Today I got an email from the university admin that my account was blocked because of a possible virus infection.
It says the following in the Email:
> Type: Unapproved Client
> Rule: Trojan.Bifrose Variants
> Severity: 5
> Client: 192.17.110.9
> Server: 69.65.19.117
> Service: TCP/8080
The only thing I could imagine with my little experience is maybe a XSS attack because I know that I haven't downloaded anything (I suppose).
I'm on a Windows 7x64 System and I'm using Chrome. My AntiVirus program is Sophos.
Thanks in advance.
My OTL logfile
OTL logfile created on: 3/8/2011 11:26:11 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Johannes\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 40.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118.07 Gb Total Space | 22.39 Gb Free Space | 18.96% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 107.33 Gb Free Space | 23.04% Space Free | Partition Type: NTFS
Drive E: | 3.75 Gb Total Space | 1.43 Gb Free Space | 38.09% Space Free | Partition Type: FAT32
My OTL log file.
Computer Name: T410S | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/03/08 11:13:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Downloads\OTL.exe
PRC - [2011/02/18 17:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011/01/28 15:49:15 | 001,541,360 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011/01/28 15:47:18 | 000,334,576 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavProgress.exe
PRC - [2011/01/28 15:44:55 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011/01/28 15:41:38 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011/01/25 17:42:10 | 000,083,440 | ---- | M] (Google) -- C:\Users\Johannes\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/01/20 03:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011/01/13 10:27:38 | 007,447,040 | ---- | M] () -- C:\Program Files (x86)\Mendeley Desktop\MendeleyDesktop.exe
PRC - [2011/01/07 22:09:32 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2010/12/16 03:40:00 | 000,057,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2010/09/30 13:08:30 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
PRC - [2010/09/30 13:08:30 | 000,230,640 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
PRC - [2010/09/17 17:52:56 | 000,402,792 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2010/09/17 17:51:10 | 000,357,736 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2010/09/17 17:50:54 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2010/09/17 17:50:48 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/07/30 01:07:50 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2010/07/27 14:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2010/07/27 14:51:54 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2010/07/27 14:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe
PRC - [2010/07/27 02:05:02 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010/07/04 13:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2010/06/27 22:58:18 | 001,616,488 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/06/15 02:55:52 | 000,039,936 | ---- | M] (The PHP Group) -- C:\Program Files\Genie-Soft\Genie Timeline\x86\WebServer\PHP\php-cgi.exe
PRC - [2010/06/15 02:53:48 | 001,417,216 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\x86\WebServer\nginx\GSTimeLineSearch.exe
PRC - [2010/05/30 14:26:38 | 003,239,424 | ---- | M] (TeXnicCenter.org) -- C:\Program Files (x86)\TeXnicCenter Alpha\TeXnicCenter.exe
PRC - [2010/05/02 21:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/05/02 21:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/04/25 22:46:34 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2010/04/06 23:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010/04/06 23:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/04/06 21:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2010/03/31 23:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010/03/23 13:22:46 | 001,549,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/11/23 22:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/08/26 16:32:16 | 000,816,440 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe
PRC - [2009/05/27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/03/05 01:28:28 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2008/01/10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (SafeList) ==========
MOD - [2011/03/08 11:13:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Downloads\OTL.exe
MOD - [2011/02/03 10:44:42 | 000,234,408 | ---- | M] (Sophos Plc) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll
MOD - [2010/11/20 05:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2010/06/27 19:51:00 | 000,101,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvinit.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/01/11 09:25:22 | 000,468,096 | ---- | M] (Genie-Soft) [Auto | Running] -- C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService)
SRV:64bit: - [2010/12/03 11:00:54 | 000,114,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV:64bit: - [2010/11/12 18:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2010/10/19 14:51:44 | 001,430,288 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/10/19 14:29:38 | 000,838,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/10/07 23:18:46 | 000,697,616 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV:64bit: - [2010/10/07 23:18:46 | 000,056,592 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV:64bit: - [2010/10/07 23:18:44 | 000,957,712 | ---- | M] () [Auto | Running] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV:64bit: - [2010/07/27 14:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV:64bit: - [2010/07/27 14:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV:64bit: - [2010/06/16 14:44:38 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010/04/06 23:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV:64bit: - [2010/04/06 23:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV:64bit: - [2010/04/06 21:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV:64bit: - [2009/10/02 18:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/09/29 18:25:48 | 000,126,392 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011/02/18 17:09:02 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011/01/28 15:49:15 | 001,541,360 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/01/28 15:44:55 | 000,097,520 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/01/28 15:41:38 | 000,163,056 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/12/16 03:40:00 | 000,155,496 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2010/12/16 03:40:00 | 000,079,208 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010/09/30 13:08:30 | 000,230,640 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010/09/17 17:50:54 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010/09/17 17:50:48 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/06/27 22:58:18 | 001,616,488 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/05/02 21:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/05/02 21:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/10 13:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/02/08 18:11:46 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/02/08 18:11:46 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/02/08 18:11:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/02/08 18:11:46 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/01/29 17:42:27 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/01/28 15:48:14 | 000,142,328 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\SysNative\drivers\savonaccess.sys -- (SAVOnAccess)
DRV:64bit: - [2011/01/28 15:41:06 | 000,025,608 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV:64bit: - [2011/01/13 11:21:28 | 000,166,656 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010/12/16 03:40:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2010/12/16 03:40:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010/12/13 15:55:56 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020101}_0)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/12 18:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010/10/18 02:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/10/14 19:26:48 | 001,395,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/10/14 03:04:06 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2010/09/22 13:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/09/07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010/09/02 01:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2010/09/02 01:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2010/08/30 04:17:36 | 000,289,280 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/08/25 12:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/25 10:46:18 | 000,682,624 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/07/22 10:39:10 | 000,295,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/06/16 14:44:38 | 000,136,816 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2010/06/16 14:44:38 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/03/17 23:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2010/03/03 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/12/15 00:03:50 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/29 18:25:50 | 000,012,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/24 05:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2009/09/16 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/01 20:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/13 15:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com/welcome/thinkpad
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/02/16 12:15:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/28 11:30:29 | 000,000,000 | ---D | M]
[2011/02/16 12:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\Mozilla\Extensions
[2011/02/16 12:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\x5b040eu.default\extensions
[2011/02/24 10:07:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/24 10:07:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[1999/12/31 17:00:00 | 000,166,168 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
[2010/12/13 06:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchddr.xml
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - File not found
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [Genie TimeLine Tray] C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe (Genie-soft)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 130.126.2.131
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/08 10:53:36 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/03/08 10:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/03/08 10:18:17 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Malwarebytes
[2011/03/08 10:18:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/03/08 10:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/08 10:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/08 10:18:08 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/03/08 10:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/03/07 00:55:51 | 000,000,000 | ---D | C] -- C:\.Trash-1000
[2011/03/06 17:29:24 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\DCIM
[2011/03/06 12:56:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/03/06 12:55:52 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/03/06 12:55:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/03/06 12:55:16 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\HTC
[2011/03/06 12:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2011/03/06 12:50:32 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011/03/06 12:50:14 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011/03/06 12:14:12 | 000,166,656 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\SysNative\drivers\5U877.sys
[2011/03/06 12:14:12 | 000,142,848 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\SysNative\5U877.ax
[2011/03/06 12:14:12 | 000,126,976 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\SysWow64\5U877.ax
[2011/03/06 12:14:12 | 000,123,392 | ---- | C] (Ricoh co.,Ltd.) -- C:\Windows\SysNative\5U877.dll
[2011/03/05 16:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/05 16:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/05 16:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/05 16:27:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/02/28 11:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pdftk4all
[2011/02/28 11:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdftk4all
[2011/02/26 11:54:32 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2011/02/26 11:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2011/02/26 11:54:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SopCast
[2011/02/24 10:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/02/24 10:07:14 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/02/20 14:23:12 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced Port Scanner
[2011/02/20 14:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Port Scanner
[2011/02/20 14:23:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced Port Scanner
[2011/02/18 12:30:54 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\UltraVNC
[2011/02/18 12:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
[2011/02/18 12:30:36 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC
[2011/02/17 16:43:30 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Eclipse
[2011/02/17 16:42:29 | 000,000,000 | ---D | C] -- C:\Users\Johannes\workspace
[2011/02/17 15:47:02 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\PwrMgr
[2011/02/16 12:15:37 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Mozilla
[2011/02/16 12:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/02/15 11:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/02/15 11:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/02/15 11:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/02/15 11:52:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/02/15 11:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/02/15 11:51:54 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Microsoft Help
[2011/02/15 11:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/02/15 11:51:50 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/02/15 09:04:48 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Team_MediaPortal
[2011/02/14 19:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axantum AxCrypt
[2011/02/14 19:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Axantum
[2011/02/14 11:13:03 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2011/02/13 15:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2011/02/13 15:53:34 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2011/02/13 15:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Haali
[2011/02/12 19:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/02/12 19:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow x64
[2011/02/12 19:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2011/02/12 18:47:16 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\StreamedMP_Team
[2011/02/12 16:11:05 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\assembly
[2011/02/12 15:35:53 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\My Playlists
[2011/02/12 15:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Team MediaPortal
[2011/02/12 15:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Team MediaPortal
[2011/02/12 15:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Team MediaPortal
[2011/02/11 20:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/02/11 19:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Yammm
[2011/02/11 19:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\Ember Media Manager
[2011/02/11 19:27:22 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TV Rename
[2011/02/11 19:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV Rename
[2011/02/11 19:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ember Media Manager
[2011/02/11 19:16:08 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Documents\theRenamer
[2011/02/11 19:16:08 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\theRenamer
[2011/02/11 19:16:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\theRenamer
[2011/02/11 10:11:41 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Local\Windows Live
[2011/02/09 16:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Genie-Soft
[2011/02/09 16:43:15 | 000,000,000 | R--D | C] -- C:\Users\Johannes\Desktop\No-Backup Zone
[2011/02/09 16:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genie-Soft
[2011/02/09 16:41:54 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Genie-Soft
[2011/02/09 16:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Genie-Soft
[2011/02/09 15:47:50 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011/02/09 15:47:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[12 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/03/08 11:23:15 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/03/08 10:53:36 | 000,002,991 | ---- | M] () -- C:\Users\Johannes\Desktop\HiJackThis.lnk
[2011/03/08 10:40:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2886484922-2802190385-2356020469-1001UA.job
[2011/03/08 10:18:12 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/08 10:09:51 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/08 10:09:51 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/08 10:08:53 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/08 10:08:53 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/08 10:08:53 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/08 10:02:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/08 10:02:19 | 3060,535,296 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/06 13:06:43 | 000,369,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/03/06 12:55:04 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2011/03/06 12:18:50 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/03/05 17:40:33 | 000,005,120 | ---- | M] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/05 16:27:56 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/01 00:25:36 | 000,014,682 | ---- | M] () -- C:\Users\Johannes\Desktop\Media Companion.exe - Shortcut.lnk
[2011/02/28 13:36:42 | 004,860,221 | ---- | M] () -- C:\Users\Johannes\Desktop\Lohnsteuerbescheid_2009.pdf
[2011/02/28 11:37:16 | 002,051,834 | ---- | M] () -- C:\Users\Johannes\Desktop\Formblatt_3_Mutter.pdf
[2011/02/28 11:21:15 | 000,000,968 | ---- | M] () -- C:\Users\Johannes\Desktop\pdftk4all.lnk
[2011/02/27 16:13:58 | 001,587,003 | ---- | M] () -- C:\Users\Johannes\Desktop\Anlage_1_zu_Formblatt_1.jpg
[2011/02/27 14:18:09 | 000,298,274 | ---- | M] () -- C:\Users\Johannes\Desktop\Formblatt_1_Seite_4.jpg
[2011/02/27 14:17:39 | 000,303,552 | ---- | M] () -- C:\Users\Johannes\Desktop\Einladungsschreiben.jpg
[2011/02/27 14:17:09 | 000,306,514 | ---- | M] () -- C:\Users\Johannes\Desktop\Vollmacht.jpg
[2011/02/27 14:16:32 | 000,306,514 | ---- | M] () -- C:\Users\Johannes\Documents\IMAG0173.jpg
[2011/02/26 11:54:32 | 000,001,006 | ---- | M] () -- C:\Users\Johannes\Desktop\SopCast.lnk
[2011/02/20 14:29:32 | 000,000,600 | ---- | M] () -- C:\Users\Johannes\AppData\Local\PUTTY.RND
[2011/02/18 12:30:37 | 000,000,776 | ---- | M] () -- C:\Users\Johannes\Desktop\UltraVNC Viewer.lnk
[2011/02/17 12:15:55 | 000,458,221 | ---- | M] () -- C:\Users\Johannes\Desktop\scan.pdf
[2011/02/17 11:44:04 | 005,183,893 | ---- | M] () -- C:\Users\Johannes\Desktop\FB1.pdf
[2011/02/17 11:42:52 | 002,363,985 | ---- | M] () -- C:\Users\Johannes\Desktop\FB6.pdf
[2011/02/16 16:32:33 | 000,065,988 | ---- | M] () -- C:\Users\Johannes\Desktop\182028_201220043225373_100000121350787_877903_4191934_n.jpg
[2011/02/16 12:15:34 | 000,001,978 | ---- | M] () -- C:\Users\Johannes\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/16 12:15:34 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/15 00:46:09 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/02/12 19:16:41 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/02/12 15:30:16 | 000,002,240 | ---- | M] () -- C:\Users\Public\Desktop\MediaPortal Extension Installer.lnk
[2011/02/12 15:30:16 | 000,002,235 | ---- | M] () -- C:\Users\Public\Desktop\MediaPortal Configuration.lnk
[2011/02/12 15:30:16 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\MediaPortal.lnk
[2011/02/11 19:16:08 | 000,001,046 | ---- | M] () -- C:\Users\Johannes\Desktop\theRenamer.lnk
[2011/02/09 16:50:35 | 148,164,515 | RHS- | M] () -- C:\GenieTimelineDR.wim
[2011/02/08 18:12:44 | 000,000,890 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/02/08 11:46:12 | 000,951,632 | ---- | M] () -- C:\Users\Johannes\Desktop\bachelorthesis_final.pdf
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[12 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/03/08 10:53:36 | 000,002,991 | ---- | C] () -- C:\Users\Johannes\Desktop\HiJackThis.lnk
[2011/03/08 10:18:12 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/06 12:55:04 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2011/03/06 12:51:14 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011/03/06 12:49:58 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011/03/06 12:49:47 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011/03/06 12:49:47 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011/03/06 12:49:37 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011/03/06 12:49:36 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2011/03/05 16:27:56 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/01 00:25:36 | 000,014,682 | ---- | C] () -- C:\Users\Johannes\Desktop\Media Companion.exe - Shortcut.lnk
[2011/02/28 11:37:09 | 002,051,834 | ---- | C] () -- C:\Users\Johannes\Desktop\Formblatt_3_Mutter.pdf
[2011/02/28 11:21:15 | 000,000,968 | ---- | C] () -- C:\Users\Johannes\Desktop\pdftk4all.lnk
[2011/02/27 16:13:59 | 001,587,003 | ---- | C] () -- C:\Users\Johannes\Desktop\Anlage_1_zu_Formblatt_1.jpg
[2011/02/27 14:28:33 | 004,860,221 | ---- | C] () -- C:\Users\Johannes\Desktop\Lohnsteuerbescheid_2009.pdf
[2011/02/27 14:16:32 | 000,306,514 | ---- | C] () -- C:\Users\Johannes\Documents\IMAG0173.jpg
[2011/02/27 14:10:22 | 000,298,274 | ---- | C] () -- C:\Users\Johannes\Desktop\Formblatt_1_Seite_4.jpg
[2011/02/27 14:07:51 | 000,303,552 | ---- | C] () -- C:\Users\Johannes\Desktop\Einladungsschreiben.jpg
[2011/02/27 14:07:33 | 000,306,514 | ---- | C] () -- C:\Users\Johannes\Desktop\Vollmacht.jpg
[2011/02/26 11:54:32 | 000,001,006 | ---- | C] () -- C:\Users\Johannes\Desktop\SopCast.lnk
[2011/02/20 14:29:32 | 000,000,600 | ---- | C] () -- C:\Users\Johannes\AppData\Local\PUTTY.RND
[2011/02/18 12:30:37 | 000,000,776 | ---- | C] () -- C:\Users\Johannes\Desktop\UltraVNC Viewer.lnk
[2011/02/17 12:16:01 | 000,458,221 | ---- | C] () -- C:\Users\Johannes\Desktop\scan.pdf
[2011/02/17 11:43:54 | 005,183,893 | ---- | C] () -- C:\Users\Johannes\Desktop\FB1.pdf
[2011/02/17 11:42:47 | 002,363,985 | ---- | C] () -- C:\Users\Johannes\Desktop\FB6.pdf
[2011/02/16 16:32:36 | 000,065,988 | ---- | C] () -- C:\Users\Johannes\Desktop\182028_201220043225373_100000121350787_877903_4191934_n.jpg
[2011/02/16 12:15:34 | 000,001,978 | ---- | C] () -- C:\Users\Johannes\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/16 12:15:34 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/12 19:16:41 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/02/12 19:07:00 | 000,092,672 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2011/02/12 15:30:16 | 000,002,240 | ---- | C] () -- C:\Users\Public\Desktop\MediaPortal Extension Installer.lnk
[2011/02/12 15:30:16 | 000,002,235 | ---- | C] () -- C:\Users\Public\Desktop\MediaPortal Configuration.lnk
[2011/02/12 15:30:16 | 000,002,193 | ---- | C] () -- C:\Users\Public\Desktop\MediaPortal.lnk
[2011/02/11 19:16:08 | 000,001,046 | ---- | C] () -- C:\Users\Johannes\Desktop\theRenamer.lnk
[2011/02/09 16:50:57 | 148,164,515 | RHS- | C] () -- C:\GenieTimelineDR.wim
[2011/02/08 11:45:50 | 000,951,632 | ---- | C] () -- C:\Users\Johannes\Desktop\bachelorthesis_final.pdf
[2011/02/02 12:37:39 | 000,005,120 | ---- | C] () -- C:\Users\Johannes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/26 17:30:00 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/01/26 06:25:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/14 03:06:00 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/10/14 03:06:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/10/14 03:06:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/10/14 03:05:59 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/10/04 08:23:40 | 000,026,355 | ---- | C] () -- C:\Users\Johannes\AppData\Local\TemptmpE4C6.jpg
[2010/10/04 08:23:40 | 000,026,355 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp8B3E.jpg
[2010/10/04 08:23:40 | 000,026,355 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp724D.jpg
[2010/10/04 08:23:40 | 000,026,355 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp1393.jpg
[2010/10/04 08:23:10 | 000,029,504 | ---- | C] () -- C:\Users\Johannes\AppData\Local\TemptmpE4D8.jpg
[2010/10/04 08:23:10 | 000,029,504 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp8B5F.jpg
[2010/10/04 08:23:10 | 000,029,504 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp726E.jpg
[2010/10/04 08:23:10 | 000,029,504 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp13A5.jpg
[2010/10/04 08:22:50 | 000,024,919 | ---- | C] () -- C:\Users\Johannes\AppData\Local\TemptmpE4C7.jpg
[2010/10/04 08:22:50 | 000,024,919 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp8B4E.jpg
[2010/10/04 08:22:50 | 000,024,919 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp725D.jpg
[2010/10/04 08:22:50 | 000,024,919 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp13A4.jpg
[2010/10/04 08:22:22 | 000,028,305 | ---- | C] () -- C:\Users\Johannes\AppData\Local\TemptmpE4D9.jpg
[2010/10/04 08:22:22 | 000,028,305 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp8B6F.jpg
[2010/10/04 08:22:22 | 000,028,305 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp726F.jpg
[2010/10/04 08:22:22 | 000,028,305 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp13B5.jpg
[2010/10/03 12:49:18 | 000,011,057 | ---- | C] () -- C:\Users\Johannes\AppData\Local\TemptmpE51C.jpg
[2010/10/03 12:49:18 | 000,011,057 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp8BA3.jpg
[2010/10/03 12:49:18 | 000,011,057 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp72C2.jpg
[2010/10/03 12:49:18 | 000,011,057 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp13E9.jpg
[2010/10/03 12:49:08 | 000,016,965 | ---- | C] () -- C:\Users\Johannes\AppData\Local\TemptmpE50B.jpg
[2010/10/03 12:49:08 | 000,016,965 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp8B93.jpg
[2010/10/03 12:49:08 | 000,016,965 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp72B1.jpg
[2010/10/03 12:49:08 | 000,016,965 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp13E8.jpg
[2010/10/03 12:29:22 | 000,022,777 | ---- | C] () -- C:\Users\Johannes\AppData\Local\TemptmpE50A.jpg
[2010/10/03 12:29:22 | 000,022,777 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp8B92.jpg
[2010/10/03 12:29:22 | 000,022,777 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp72A1.jpg
[2010/10/03 12:29:22 | 000,022,777 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp13D7.jpg
[2010/10/03 12:27:28 | 000,029,169 | ---- | C] () -- C:\Users\Johannes\AppData\Local\TemptmpE4EA.jpg
[2010/10/03 12:27:28 | 000,029,169 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp8B81.jpg
[2010/10/03 12:27:28 | 000,029,169 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp7290.jpg
[2010/10/03 12:27:28 | 000,029,169 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp13C7.jpg
[2010/10/03 12:25:40 | 000,021,000 | ---- | C] () -- C:\Users\Johannes\AppData\Local\TemptmpE4E9.jpg
[2010/10/03 12:25:40 | 000,021,000 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp8B80.jpg
[2010/10/03 12:25:40 | 000,021,000 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp7280.jpg
[2010/10/03 12:25:40 | 000,021,000 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp13B6.jpg
[2010/09/22 20:38:30 | 000,005,818 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp22C0.png
[2010/04/14 16:20:48 | 000,030,673 | ---- | C] () -- C:\Users\Johannes\AppData\Local\TemptmpE4B5.png
[2010/04/14 16:20:48 | 000,030,673 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp8B3D.png
[2010/04/14 16:20:48 | 000,030,673 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp723C.png
[2010/04/14 16:20:48 | 000,030,673 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp1382.png
[2010/03/09 22:41:06 | 000,064,162 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp392E.png
[2010/03/06 19:47:46 | 000,006,139 | ---- | C] () -- C:\Users\Johannes\AppData\Local\TemptmpF3F0.png
[2010/01/20 13:04:20 | 000,013,040 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp1A2A.png
[2009/11/11 15:33:40 | 000,102,689 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp392F.png
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 15:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 15:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 15:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/05 17:29:12 | 000,211,758 | ---- | C] () -- C:\Users\Johannes\AppData\Local\TemptmpC492.png
[2009/04/05 17:29:12 | 000,211,758 | ---- | C] () -- C:\Users\Johannes\AppData\Local\Temptmp9E63.png
========== LOP Check ==========
[2011/02/03 11:27:37 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\AcWizard
[2011/01/29 17:43:18 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\DAEMON Tools Lite
[2011/02/09 16:43:12 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Genie-Soft
[2011/03/06 12:55:49 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HTC
[2011/03/06 12:55:52 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/01/26 06:16:22 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Lenovo
[2011/02/17 15:47:02 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\PwrMgr
[2011/01/31 17:32:00 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\QcWizard
[2011/02/03 11:30:02 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Subversion
[2011/01/30 18:19:45 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\TeamViewer
[2011/01/26 16:55:14 | 000,000,000 | ---D | M] -- C:\Users\Johannes\AppData\Roaming\Update
[2011/03/06 12:18:50 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/03/05 19:07:05 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/03/08 11:23:15 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2011/02/28 11:39:50 | 002,048,247 | ---- | M] ()(C:\Users\Johannes\Desktop\Formblatt_3_Vater ?gpj.pdf) -- C:\Users\Johannes\Desktop\Formblatt_3_Vater gpj.pdf
[2011/02/27 16:31:31 | 002,048,247 | ---- | C] ()(C:\Users\Johannes\Desktop\Formblatt_3_Vater ?gpj.pdf) -- C:\Users\Johannes\Desktop\Formblatt_3_Vater gpj.pdf
[2011/02/16 16:33:42 | 000,080,870 | ---- | C] ()(C:\Users\Johannes\Desktop\181896_199258163418528_100000030379262_772806_791696_n ?3pm.jpg) -- C:\Users\Johannes\Desktop\181896_199258163418528_100000030379262_772806_791696_n 3pm.jpg
[2011/02/16 16:33:40 | 000,080,870 | ---- | M] ()(C:\Users\Johannes\Desktop\181896_199258163418528_100000030379262_772806_791696_n ?3pm.jpg) -- C:\Users\Johannes\Desktop\181896_199258163418528_100000030379262_772806_791696_n 3pm.jpg
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\Johannes\Documents\PortoSeguro.dmsd:Roxio EMC Stream
< End of report >
Sign In
Create Account
