C:\ProgramData\7t7tde3.pss
2013-11-22 20:10 - 2013-11-22 20:10 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_191025_main.txt
2013-11-22 20:10 - 2012-07-04 12:24 - 00000000 ____D C:\Users\WTRYL
2013-11-22 19:32 - 2012-07-30 20:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-22 19:32 - 2012-07-30 20:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-22 19:32 - 2012-07-30 20:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-22 19:26 - 2013-11-22 19:26 - 00093062 _____ C:\Users\WTRYL\Documents_1131022_182611.dmp
2013-11-22 19:26 - 2013-11-22 19:26 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_182611_main.txt
2013-11-22 19:22 - 2013-11-22 19:22 - 00001081 _____ C:\Users\WTRYL\Desktop\Free FLV Converter.lnk
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\FreeFLVConverter
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Windows Searchqu Toolbar
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-11-22 19:21 - 2013-11-22 19:19 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\dcunningham.net
2013-11-22 19:21 - 2013-11-22 19:19 - 00000000 ____D C:\Users\WTRYL\AppData\Local\dcunningham.net
2013-11-22 19:19 - 2013-11-22 19:19 - 00000000 ____D C:\Users\WTRYL\Documents\EncodeHD Log Files
2013-11-22 18:56 - 2013-11-22 18:56 - 00098810 _____ C:\Users\WTRYL\Documents_1131022_175635.dmp
2013-11-22 18:56 - 2013-11-22 18:56 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_175635_main.txt
2013-11-22 18:54 - 2013-11-22 18:54 - 00111043 _____ C:\Users\WTRYL\Documents_1131022_175430.dmp
2013-11-22 18:54 - 2013-11-22 18:54 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_175430_main.txt
2013-11-22 18:50 - 2010-11-21 04:47 - 00036830 _____ C:\Windows\PFRO.log
2013-11-22 18:43 - 2013-11-22 18:43 - 00116964 _____ C:\Users\WTRYL\Documents_1131022_174353.dmp
2013-11-22 18:43 - 2013-11-22 18:43 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_174353_main.txt
2013-11-22 18:40 - 2013-11-22 18:40 - 00116428 _____ C:\Users\WTRYL\Documents_1131022_174035.dmp
2013-11-22 18:34 - 2013-11-22 18:34 - 00004326 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-updater
2013-11-22 18:34 - 2013-11-22 18:34 - 00004128 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-enabler
2013-11-22 18:34 - 2013-11-22 18:34 - 00000550 _____ C:\Windows\VideoDownloader.INI
2013-11-22 18:34 - 2013-11-22 18:33 - 00000000 ____D C:\Program Files (x86)\Plus-HD-4.9
2013-11-22 18:33 - 2013-11-22 18:33 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-codedownloader
2013-11-22 18:31 - 2013-11-22 18:31 - 03127375 _____ (www.iwisoft.com ) C:\Users\WTRYL\Desktop\flashvideodownloader.exe
2013-11-22 18:31 - 2013-11-22 18:31 - 00001047 _____ C:\Users\WTRYL\Desktop\iWisoft Free Video Downloader.lnk
2013-11-22 18:31 - 2013-11-22 18:31 - 00000000 ____D C:\Users\WTRYL\Documents\iWisoft Free Video Downloader
2013-11-22 18:25 - 2012-07-04 12:26 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\SAP
2013-11-22 18:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-22 18:14 - 2009-07-14 05:45 - 00419416 _____ C:\Windows\system32\FNTCACHE.DAT
Files to move or delete:
====================
C:\ProgramData\3edt7t7.dss
C:\ProgramData\7t7tde3.bxx
C:\ProgramData\7t7tde3.fvv
C:\ProgramData\7t7tde3.pss
Some content of TEMP:
====================
C:\Users\WTRYL\AppData\Local\Temp\0710.dll
C:\Users\WTRYL\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\WTRYL\AppData\Local\Temp\IMsetup.exe
C:\Users\WTRYL\AppData\Local\Temp\installhelper.dll
C:\Users\WTRYL\AppData\Local\Temp\lx1sngha.dll
C:\Users\WTRYL\AppData\Local\Temp\plus-hd-4-9.exe
C:\Users\WTRYL\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\WTRYL\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\WTRYL\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-09-28 13:43
==================== End Of Log ============================
--- --- --- --- --- --- Hi, anbei das Log  FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2013
Ran by WTRYL (administrator) on VW41XL on 09-12-2013 23:17:04
Running from C:\Users\WTRYL\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AutoInstaller] - C:\Program Files (x86)\netinst\NiAgnt32.exe [236696 2011-11-17] (FrontRange Solutions Deutschland GmbH)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2851112 2011-11-17] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\System32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ForceClassicControlPanel] 1
HKLM\...\Policies\Explorer: [UseDefaultTile] 1
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe -update activex [829832 2013-11-22] (Adobe Systems Incorporated)
HKCU\...\Policies\system: [RunLogonScriptSync] 1
HKCU\...\Policies\system: [HideLegacyLogonScripts] 0
HKCU\...\Policies\system: [HideLogonScripts] 0
HKCU\...\Policies\system: [SetVisualStyle]
HKCU\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKCU\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKCU\...\Policies\Explorer: [Intellimenus] 1
HKCU\...\Policies\Explorer: [NoWindowsUpdate] 1
HKCU\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKCU\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKCU\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKCU\...\Policies\Explorer: [ForceRunOnStartMenu] 1
HKCU\...\Policies\Explorer: [NoStartMenuMyGames] 1
MountPoints2: {730d8283-c9e0-11e1-a3fe-806e6f6e6963} - F:\AutoRun.exe
MountPoints2: {730d82c8-c9e0-11e1-a3fe-2477037a2a50} - E:\AutoRun.exe
HKLM-x32\...\Run: [NetInstall NiTray] - C:\Program Files (x86)\netinst\eTray.exe [49808 2011-11-17] (FrontRange Solutions Deutschland GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35768 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Discovery User Input] - C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\User Input\userin32.exe [249856 2012-09-05] ()
HKLM-x32\...\Run: [InfoClientTray] - C:\Program Files (x86)\Lanxess-Support\LXTray.exe [727552 2011-09-14] (LANXESS)
HKLM-x32\...\Run: [MLAgent] - C:\Program Files (x86)\MasterLayout\MLAGENT.exe [1792680 2012-01-17] ()
HKLM-x32\...\Run: [SGNMasterApplication] - C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNMaster.exe [94208 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
HKLM-x32\...\Run: [OfficeScanNT Monitor] - C:\Program Files (x86)\OfficeScan NT\PccNTMon.exe [1378784 2012-02-09] (Trend Micro Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKU\DSM.install\...\Policies\system: [HideLogonScripts] 0
HKU\DSM.install\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\DSM.install\...\Policies\system: [RunLogonScriptSync] 1
HKU\lyjwi\...\Policies\system: [HideLogonScripts] 0
HKU\lyjwi\...\Policies\system: [HideLegacyLogonScripts] 0
HKU\lyjwi\...\Policies\system: [RunLogonScriptSync] 1
AppInit_DLLs: C:\Program Files (x86)\netinst\Nia64.dll [52296 2011-11-17] (FrontRange Solutions Deutschland GmbH)
AppInit_DLLs-x32: C:\PROGRA~2\NetInst\NiAMH.dll [56464 2011-11-17] (FrontRange Solutions Deutschland GmbH)
IFEO\dinotify.exe: [Debugger] C:\Program Files (x86)\NetInst\dinotd64.exe
Startup: C:\Users\WTRYL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t7tde3.lnk
ShortcutTarget: 7t7tde3.lnk -> C:\ProgramData\3edt7t7.dss (Корпорация Майкрософт)
==================== Internet (Whitelisted) ====================
ProxyServer: http=lx-cache.services.lanxess:8080;https=lx-cache.services.lanxess:8080;ftp=lx-cache.services.lanxess:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.portal.lanxess/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4FA16F4FA9E7CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = english,de-DE;q=0.5
URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {7266A53B-5AA1-4AC8-9294-06D52EA40448} URL = hxxp://www.bing.com/search?q=
SearchScopes: HKLM - {7F79D84C-88FB-40B0-80CC-AFAFC537C6B1} URL = hxxp://search.portal.lanxess/search?q={searchTerms}&proxystylesheet=intranet
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0DA547CC-6722-419D-9B20-A459FF7DA40D} URL = hxxp://search.portal.lanxess/search?q={searchTerms}&proxystylesheet=intranet
SearchScopes: HKLM-x32 - {47C08E58-F163-408C-95AB-4C3102F25D7B} URL = hxxp://www.bing.com/search?q=
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0DA547CC-6722-419D-9B20-A459FF7DA40D} URL =
SearchScopes: HKCU - {47C08E58-F163-408C-95AB-4C3102F25D7B} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL =
SearchScopes: HKCU - {E358B6ED-49E8-46AD-82F8-8FB9CFF418A6} URL =
BHO: Plus-HD-4.9 - {11111111-1111-1111-1111-110411591118} - C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho64.dll (Plus HD)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Plus-HD-4.9 - {11111111-1111-1111-1111-110411591118} - C:\Program Files (x86)\Plus-HD-4.9\Plus-HD-4.9-bho.dll (Plus HD)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {A08463E2-BF3E-4E78-9938-E4CC1981483B} https://install.mc.iconf.net/gcc_installer/genesys/mcInstall.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - No File
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4BDD6AF9-3256-40CF-A07A-C728C03276AE}: [NameServer]10.74.210.210 10.74.210.211
==================== Services (Whitelisted) =================
R2 BEDevCtl; C:\Windows\SysWOW64\BEDevCtl.exe [1306624 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R2 BEFCSvcn; C:\Windows\SysWOW64\BEFCSvcn.exe [20480 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R2 DiscoveryClientAgent; C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\AUDIT\cagent32.exe [1572128 2012-09-05] ()
R2 DiscoveryIPTransferAgent; C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\AUDIT\xferwan.exe [601376 2012-09-05] ()
R2 esiCore; C:\Program Files (x86)\NetInst\mgmtagnt.exe [220312 2011-11-17] (FrontRange Solutions Deutschland GmbH)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [344928 2011-01-28] ()
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [224096 2012-07-09] ()
S3 iPassConnectEngine; C:\Program Files (x86)\iPass\iPassConnect LANXESS\iPassConnectEngine.exe [1757184 2010-04-07] (iPass, Inc.)
R3 iPassPeriodicUpdateApp; C:\Program Files (x86)\iPass\iPassConnect LANXESS\iPassPeriodicUpdateApp.exe [176128 2010-04-05] (iPass, Inc.)
R2 iPassPeriodicUpdateService; C:\Program Files (x86)\iPass\iPassConnect LANXESS\iPassPeriodicUpdateService.exe [114688 2010-04-05] (iPass, Inc.)
R3 LanProbe; C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\AUDIT\lpamd64.exe [275968 2012-09-05] ()
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 LNSUSvc; c:\Program Files (x86)\Notes\SUService.exe [189832 2011-09-16] (IBM Corp)
R2 Lotus Notes Diagnostics; c:\Program Files (x86)\Notes\nsd.exe [4455600 2012-07-03] (IBM)
R2 LXInfoClient; C:\Program Files (x86)\LANXESS-Support\infoclient.exe [1095680 2011-09-14] (Lanxess Deutschland GmbH)
R2 Multi-user Cleanup Service; c:\Program Files (x86)\Notes\ntmulti.exe [71048 2011-09-16] (IBM Corp)
R2 ntrtscan; C:\Program Files (x86)\OfficeScan NT\ntrtscan.exe [2140984 2012-02-09] (Trend Micro Inc.)
R2 ProxyHostService; C:\Program Files (x86)\Proxy Networks\PROXY Pro Host\phsvc.exe [709968 2011-04-06] (Proxy Networks, Inc.)
R2 SGNAuthService; C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNAuthServicen.exe [659456 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
S2 SGNSafeModeService; C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNSafeModeServicen.exe [237568 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_BEService; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_FEService; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_LogSystem; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
R2 SGN_Sem; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
S2 tmlisten; C:\Program Files (x86)\OfficeScan NT\tmlisten.exe [2424480 2012-02-09] (Trend Micro Inc.)
S3 TmPfw; C:\Program Files (x86)\OfficeScan NT\TmPfw.exe [596736 2011-04-15] (Trend Micro Inc.)
S3 TmProxy; C:\Program Files (x86)\OfficeScan NT\TmProxy.exe [918032 2011-04-15] (Trend Micro Inc.)
R2 WiFiService; C:\Program Files\Lanxess-Support\LXS_WiFi_Service.exe [2126848 2012-05-04] (Lanxess)
S2 Winmgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 ersupext; "C:\Program Files (x86)\NetInst\mgmtagnt.exe" /run=ersupext.dll [x]
==================== Drivers (Whitelisted) ====================
R0 BeFlt; C:\Windows\System32\DRIVERS\BEFLT.SYS [137472 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BeFlt; C:\Windows\SysWow64\DRIVERS\BEFLT.SYS [117504 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BE_FLTI; C:\Windows\System32\DRIVERS\be_fltim.sys [71936 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BE_FLTI; C:\Windows\SysWow64\DRIVERS\be_fltim.sys [59648 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2012-07-09] (Bytemobile, Inc.)
R3 cdprku; C:\Windows\system32\Drivers\cdprku.sys [27936 2012-09-12] ()
R0 CEAES2M; C:\Windows\System32\Drivers\cegaes2m.sys [57088 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAES2M; C:\Windows\SysWow64\Drivers\cegaes2m.sys [63232 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAESM; C:\Windows\System32\Drivers\cegaesm.sys [57088 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEAESM; C:\Windows\SysWow64\Drivers\cegaesm.sys [62720 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CEHMACM; C:\Windows\System32\Drivers\cehmacm.sys [27904 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CERNDM; C:\Windows\System32\Drivers\CERNDM.sys [17664 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CESHAM; C:\Windows\System32\Drivers\cesham.sys [26368 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R0 CESHAM; C:\Windows\SysWow64\Drivers\cesham.sys [24832 2010-06-15] (Utimaco Safeware AG - a member of the Sophos Group)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [132184 2011-08-03] (Citrix Systems, Inc.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [212992 2012-07-09] (Huawei Technologies Co., Ltd.)
R0 LCENCM; C:\Windows\System32\drivers\lcencvm.sys [1424640 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 LCFILTM; C:\Windows\System32\Drivers\lcfiltvm.sys [84224 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 LCRECM; C:\Windows\System32\Drivers\lcrecvm.sys [41216 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 SGSTDRVM; C:\Windows\System32\Drivers\sgstdrvm.sys [57088 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R0 SGSTDRVM; C:\Windows\SysWow64\Drivers\sgstdrvm.sys [51968 2011-04-27] (Utimaco Safeware AG - a member of the Sophos Group)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2012-07-09] (Bytemobile, Inc.)
R2 TmFilter; C:\Program Files (x86)\OfficeScan NT\TmXPFlt.sys [344864 2013-08-14] (Trend Micro Inc.)
R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [196688 2010-11-08] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\OfficeScan NT\TmPreFlt.sys [42272 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-11-08] (Trend Micro Inc.)
R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [338000 2010-11-08] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\OfficeScan NT\VSApiNt.sys [2260768 2013-08-14] (Trend Micro Inc.)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2012-07-09] (Huawei Technologies Co., Ltd.)
U5 SGN_Trans; C:\Windows\SysWOW64\SGN_MasterServicen.exe [49152 2011-04-28] (Utimaco Safeware AG - a member of the Sophos Group)
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-09 23:17 - 2013-12-09 23:19 - 00020622 _____ C:\Users\WTRYL\Desktop\FRST.txt
2013-12-09 23:16 - 2013-12-09 23:16 - 01927982 _____ (Farbar) C:\Users\WTRYL\Desktop\FRST64.exe
2013-12-09 23:16 - 2013-12-09 23:16 - 00000000 ____D C:\FRST
2013-12-09 22:55 - 2013-12-09 22:55 - 00000000 ____D C:\Users\WTRYL\Desktop\Autoruns
2013-12-09 22:48 - 2013-12-09 23:18 - 00012600 _____ C:\ProgramData\7t7tde3.bxx
2013-12-09 22:21 - 2013-12-09 22:36 - 127231689 _____ (Igor Pavlov) C:\Users\WTRYL\Desktop\OTLPENet.exe
2013-12-09 22:21 - 2013-12-09 22:21 - 01191834 _____ C:\Users\WTRYL\Desktop\ProcessExplorer.zip
2013-12-09 22:20 - 2013-12-09 22:20 - 00550371 _____ C:\Users\WTRYL\Desktop\Autoruns.zip
2013-12-09 22:19 - 2013-12-09 22:19 - 00891184 _____ C:\Users\WTRYL\Desktop\SecurityCheck.exe
2013-12-09 22:18 - 2013-12-09 22:30 - 00023558 _____ C:\Users\WTRYL\Desktop\Addition.txt
2013-12-09 22:18 - 2013-12-09 22:18 - 00602112 _____ (OldTimer Tools) C:\Users\WTRYL\Desktop\OTL.exe
2013-12-09 22:18 - 2013-12-09 22:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\WTRYL\Desktop\HijackThis.exe
2013-11-22 20:10 - 2013-12-09 21:28 - 00000000 _____ C:\ProgramData\7t7tde3.fvv
2013-11-22 20:10 - 2013-11-22 20:10 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\3edt7t7.dss
2013-11-22 20:10 - 2013-11-22 20:10 - 00095850 _____ C:\Users\WTRYL\Documents_1131022_191025.dmp
2013-11-22 20:10 - 2013-11-22 20:10 - 00060520 ____T (Microsoft Corporation) C:\ProgramData\7t7tde3.pss
2013-11-22 20:10 - 2013-11-22 20:10 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_191025_main.txt
2013-11-22 19:26 - 2013-11-22 19:26 - 00093062 _____ C:\Users\WTRYL\Documents_1131022_182611.dmp
2013-11-22 19:26 - 2013-11-22 19:26 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_182611_main.txt
2013-11-22 19:22 - 2013-11-22 19:22 - 00001081 _____ C:\Users\WTRYL\Desktop\Free FLV Converter.lnk
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\FreeFLVConverter
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Windows Searchqu Toolbar
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-11-22 19:22 - 2012-10-17 16:37 - 00397312 _____ (Koyote Soft) C:\Windows\SysWOW64\TubeFinder.exe
2013-11-22 19:22 - 2011-09-28 09:18 - 00364544 _____ C:\Windows\SysWOW64\PropertyGrid.ocx
2013-11-22 19:22 - 2011-09-28 09:18 - 00208500 _____ C:\Windows\SysWOW64\ReyXpBasics.tlb
2013-11-22 19:22 - 2011-09-28 09:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCFR.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00119568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6FR.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6STKIT.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00084512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PICCLP32.OCX
2013-11-22 19:22 - 2011-09-28 09:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CMDLGFR.DLL
2013-11-22 19:22 - 2011-09-28 09:18 - 00024576 _____ C:\Windows\SysWOW64\ControlSubX.ocx
2013-11-22 19:22 - 2011-09-28 09:18 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCCLPFR.DLL
2013-11-22 19:19 - 2013-11-22 19:21 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\dcunningham.net
2013-11-22 19:19 - 2013-11-22 19:21 - 00000000 ____D C:\Users\WTRYL\AppData\Local\dcunningham.net
2013-11-22 19:19 - 2013-11-22 19:19 - 00000000 ____D C:\Users\WTRYL\Documents\EncodeHD Log Files
2013-11-22 18:56 - 2013-11-22 18:56 - 00098810 _____ C:\Users\WTRYL\Documents_1131022_175635.dmp
2013-11-22 18:56 - 2013-11-22 18:56 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_175635_main.txt
2013-11-22 18:54 - 2013-11-22 18:54 - 00111043 _____ C:\Users\WTRYL\Documents_1131022_175430.dmp
2013-11-22 18:54 - 2013-11-22 18:54 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_175430_main.txt
2013-11-22 18:43 - 2013-11-22 18:43 - 00116964 _____ C:\Users\WTRYL\Documents_1131022_174353.dmp
2013-11-22 18:43 - 2013-11-22 18:43 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_174353_main.txt
2013-11-22 18:40 - 2013-11-22 18:40 - 00116428 _____ C:\Users\WTRYL\Documents_1131022_174035.dmp
2013-11-22 18:34 - 2013-12-09 21:28 - 00001296 _____ C:\Windows\Tasks\Plus-HD-4.9-updater.job
2013-11-22 18:34 - 2013-12-09 21:28 - 00001098 _____ C:\Windows\Tasks\Plus-HD-4.9-enabler.job
2013-11-22 18:34 - 2013-11-22 18:34 - 00004326 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-updater
2013-11-22 18:34 - 2013-11-22 18:34 - 00004128 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-enabler
2013-11-22 18:34 - 2013-11-22 18:34 - 00000550 _____ C:\Windows\VideoDownloader.INI
2013-11-22 18:33 - 2013-12-09 21:28 - 00001904 _____ C:\Windows\Tasks\Plus-HD-4.9-chromeinstaller.job
2013-11-22 18:33 - 2013-12-09 21:28 - 00001198 _____ C:\Windows\Tasks\Plus-HD-4.9-codedownloader.job
2013-11-22 18:33 - 2013-11-22 18:34 - 00000000 ____D C:\Program Files (x86)\Plus-HD-4.9
2013-11-22 18:33 - 2013-11-22 18:33 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-codedownloader
2013-11-22 18:31 - 2013-11-22 20:37 - 00000000 ____D C:\Program Files (x86)\iWisoft Free Video Downloader
2013-11-22 18:31 - 2013-11-22 18:31 - 03127375 _____ (www.iwisoft.com ) C:\Users\WTRYL\Desktop\flashvideodownloader.exe
2013-11-22 18:31 - 2013-11-22 18:31 - 00001047 _____ C:\Users\WTRYL\Desktop\iWisoft Free Video Downloader.lnk
2013-11-22 18:31 - 2013-11-22 18:31 - 00000000 ____D C:\Users\WTRYL\Documents\iWisoft Free Video Downloader
==================== One Month Modified Files and Folders =======
2013-12-09 23:19 - 2013-12-09 23:17 - 00020622 _____ C:\Users\WTRYL\Desktop\FRST.txt
2013-12-09 23:18 - 2013-12-09 22:48 - 00012600 _____ C:\ProgramData\7t7tde3.bxx
2013-12-09 23:16 - 2013-12-09 23:16 - 01927982 _____ (Farbar) C:\Users\WTRYL\Desktop\FRST64.exe
2013-12-09 23:16 - 2013-12-09 23:16 - 00000000 ____D C:\FRST
2013-12-09 23:11 - 2012-07-03 08:48 - 01383143 _____ C:\Windows\WindowsUpdate.log
2013-12-09 22:59 - 2012-07-04 12:25 - 00000000 ___RD C:\Users\WTRYL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-09 22:55 - 2013-12-09 22:55 - 00000000 ____D C:\Users\WTRYL\Desktop\Autoruns
2013-12-09 22:38 - 2009-07-14 05:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-09 22:38 - 2009-07-14 05:45 - 00019488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-09 22:36 - 2013-12-09 22:21 - 127231689 _____ (Igor Pavlov) C:\Users\WTRYL\Desktop\OTLPENet.exe
2013-12-09 22:31 - 2012-07-30 20:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-09 22:30 - 2013-12-09 22:18 - 00023558 _____ C:\Users\WTRYL\Desktop\Addition.txt
2013-12-09 22:21 - 2013-12-09 22:21 - 01191834 _____ C:\Users\WTRYL\Desktop\ProcessExplorer.zip
2013-12-09 22:20 - 2013-12-09 22:20 - 00550371 _____ C:\Users\WTRYL\Desktop\Autoruns.zip
2013-12-09 22:19 - 2013-12-09 22:19 - 00891184 _____ C:\Users\WTRYL\Desktop\SecurityCheck.exe
2013-12-09 22:18 - 2013-12-09 22:18 - 00602112 _____ (OldTimer Tools) C:\Users\WTRYL\Desktop\OTL.exe
2013-12-09 22:18 - 2013-12-09 22:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\WTRYL\Desktop\HijackThis.exe
2013-12-09 21:58 - 2012-07-30 20:21 - 00000000 ____D C:\Users\WTRYL\AppData\Local\Google
2013-12-09 21:58 - 2012-07-30 20:21 - 00000000 ____D C:\ProgramData\Google
2013-12-09 21:58 - 2012-07-30 20:21 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-09 21:28 - 2013-11-22 20:10 - 00000000 _____ C:\ProgramData\7t7tde3.fvv
2013-12-09 21:28 - 2013-11-22 18:34 - 00001296 _____ C:\Windows\Tasks\Plus-HD-4.9-updater.job
2013-12-09 21:28 - 2013-11-22 18:34 - 00001098 _____ C:\Windows\Tasks\Plus-HD-4.9-enabler.job
2013-12-09 21:28 - 2013-11-22 18:33 - 00001904 _____ C:\Windows\Tasks\Plus-HD-4.9-chromeinstaller.job
2013-12-09 21:28 - 2013-11-22 18:33 - 00001198 _____ C:\Windows\Tasks\Plus-HD-4.9-codedownloader.job
2013-12-09 21:28 - 2012-07-03 09:17 - 00030726 _____ C:\SUService.log
2013-12-09 21:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-09 21:27 - 2009-07-14 05:51 - 00056559 _____ C:\Windows\setupact.log
2013-11-22 20:48 - 2012-07-03 12:01 - 00000000 ____D C:\Program Files (x86)\OfficeScan NT
2013-11-22 20:37 - 2013-11-22 18:31 - 00000000 ____D C:\Program Files (x86)\iWisoft Free Video Downloader
2013-11-22 20:15 - 2012-03-27 16:01 - 00741832 _____ C:\Windows\system32\prfh0816.dat
2013-11-22 20:15 - 2012-03-27 16:01 - 00159494 _____ C:\Windows\system32\prfc0816.dat
2013-11-22 20:15 - 2012-03-27 15:42 - 00726620 _____ C:\Windows\system32\prfh0416.dat
2013-11-22 20:15 - 2012-03-27 15:42 - 00154086 _____ C:\Windows\system32\prfc0416.dat
2013-11-22 20:15 - 2012-03-27 15:26 - 00756010 _____ C:\Windows\system32\perfh013.dat
2013-11-22 20:15 - 2012-03-27 15:26 - 00159522 _____ C:\Windows\system32\perfc013.dat
2013-11-22 20:15 - 2012-03-27 15:05 - 00442216 _____ C:\Windows\system32\perfh012.dat
2013-11-22 20:15 - 2012-03-27 15:05 - 00127088 _____ C:\Windows\system32\perfc012.dat
2013-11-22 20:15 - 2012-03-27 14:45 - 00430622 _____ C:\Windows\system32\perfh011.dat
2013-11-22 20:15 - 2012-03-27 14:45 - 00128800 _____ C:\Windows\system32\perfc011.dat
2013-11-22 20:15 - 2012-03-27 14:30 - 00752832 _____ C:\Windows\system32\perfh010.dat
2013-11-22 20:15 - 2012-03-27 14:30 - 00153394 _____ C:\Windows\system32\perfc010.dat
2013-11-22 20:15 - 2012-03-27 14:17 - 00758296 _____ C:\Windows\system32\perfh00C.dat
2013-11-22 20:15 - 2012-03-27 14:17 - 00155898 _____ C:\Windows\system32\perfc00C.dat
2013-11-22 20:15 - 2012-03-27 14:06 - 00758140 _____ C:\Windows\system32\perfh00A.dat
2013-11-22 20:15 - 2012-03-27 14:06 - 00164930 _____ C:\Windows\system32\perfc00A.dat
2013-11-22 20:15 - 2012-03-27 13:54 - 00717750 _____ C:\Windows\system32\perfh007.dat
2013-11-22 20:15 - 2012-03-27 13:54 - 00155522 _____ C:\Windows\system32\perfc007.dat
2013-11-22 20:15 - 2009-07-14 06:13 - 08243856 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 20:10 - 2013-11-22 20:10 - 00208896 _____ (Корпорация Майкрософт) C:\ProgramData\3edt7t7.dss
2013-11-22 20:10 - 2013-11-22 20:10 - 00095850 _____ C:\Users\WTRYL\Documents_1131022_191025.dmp
2013-11-22 20:10 - 2013-11-22 20:10 - 00060520 ____T (Microsoft Corporation) C:\ProgramData\7t7tde3.pss
2013-11-22 20:10 - 2013-11-22 20:10 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_191025_main.txt
2013-11-22 20:10 - 2012-07-04 12:24 - 00000000 ____D C:\Users\WTRYL
2013-11-22 19:32 - 2012-07-30 20:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-22 19:32 - 2012-07-30 20:21 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-22 19:32 - 2012-07-30 20:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-22 19:26 - 2013-11-22 19:26 - 00093062 _____ C:\Users\WTRYL\Documents_1131022_182611.dmp
2013-11-22 19:26 - 2013-11-22 19:26 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_182611_main.txt
2013-11-22 19:22 - 2013-11-22 19:22 - 00001081 _____ C:\Users\WTRYL\Desktop\Free FLV Converter.lnk
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\FreeFLVConverter
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Windows Searchqu Toolbar
2013-11-22 19:22 - 2013-11-22 19:22 - 00000000 ____D C:\Program Files (x86)\Free FLV Converter
2013-11-22 19:21 - 2013-11-22 19:19 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\dcunningham.net
2013-11-22 19:21 - 2013-11-22 19:19 - 00000000 ____D C:\Users\WTRYL\AppData\Local\dcunningham.net
2013-11-22 19:19 - 2013-11-22 19:19 - 00000000 ____D C:\Users\WTRYL\Documents\EncodeHD Log Files
2013-11-22 18:56 - 2013-11-22 18:56 - 00098810 _____ C:\Users\WTRYL\Documents_1131022_175635.dmp
2013-11-22 18:56 - 2013-11-22 18:56 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_175635_main.txt
2013-11-22 18:54 - 2013-11-22 18:54 - 00111043 _____ C:\Users\WTRYL\Documents_1131022_175430.dmp
2013-11-22 18:54 - 2013-11-22 18:54 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_175430_main.txt
2013-11-22 18:50 - 2010-11-21 04:47 - 00036830 _____ C:\Windows\PFRO.log
2013-11-22 18:43 - 2013-11-22 18:43 - 00116964 _____ C:\Users\WTRYL\Documents_1131022_174353.dmp
2013-11-22 18:43 - 2013-11-22 18:43 - 00000471 _____ C:\Users\WTRYL\Documents_1131022_174353_main.txt
2013-11-22 18:40 - 2013-11-22 18:40 - 00116428 _____ C:\Users\WTRYL\Documents_1131022_174035.dmp
2013-11-22 18:34 - 2013-11-22 18:34 - 00004326 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-updater
2013-11-22 18:34 - 2013-11-22 18:34 - 00004128 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-enabler
2013-11-22 18:34 - 2013-11-22 18:34 - 00000550 _____ C:\Windows\VideoDownloader.INI
2013-11-22 18:34 - 2013-11-22 18:33 - 00000000 ____D C:\Program Files (x86)\Plus-HD-4.9
2013-11-22 18:33 - 2013-11-22 18:33 - 00004228 _____ C:\Windows\System32\Tasks\Plus-HD-4.9-codedownloader
2013-11-22 18:31 - 2013-11-22 18:31 - 03127375 _____ (www.iwisoft.com ) C:\Users\WTRYL\Desktop\flashvideodownloader.exe
2013-11-22 18:31 - 2013-11-22 18:31 - 00001047 _____ C:\Users\WTRYL\Desktop\iWisoft Free Video Downloader.lnk
2013-11-22 18:31 - 2013-11-22 18:31 - 00000000 ____D C:\Users\WTRYL\Documents\iWisoft Free Video Downloader
2013-11-22 18:25 - 2012-07-04 12:26 - 00000000 ____D C:\Users\WTRYL\AppData\Roaming\SAP
2013-11-22 18:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-22 18:14 - 2009-07-14 05:45 - 00419416 _____ C:\Windows\system32\FNTCACHE.DAT
Files to move or delete:
====================
C:\ProgramData\3edt7t7.dss
C:\ProgramData\7t7tde3.bxx
C:\ProgramData\7t7tde3.fvv
C:\ProgramData\7t7tde3.pss
Some content of TEMP:
====================
C:\Users\WTRYL\AppData\Local\Temp\0710.dll
C:\Users\WTRYL\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\WTRYL\AppData\Local\Temp\IMsetup.exe
C:\Users\WTRYL\AppData\Local\Temp\installhelper.dll
C:\Users\WTRYL\AppData\Local\Temp\lx1sngha.dll
C:\Users\WTRYL\AppData\Local\Temp\plus-hd-4-9.exe
C:\Users\WTRYL\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\WTRYL\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\WTRYL\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2012-09-28 13:43
==================== End Of Log ============================
--- --- --- --- --- --- |
|
12.12.2013, 10:15
| #10 |
| /// the machine /// TB-Ausbilder | Interpol Virus eingefangen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\lyrtw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t7tde3.lnk
ShortcutTarget: 7t7tde3.lnk -> C:\ProgramData\3edt7t7.dss (Корпорация Майкрософт)
C:\ProgramData\3edt7t7.dss
C:\ProgramData\7t7tde3.bxx
C:\ProgramData\7t7tde3.fvv
C:\ProgramData\7t7tde3.pss
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Rechner sollte sich normal ohne Probleme starten lassen, dann so weiter: Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.12.2013, 20:44
| #11 |
| | Interpol Virus eingefangen Vielen Dank, scheint funktioniert zu haben  Anbei das FSRT Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-12-2013 02
Ran by LYRTW at 2013-12-16 20:32:22 Run:1
Running from C:\Users\xxxx\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Startup: C:\Users\lyrtw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t7tde3.lnk
ShortcutTarget: 7t7tde3.lnk -> C:\ProgramData\3edt7t7.dss (?????????? ??????????)
C:\ProgramData\3edt7t7.dss
C:\ProgramData\7t7tde3.bxx
C:\ProgramData\7t7tde3.fvv
C:\ProgramData\7t7tde3.pss
*****************
C:\Users\xxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7t7tde3.lnk => Moved successfully.
C:\ProgramData\3edt7t7.dss => Moved successfully.
"C:\ProgramData\3edt7t7.dss" => File/Directory not found.
C:\ProgramData\7t7tde3.bxx => Moved successfully.
Could not move "C:\ProgramData\7t7tde3.fvv" => Scheduled to move on reboot.
C:\ProgramData\7t7tde3.pss => Moved successfully.
|
|
17.12.2013, 10:42
| #12 |
| /// the machine /// TB-Ausbilder | Interpol Virus eingefangen dann wie oben beschrieben weiter 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Interpol Virus eingefangen |
| .dll, abgesicherter modus funktioniert nicht, association, check, code, explorer.exe, free, gen, icon, interpol, log, not, ram, rechner, recovery, registry, service, services, services.exe, software, svchost.exe, system, system32, tool, version, virus, virus 100€ zahlen, windows, winlogon.exe |
Linear-Darstellung
