Trojaner-Board - BKA Trojaner -.-

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2013

Ran by kiviis (administrator) on 25-07-2013 15:01:42

Running from G:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard

Internet Explorer Version 9

Boot Mode: Normal
 

==================== Processes (Whitelisted) =================
 

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

(AMD) C:\Windows\system32\atiesrxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

(AMD) C:\Windows\system32\atieclxx.exe

(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

() C:\Program Files (x86)\XSManager\WTGService.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTSched.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe

() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

(Yuna Software) C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe

(Creative Technology Ltd.) C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-08] (IDT, Inc.)

HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [Creative SB Monitoring Utility] - RunDll32 sbavmon.dll,SBAVMonitor [x]

HKCU\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe [1475584 2010-11-21] (Microsoft Corporation)

HKCU\...\Run: [Linkury Chrome Smartbar] - C:\Program Files (x86)\Linkury\Linkury.exe [103224 2011-08-25] (Linkury)

HKCU\...\Run: [Steam] - C:\Program Files (x86)\Valve\Steam\steam.exe [1610664 2013-06-13] (Valve Corporation)

HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59872 2012-12-17] (Apple Inc.)

HKCU\...\Run: [CreativeTaskScheduler] - C:\Program Files (x86)\Creative\Shared Files\CTSched.exe [53341 2006-11-17] (Creative Technology Ltd)

HKCU\...\Run: [Facebook Update] - C:\Users\kiviis\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-10-17] (Facebook Inc.)

HKCU\...\Run: [Creative Software Update] - C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [623416 2009-06-19] (Creative Technology Ltd)

MountPoints2: {0d8e388f-ecbb-11e2-9985-101f74c3dcd0} - G:\HTC_Sync_Manager_PC.exe

MountPoints2: {8b1e62f9-71b1-11e1-9b8f-101f74c3dcd0} - G:\autorun.exe

MountPoints2: {f6b8465d-f959-11e0-9c1e-101f74c3dcd0} - G:\.\autorun.exe

HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-05-08] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)

HKLM-x32\...\Run: [] -  [x]

HKLM-x32\...\Run: [HPQuickWebProxy] - "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [168504 2011-06-28] (Hewlett-Packard Company)

HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586808 2011-04-08] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [x]

HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [PlusService] - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2011-09-07] (Yuna Software)

HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-12] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [starter4g] - C:\Windows\starter4g.exe [x]

HKLM-x32\...\Run: [VolPanel] - "C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe" /r [241789 2010-02-18] (Creative Technology Ltd)

HKLM-x32\...\Run: [Module Loader] - C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun [57344 2007-07-23] (Creative Technology Ltd.)

HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

Startup: C:\Users\kiviis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk

ShortcutTarget: regmonstd.lnk -> C:\Users\kiviis\AppData\Local\Temp\b34btbztdb0vavaw.exe ()
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://facebook.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKLM - {42218EA0-A1A3-4FAE-BBF7-7482498E8022} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKLM-x32 - {42218EA0-A1A3-4FAE-BBF7-7482498E8022} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

SearchScopes: HKCU - {42218EA0-A1A3-4FAE-BBF7-7482498E8022} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}

BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)

BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 212.23.115.132 212.23.115.148
 

FireFox:

========

FF ProfilePath: C:\Users\kiviis\AppData\Roaming\Mozilla\Firefox\Profiles\vdy5otns.default

FF Homepage: hxxp://www.facebook.com/

FF NetworkProxy: "no_proxies_on", "*.local"

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\kiviis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\kiviis\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-10] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-10] (Avira Operations GmbH & Co. KG)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-10-29] ()

R2 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329168 2010-04-12] ()
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-10] (Avira GmbH)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-10] (Avira GmbH)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-12-09] (Avira GmbH)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [1156216 2011-11-14] (Symantec Corporation)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [1156216 2011-11-14] (Symantec Corporation)

R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)

S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2012-03-19] (Mobile Connector)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-12-14] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-12-14] (Symantec Corporation)

R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20111216.001\IDSvia64.sys [488568 2011-10-19] (Symantec Corporation)

R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20111216.001\IDSvia64.sys [488568 2011-10-19] (Symantec Corporation)

R3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1588608 2010-07-30] (Creative Technology Ltd.)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20111217.009\ENG64.SYS [117880 2011-12-18] (Symantec Corporation)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20111217.009\ENG64.SYS [117880 2011-12-18] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20111217.009\EX64.SYS [2048632 2011-12-18] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20111217.009\EX64.SYS [2048632 2011-12-18] (Symantec Corporation)

S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-06] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-06] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-22] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-30] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-18] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-18] (Symantec Corporation)

S3 tmnsusbser; C:\Windows\System32\DRIVERS\tmnsusbser.sys [124416 2010-04-21] (Wireless Device)

S3 tmusbnet; C:\Windows\System32\DRIVERS\tmusbnet.sys [129024 2010-04-20] (QUALCOMM Incorporated)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-07-25 15:01 - 2013-07-25 15:01 - 00000000 ____D C:\FRST

2013-07-24 00:09 - 2013-07-24 00:09 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg

2013-07-24 00:09 - 2013-07-24 00:09 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat

2013-07-24 00:01 - 2013-07-24 14:07 - 00000000 ____D C:\Users\kiviis\Desktop\Bewerbungen

2013-07-18 21:18 - 2013-07-18 21:18 - 00000000 ____D C:\Users\kiviis\Desktop\Shindy

2013-07-18 20:40 - 2013-07-18 21:08 - 85681108 _____ C:\Users\kiviis\Downloads\tjio35u289023u8912zugh214ui781tz587zwuz763.zip

2013-07-17 13:18 - 2013-07-17 13:18 - 00000000 ____D C:\Windows\system32\MRT

2013-07-13 16:49 - 2013-05-29 08:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-07-13 16:49 - 2013-05-29 07:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-07-13 16:49 - 2013-05-29 07:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-07-13 16:49 - 2013-05-29 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-07-13 16:49 - 2013-05-29 07:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-07-13 16:49 - 2013-05-29 07:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-07-13 16:49 - 2013-05-29 07:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-07-13 16:49 - 2013-05-29 07:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-07-13 16:49 - 2013-05-29 07:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-07-13 16:49 - 2013-05-29 07:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2013-07-13 16:49 - 2013-05-29 07:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-07-13 16:49 - 2013-05-29 07:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-07-13 16:49 - 2013-05-29 07:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-07-13 16:49 - 2013-05-29 07:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-07-13 16:49 - 2013-05-29 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-07-13 16:49 - 2013-05-29 07:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-07-13 16:49 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-07-13 16:49 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-07-13 16:49 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-07-13 16:49 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-07-13 16:49 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-07-13 16:49 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-07-13 16:49 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-07-13 16:49 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-07-13 16:49 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-07-13 16:49 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-07-13 16:49 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-07-13 16:49 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-07-13 16:49 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-07-13 16:49 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-07-13 16:49 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-07-13 16:49 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-07-10 23:41 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-07-10 23:41 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2013-07-10 23:41 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

2013-07-10 23:41 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-07-10 23:41 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-07-10 23:41 - 2013-04-10 07:45 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2013-07-10 23:41 - 2013-04-10 07:02 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2013-07-10 17:34 - 2013-07-18 19:46 - 00000000 ____D C:\Users\kiviis\Desktop\RAF_3.0-Hoch2-Premium_Edition-DE-2013-VOiCE

2013-07-10 16:53 - 2013-07-10 16:53 - 00000000 ____D C:\Users\kiviis\AppData\Local\Macromedia

2013-07-10 16:52 - 2013-07-10 16:52 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-07-04 17:50 - 2013-07-04 17:50 - 00008877 _____ C:\Users\kiviis\AppData\Local\recently-used.xbel

2013-07-04 16:38 - 2013-07-04 17:29 - 155868316 _____ C:\Users\kiviis\Downloads\RAF3.0-2013--.rar

2013-07-03 01:51 - 2013-07-07 01:24 - 00000000 ____D C:\Users\kiviis\Desktop\iphone ftw

2013-07-02 22:44 - 2013-07-02 22:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-07-02 22:39 - 2013-07-02 22:39 - 00000000 ____D C:\Users\kiviis\Desktop\Genetikk--D.N.A.-DE-2013-OMA

2013-07-02 21:59 - 2013-07-02 22:38 - 119944535 _____ C:\Users\kiviis\Downloads\zrt.rar

2013-06-29 14:08 - 2013-07-04 16:43 - 00000000 ____D C:\Users\kiviis\AppData\Local\gtk-2.0

2013-06-29 13:48 - 2013-06-29 13:48 - 00000000 ____D C:\Users\kiviis\.thumbnails

2013-06-29 13:44 - 2013-07-04 17:51 - 00000000 ____D C:\Users\kiviis\.gimp-2.8

2013-06-29 13:44 - 2013-06-29 13:44 - 00000000 ____D C:\Users\kiviis\AppData\Local\gegl-0.2

2013-06-29 13:38 - 2013-06-29 13:39 - 00000000 ____D C:\Program Files\GIMP 2

2013-06-29 13:37 - 2013-06-29 13:38 - 90116160 _____ (The GIMP Team                                               ) C:\Users\kiviis\Downloads\gimp-2.8.6-setup.exe
 

==================== One Month Modified Files and Folders =======
 

2013-07-25 15:01 - 2013-07-25 15:01 - 00000000 ____D C:\FRST

2013-07-25 15:00 - 2012-05-01 14:23 - 00065536 _____ C:\Windows\system32\Ikeext.etl

2013-07-25 15:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-07-25 15:00 - 2009-07-14 06:51 - 00033200 _____ C:\Windows\setupact.log

2013-07-24 14:37 - 2012-03-25 01:33 - 01904514 _____ C:\Windows\WindowsUpdate.log

2013-07-24 14:37 - 2009-07-14 06:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-07-24 14:37 - 2009-07-14 06:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-07-24 14:15 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing

2013-07-24 14:13 - 2011-10-24 19:44 - 00000000 ____D C:\Users\kiviis\AppData\Roaming\SoftGrid Client

2013-07-24 14:07 - 2013-07-24 00:01 - 00000000 ____D C:\Users\kiviis\Desktop\Bewerbungen

2013-07-24 14:03 - 2011-10-18 19:37 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9EB26621-B30E-40E1-B07B-90F20CE1DF68}

2013-07-24 13:39 - 2011-07-16 07:32 - 00654844 _____ C:\Windows\system32\perfh007.dat

2013-07-24 13:39 - 2011-07-16 07:32 - 00130426 _____ C:\Windows\system32\perfc007.dat

2013-07-24 13:39 - 2009-07-14 07:13 - 01500254 _____ C:\Windows\system32\PerfStringBackup.INI

2013-07-24 13:36 - 2012-08-19 23:43 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1544860817-3619579024-2749951792-1000UA.job

2013-07-24 13:36 - 2012-08-19 23:43 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1544860817-3619579024-2749951792-1000Core.job

2013-07-24 00:12 - 2011-10-18 19:35 - 00318696 _____ C:\Users\kiviis\AppData\Local\GDIPFONTCACHEV1.DAT

2013-07-24 00:09 - 2013-07-24 00:09 - 00000162 _____ C:\ProgramData\wavav0bdtzbtb43b.reg

2013-07-24 00:09 - 2013-07-24 00:09 - 00000067 _____ C:\ProgramData\wavav0bdtzbtb43b.bat

2013-07-24 00:09 - 2011-10-18 19:37 - 00000000 ___RD C:\Users\kiviis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-07-18 21:18 - 2013-07-18 21:18 - 00000000 ____D C:\Users\kiviis\Desktop\Shindy

2013-07-18 21:08 - 2013-07-18 20:40 - 85681108 _____ C:\Users\kiviis\Downloads\tjio35u289023u8912zugh214ui781tz587zwuz763.zip

2013-07-18 19:46 - 2013-07-10 17:34 - 00000000 ____D C:\Users\kiviis\Desktop\RAF_3.0-Hoch2-Premium_Edition-DE-2013-VOiCE

2013-07-18 19:42 - 2013-04-22 14:08 - 00000000 ____D C:\Users\kiviis\Desktop\Alpa_Gun-Alles_Kommt_Zurueck-Premium_Edition-DE-2013-VOiCE

2013-07-18 13:58 - 2012-06-27 14:32 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForkiviis.job

2013-07-17 22:48 - 2012-06-27 14:32 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForkiviis

2013-07-17 22:48 - 2011-11-02 15:09 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2013-07-17 22:48 - 2011-10-27 18:59 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log

2013-07-17 13:20 - 2013-07-17 13:18 - 00000000 ____D C:\Windows\system32\MRT

2013-07-15 19:30 - 2011-10-18 19:33 - 00000000 ____D C:\Users\kiviis

2013-07-15 07:24 - 2012-03-25 11:20 - 00000000 ___RD C:\Users\Public\Recorded TV

2013-07-15 07:24 - 2012-03-25 01:43 - 00000000 ____D C:\ProgramData\Norton

2013-07-15 07:24 - 2012-03-25 01:42 - 00000000 ____D C:\Users\Public\Documents\YouCam

2013-07-15 07:24 - 2011-10-21 00:32 - 00000000 ____D C:\Users\kiviis\Documents\Meine empfangenen Dateien

2013-07-15 07:24 - 2011-10-20 23:26 - 00000000 ____D C:\ProgramData\McAfee Security Scan

2013-07-15 07:24 - 2011-10-19 22:03 - 00000000 ____D C:\Users\kiviis\Documents\Youcam

2013-07-15 07:24 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender

2013-07-15 07:24 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2013-07-15 07:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat

2013-07-15 07:24 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-07-14 21:27 - 2012-05-17 10:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-07-14 21:27 - 2012-05-17 10:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2013-07-14 21:27 - 2010-11-21 05:47 - 00094784 _____ C:\Windows\PFRO.log

2013-07-14 21:27 - 2009-07-14 06:45 - 00955576 _____ C:\Windows\system32\FNTCACHE.DAT

2013-07-10 16:53 - 2013-07-10 16:53 - 00000000 ____D C:\Users\kiviis\AppData\Local\Macromedia

2013-07-10 16:52 - 2013-07-10 16:52 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-07-10 16:52 - 2011-10-18 20:23 - 00000000 ____D C:\Users\kiviis\AppData\Local\Adobe

2013-07-10 16:52 - 2011-07-15 22:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-07-07 18:10 - 2013-04-23 16:46 - 00000000 ____D C:\Users\kiviis\Desktop\Macklemore and Ryan Lewis - The Heist (Deluxe Edition) (2012)

2013-07-07 01:24 - 2013-07-03 01:51 - 00000000 ____D C:\Users\kiviis\Desktop\iphone ftw

2013-07-04 17:51 - 2013-06-29 13:44 - 00000000 ____D C:\Users\kiviis\.gimp-2.8

2013-07-04 17:50 - 2013-07-04 17:50 - 00008877 _____ C:\Users\kiviis\AppData\Local\recently-used.xbel

2013-07-04 17:29 - 2013-07-04 16:38 - 155868316 _____ C:\Users\kiviis\Downloads\RAF3.0-2013--.rar

2013-07-04 16:43 - 2013-06-29 14:08 - 00000000 ____D C:\Users\kiviis\AppData\Local\gtk-2.0

2013-07-03 02:06 - 2012-05-06 22:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-07-03 01:11 - 2013-04-04 16:47 - 00000000 ____D C:\Users\kiviis\Desktop\iphone pics

2013-07-02 22:44 - 2013-07-02 22:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-07-02 22:39 - 2013-07-02 22:39 - 00000000 ____D C:\Users\kiviis\Desktop\Genetikk--D.N.A.-DE-2013-OMA

2013-07-02 22:38 - 2013-07-02 21:59 - 119944535 _____ C:\Users\kiviis\Downloads\zrt.rar

2013-06-29 13:48 - 2013-06-29 13:48 - 00000000 ____D C:\Users\kiviis\.thumbnails

2013-06-29 13:44 - 2013-06-29 13:44 - 00000000 ____D C:\Users\kiviis\AppData\Local\gegl-0.2

2013-06-29 13:39 - 2013-06-29 13:38 - 00000000 ____D C:\Program Files\GIMP 2

2013-06-29 13:38 - 2013-06-29 13:37 - 90116160 _____ (The GIMP Team                                               ) C:\Users\kiviis\Downloads\gimp-2.8.6-setup.exe

2013-06-28 23:28 - 2012-10-12 16:36 - 00000000 ____D C:\Users\kiviis\Desktop\iphone
 

Files to move or delete:

====================

C:\ProgramData\wavav0bdtzbtb43b.bat

C:\ProgramData\wavav0bdtzbtb43b.reg
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-07-15 17:28
 

==================== End Of Log ============================
--- --- ---