Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 8.1 (64) : TR/crypt.zpack.gen und cryptowall: persönliche Datein verschlüsselt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.05.2014, 14:42   #1
Amor79
 
Windows 8.1 (64) : TR/crypt.zpack.gen und cryptowall: persönliche Datein verschlüsselt - Standard

Windows 8.1 (64) : TR/crypt.zpack.gen und cryptowall: persönliche Datein verschlüsselt



Ich habe seit gestern keinen Zugriff mehr auf meine persönlichen Dateien (Word,jpg's,pdf's,excel). In den Verzeichnissen befinden sich 3 Datein die auf eine Cryptowall-Verschlüsselung hinweisen mit der Ansage, dass ich innerhalb von 4 Tagen 500€ per Bitcoin überweisen soll. Danach kostet das Ganze 1.000€. Nach der Zahlung soll ich den Schlüssel zum Wiederherstellen meiner Dateien erhalten.

Gibt es einen anderen Weg meine Daten zu retten? Systemwiederherstellungspunkte wurden gelöscht / werden nicht angezeigt. Frühere Versionen meiner Dateien werden nicht angezeigt.

Antivir hat vorgestern TR/crypt.zpack.gen gefunden.

Ich bin für einen wichtigen Termin in drei Tagen auf einige dieser Daten extrem angewiesen.Wer kann mir helfen?

Liebe Grüße

Anbei meine Logfiles:


AVIRA
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 24. Mai 2014  15:25


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Antivirus Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows 8.1
Windowsversion : (plain)  [6.2.9200]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : VAIO

Versionsinformationen:


Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_5374a0ae\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig
Abweichende Gefahrenkategorien........: +SPR,

Beginn des Suchlaufs: Samstag, 24. Mai 2014  15:25


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\XXX\AppData\Local\Temp\UpdateFlashPlayer_7263bd21.exe'
C:\Users\André\AppData\Local\Temp\UpdateFlashPlayer_7263bd21.exe
  [FUND]      Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen
Beginne mit der Suche in 'C:\Users\XXX\AppData\Local\Temp\UpdateFlashPlayer_c1376349.exe'
Der zu durchsuchende Pfad C:\Users\XXX\AppData\Local\Temp\UpdateFlashPlayer_c1376349.exe konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.

Beginne mit der Desinfektion:
C:\Users\XXX\AppData\Local\Temp\UpdateFlashPlayer_7263bd21.exe
  [FUND]      Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen
  [WARNUNG]   Die Datei wurde ignoriert.


Ende des Suchlaufs: Samstag, 24. Mai 2014  15:55
Benötigte Zeit: 00:11 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
   1579 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
   1578 Dateien ohne Befall
      0 Archive wurden durchsucht
      1 Warnungen
      0 Hinweise


Die Suchergebnisse werden an den Guard übermittelt.
         

GMER
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-25 15:21:22
Windows 6.3.9600  x64 \Device\Harddisk0\DR0 -> \Device\0000002d  rev. 0,00MB
Running: Gmer-19357.exe; Driver: C:\Users\XXX\AppData\Local\Temp\pxldypog.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\WINDOWS\system32\ntoskrnl.exe!NtCallbackReturn + 960                                                                       fffff80034b5cd00 12 bytes [C0, 52, AC, FF, 02, AD, 4E, ...]
.text   C:\WINDOWS\system32\ntoskrnl.exe!NtCallbackReturn + 973                                                                       fffff80034b5cd0d 23 bytes [B2, A2, 02, 00, C4, FF, FF, ...]
.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                               fffff96000245c00 15 bytes [00, 8E, 0B, 02, 80, 32, 6E, ...]
.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16                                                                          fffff96000245c10 11 bytes [00, 41, FC, FF, C0, 7D, F9, ...]

---- User code sections - GMER 2.1 ----

.text   C:\WINDOWS\Explorer.EXE[1140] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 714                                              00007ffc37c2154a 4 bytes [C2, 37, FC, 7F]
.text   C:\WINDOWS\Explorer.EXE[1140] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 722                                              00007ffc37c21552 4 bytes [C2, 37, FC, 7F]
.text   C:\WINDOWS\Explorer.EXE[1140] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 98                                             00007ffc37c2162a 4 bytes [C2, 37, FC, 7F]
.text   C:\WINDOWS\Explorer.EXE[1140] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 122                                            00007ffc37c21642 4 bytes [C2, 37, FC, 7F]
.text   C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[2320] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 714      00007ffc37c2154a 4 bytes [C2, 37, FC, 7F]
.text   C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[2320] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 722      00007ffc37c21552 4 bytes [C2, 37, FC, 7F]
.text   C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[2320] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 98     00007ffc37c2162a 4 bytes [C2, 37, FC, 7F]
.text   C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[2320] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 122    00007ffc37c21642 4 bytes [C2, 37, FC, 7F]
.text   C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[2320] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506  00007ffc3c7c169a 4 bytes [7C, 3C, FC, 7F]
.text   C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[2320] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514  00007ffc3c7c16a2 4 bytes [7C, 3C, FC, 7F]
.text   C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[2320] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118     00007ffc3c7c181a 4 bytes [7C, 3C, FC, 7F]
.text   C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[2320] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142     00007ffc3c7c1832 4 bytes [7C, 3C, FC, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [496:520]                                                                                       fffff96000895b90

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                         unknown MBR code
Disk    \Device\Harddisk0\DR0                                                                                                         sector 0: rootkit-like behavior

---- EOF - GMER 2.1 ----
         


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 01
Ran by XXX at 2014-05-25 15:09:41
Running from C:\Users\XXX\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

1&1 SmartFax (HKLM-x32\...\1&1 SmartFax) (Version: 2.00.231 - 1&1 Internet AG)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{AF091FA7-20BF-49D4-4C98-4E4AD04D6FB3}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AudioExpert 10.0 (HKLM-x32\...\{B65893CF-96D3-4085-917B-D79CBB69257A}_is1) (Version:  - Ulrich Decker Software Entwicklung)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.0.443 - AVG Technologies)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
Build-a-lot: On Vacation (x32 Version: 2.2.0.110 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Chronicles of Albian (x32 Version: 2.2.0.110 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1923 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1923 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5601.52 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 9.0.5601.52 - CyberLink Corp.) Hidden
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON Stylus SX400 Series Printer Uninstall (HKLM\...\EPSON Stylus SX400 Series) (Version:  - SEIKO EPSON Corporation)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version:  - Paradox Development Studio)
Fakturama (HKLM-x32\...\Fakturama) (Version: 1.6.1 - sebulli.com)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Foxy Security (HKLM-x32\...\Foxy Security) (Version:  - )
GIMP 2.8.8 (HKLM\...\GIMP-2_is1) (Version: 2.8.8 - The GIMP Team)
Heroes of Hellas 3: Athens (x32 Version: 2.2.0.110 - WildTangent) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 38645) (Version: 03.05.11 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.3.1004 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Luxor HD (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Metatogger 5.0 (HKLM-x32\...\{07D70D2D-9A74-4091-A4CF-44C36906DCA4}) (Version: 5.0.2.1 - Luminescence Software)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Connector für soziale Netzerker 32-Bit (HKLM-x32\...\{95140000-004E-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
OpenTTD 1.3.2 (HKLM-x32\...\OpenTTD) (Version: 1.3.2 - OpenTTD)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Ihr Firmenname)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.28121 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Rome - Total War - Gold Edition (HKLM-x32\...\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}) (Version: 1.6 - The Creative Assembly)
Rome: Total War - Alexander (HKLM-x32\...\Steam App 4770) (Version:  - The Creative Assembly)
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version:  - The Creative Assembly)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version:  - EA - Maxis)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sony PC Companion 2.10.197 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Star Trek Online (HKLM-x32\...\Star Trek Online) (Version:  - Cryptic Studios)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.0.0.08170 - Sony Corporation)
VAIO Care (HKLM\...\{92907606-B2FC-4193-B0CE-A21159DA3ABB}) (Version: 8.4.0.14286 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.0.0.08200 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.2.0.08150 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{14AC95A2-7675-4988-A5BD-3F5B943AED08}) (Version: 3.0.0.08140 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.0.0.08060 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.0.0.08240 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.0.0.08240 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.0.00.08170 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.0.0.08090 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.0.08240 - Sony Corporation)
VAIO Movie Creator Template Data (HKLM-x32\...\InstallShield_{00A663F1-6C03-48CA-8E85-55806AAE2615}) (Version: 4.0.00.08170 - Sony Corporation)
VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.8.0.08212 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WildTangent Games App (x32 Version: 4.0.8.7 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent sony Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XING Connector 1.2 (HKLM-x32\...\XING Connector) (Version: 1.2 - XING AG)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

==================== Restore Points  =========================

25-05-2014 01:09:23 Installed SpyHunter

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {05CC2271-AE24-4B90-B11D-9D053A117A0C} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0FA42C04-BEBA-4F38-8CE6-8A4393494F1C} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {0FD1B5AA-A99B-4001-BC03-BE273E5B5FE7} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {14E2E53F-EBC2-4251-B5EE-3449691145B3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-25] (AVAST Software)
Task: {1506FD89-F3C4-49FE-9D02-D7CB263627B4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {25A89776-18C3-4B87-8BB2-458AEA29C9D6} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {31A1A25A-9172-4FD7-8B3F-2A25A441DFE1} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-08-14] (Sony Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {37742EC8-9F86-4D29-B982-41C0FC24CD1A} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4371F3B5-6705-40F3-93F3-CBD19B897CEE} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4B02E4FF-7CBA-4042-8245-CD84CAC2B72E} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation)
Task: {4DD61481-F347-476E-81B8-337CCE6261F4} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {4F8B8A52-86AF-4C38-986D-56203F89D5E1} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {548F9A57-7B3F-4A6B-96F5-BFA7A9B30CC2} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {54E87E50-6660-44AC-8C5B-C935FDD29576} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {56169C08-EDB5-4B81-B738-099901D6580D} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {6A73D9DE-B503-40DD-9CF3-8FC3C7DFA700} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-08-04] (Sony Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {72DEA927-BC98-4105-AD72-23B3D2273913} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-01-09] (Enigma Software Group USA, LLC.)
Task: {7341B5F8-E8D6-4AAD-A693-3D8CD4031EE4} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7D462285-B3A2-4342-B4BA-41E4D3D27833} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8AF70323-A085-45F8-B5CE-7BB0A0172265} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {904ACE57-6EA3-4223-AFDD-A44CF4862DCD} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {90A98F08-EED9-4BA8-AFD9-FF0AD4EC29DA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-15] (Microsoft Corporation)
Task: {9D8B614A-18D5-4E4F-9327-CCA726A8810E} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-07-31] (Sony Corporation)
Task: {9F0990E4-F568-4507-8C62-ABAFA104C6C8} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A31AAA18-D361-4231-89F9-1F3D551CDA11} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {A5D1729B-BDC9-42D6-B4DE-436A7EB93DC7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {AA25F5C3-1602-4A05-99E2-5F2BF1A5C3D4} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {AA9C574F-EB34-4B1B-807A-70CDA7318808} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2012-08-09] (Sony Corporation)
Task: {AB38F923-30C3-425A-AFDD-F6855F11B909} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2012-08-09] (Sony Corporation)
Task: {B245A492-A9BC-4FC6-B1FD-60E3088B130C} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)
Task: {BC743E72-01AB-47B1-8B75-630C2DA9F84F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E200E5AC-B037-47A1-839A-8204B7979F44} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)
Task: {E63FE443-3D41-4B91-B469-0C19C5DB7B99} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F8087607-DDE4-4F9D-82EB-FEE428479FD3} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-08-09] (Sony Corporation)
Task: {FA339EB1-B9E4-4429-8D1B-8599E3B72FD4} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {FA56538F-6E18-49F1-A3D6-4AC2D1D25020} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {FB8B5B2E-3D9B-4257-B7DF-A539147D1654} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2014-05-25 02:44 - 2014-05-25 02:44 - 02557976 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2014-05-25 15:07 - 2014-05-25 15:07 - 00050477 _____ () C:\Users\XXX\Downloads\Defogger.exe
2014-03-21 18:58 - 2014-05-25 02:19 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-25 02:45 - 2014-05-25 02:44 - 00689688 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\18.1.0\NativeBrowserApi.dll
2014-05-25 02:44 - 2014-05-25 02:44 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:9FF7C773
AlternateDataStreams: C:\Users\XXX\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\XXX\SkyDrive.old:ms-properties

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

HKU\S-1-5-21-2844558096-537464712-762792896-1001\Software\Classes\.exe: exefile =>  <===== ATTENTION!
HKU\S-1-5-21-2844558096-537464712-762792896-1001\Software\Classes\exefile:  <===== ATTENTION!

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR3012 Bluetooth(R) Adapter
Description: Qualcomm Atheros AR3012 Bluetooth(R) Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2014 02:41:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17037, Zeitstempel: 0x5312c30a
Name des fehlerhaften Moduls: MFMediaEngine.dll, Version: 6.3.9600.17042, Zeitstempel: 0x531ab26e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000761b3
ID des fehlerhaften Prozesses: 0xa78
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (05/25/2014 01:18:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17037, Zeitstempel: 0x5312c30a
Name des fehlerhaften Moduls: MFMediaEngine.dll, Version: 6.3.9600.17042, Zeitstempel: 0x531ab26e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000761b3
ID des fehlerhaften Prozesses: 0xd78
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (05/25/2014 01:18:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17037, Zeitstempel: 0x5312c30a
Name des fehlerhaften Moduls: MFMediaEngine.dll, Version: 6.3.9600.17042, Zeitstempel: 0x531ab26e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000761b3
ID des fehlerhaften Prozesses: 0x490
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (05/25/2014 09:18:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17037, Zeitstempel: 0x5312c30a
Name des fehlerhaften Moduls: MFMediaEngine.dll, Version: 6.3.9600.17042, Zeitstempel: 0x531ab26e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000761b3
ID des fehlerhaften Prozesses: 0xfdc
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (05/25/2014 09:18:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17037, Zeitstempel: 0x5312c30a
Name des fehlerhaften Moduls: MFMediaEngine.dll, Version: 6.3.9600.17042, Zeitstempel: 0x531ab26e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000761b3
ID des fehlerhaften Prozesses: 0x4c0
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (05/25/2014 05:31:56 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "Coordinator" kann nicht gestartet werden. [0x80070005, Zugriff verweigert
]

Error: (05/25/2014 05:04:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (05/25/2014 04:59:14 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (05/25/2014 04:59:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (05/25/2014 04:58:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (05/25/2014 03:09:57 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (05/25/2014 03:09:49 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/25/2014 03:09:49 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/25/2014 03:09:49 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/25/2014 03:09:49 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/25/2014 03:09:49 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/25/2014 03:09:49 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/25/2014 03:09:49 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/25/2014 03:09:49 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (05/25/2014 03:09:49 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Microsoft Office Sessions:
=========================
Error: (04/02/2014 01:06:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 652 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/10/2014 08:22:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 25836 seconds with 1080 seconds of active time.  This session ended with a crash.

Error: (05/27/2013 01:04:05 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 859 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (05/27/2013 00:49:31 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18090 seconds with 2940 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-03-04 13:52:26.477
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-03-04 13:52:26.281
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-03-04 13:52:24.653
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-03-04 13:52:23.377
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 06:18:13.293
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 06:18:13.137
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 06:18:11.121
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 06:18:10.684
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 04:39:59.619
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-02-28 04:39:59.416
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Percentage of memory in use: 49%
Total physical RAM: 4043.28 MB
Available physical RAM: 2048.3 MB
Total Pagefile: 6731.28 MB
Available Pagefile: 4759.46 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:435.9 GB) (Free:215.15 GB) NTFS
Drive d: (SONYSYS) (Fixed) (Total:0.25 GB) (Free:0.23 GB) FAT32

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 01
Ran by XXX (administrator) on VAIO on 25-05-2014 15:08:54
Running from C:\Users\XXX\Downloads
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avconfig.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
() C:\Users\XXX\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-13] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-13] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-21] (Synaptics Incorporated)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [152896 2012-06-25] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-25] (AVAST Software)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2557976 2014-05-25] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2844558096-537464712-762792896-1001\...\Run: [Spotify] => C:\Users\XXX\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-05-16] (Spotify Ltd)
HKU\S-1-5-21-2844558096-537464712-762792896-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1825984 2014-04-24] (Valve Corporation)
HKU\S-1-5-21-2844558096-537464712-762792896-1001\...\Run: [Spotify Web Helper] => C:\Users\XXX\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-16] (Spotify Ltd)
HKU\S-1-5-21-2844558096-537464712-762792896-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-2844558096-537464712-762792896-1001\...\Run: [Extion] => regsvr32.exe C:\Users\XXX\AppData\Local\Extion\AUDFoundation.dll <===== ATTENTION
HKU\S-1-5-21-2844558096-537464712-762792896-1001\...\Run: [EPSON Stylus SX400 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIEGE.EXE [221696 2007-12-17] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sony MSS.lnk
ShortcutTarget: Sony MSS.lnk -> C:\Program Files\Sony\MSS\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0b18d88.exe (VedSolutions Group)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {0B965EAE-EE5E-42B9-9C7F-3E048A68E0DA} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q312&_nkw={searchTerms}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={AD31AA94-C3F9-4133-9D5C-1F74AEFE735E}&mid=e3848176d5bc47d29d0cd977c83fbb47-a06706cc2bd61143ea2b512934e1a28a9fa07103&lang=en&ds=re011&coid=avgtbdisre&cmpid=&pr=sa&d=2014-05-25 02:45:34&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BEBEB37-6815-4B62-BE26-4B25C9D422EE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\Sony\MSS\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.0.443\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.0.443\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\zudj6mpe.default
FF DefaultSearchEngine: AVG Secure Search
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://mysearch.avg.com?pid=safeguard&sg=&cid=%7B4a66fb63-8ca1-4709-8440-6d954941273e%7D&mid=e3848176d5bc47d29d0cd977c83fbb47-a06706cc2bd61143ea2b512934e1a28a9fa07103&ds=re011&coid=avgtbdisre&cmpid=&v=18.1.0.443&lang=en&pr=sa&d=2014-05-25%2002%3A45%3A34&sap=hp
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\Sony\MSS\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\zudj6mpe.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\zudj6mpe.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Foxy Security - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\zudj6mpe.default\Extensions\sys@foxysecurity.com [2014-05-25]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-25]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.0.443
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.0.443 [2014-05-25]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-27] (Avira Operations GmbH & Co. KG)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-13] (Qualcomm Atheros Commnucations)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-25] (AVAST Software)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [625240 2013-09-28] (Sony Corporation)
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2012-08-08] (Sony Corporation)
S2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1801240 2014-05-25] (AVG Secure Search)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-13] (Atheros)

==================== Drivers (Whitelisted) ====================

R0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-25] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-25] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-25] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-25] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-25] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-25] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-25] ()
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-08-20] (Advanced Micro Devices)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-27] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50464 2014-05-25] (AVG Technologies)
S1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2014-02-27] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-14] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-13] (Qualcomm Atheros)
S3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-08-13] (Qualcomm Atheros)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
R0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-15] (Microsoft Corporation)
R0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-15] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-21] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)
R0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-25 15:08 - 2014-05-25 15:09 - 00021263 _____ () C:\Users\XXX\Downloads\FRST.txt
2014-05-25 15:08 - 2014-05-25 15:08 - 02066944 _____ (Farbar) C:\Users\XXX\Downloads\FRST64.exe
2014-05-25 15:08 - 2014-05-25 15:08 - 00000000 ____D () C:\FRST
2014-05-25 15:07 - 2014-05-25 15:07 - 00050477 _____ () C:\Users\XXX\Downloads\Defogger.exe
2014-05-25 15:07 - 2014-05-25 15:07 - 00000472 _____ () C:\Users\XXX\Downloads\defogger_disable.log
2014-05-25 15:07 - 2014-05-25 15:07 - 00000000 _____ () C:\Users\XXX\defogger_reenable
2014-05-25 08:52 - 2014-05-25 08:54 - 00000000 _____ () C:\Recovery.txt
2014-05-25 08:47 - 2014-05-25 08:47 - 00614661 _____ () C:\Users\XXX\Desktop\decrypt_cryptodefense.zip
2014-05-25 08:47 - 2014-05-25 08:47 - 00000000 ____D () C:\Users\XXX\Desktop\decrypt_cryptodefense
2014-05-25 08:32 - 2014-05-25 08:32 - 00000000 ____D () C:\Users\XXX\Desktop\scareuncrypt
2014-05-25 08:22 - 2014-05-25 08:31 - 05840418 _____ () C:\Users\XXX\Desktop\scareuncrypt.zip
2014-05-25 07:06 - 2014-05-25 07:06 - 00002039 _____ () C:\Users\XXX\Desktop\Entfernen des Avira PC Cleaners.lnk
2014-05-25 07:06 - 2014-05-25 07:06 - 00001983 _____ () C:\Users\XXX\Desktop\Avira PC Cleaner.lnk
2014-05-25 07:05 - 2014-05-25 07:05 - 02278856 _____ () C:\Users\XXX\Downloads\avira_pc_cleaner_de.exe
2014-05-25 06:42 - 2014-05-25 06:42 - 00614661 _____ () C:\Users\XXX\Downloads\decrypt_cryptodefense.zip
2014-05-25 05:05 - 2014-05-25 05:05 - 00000136 _____ () C:\Users\XXX\AppData\Roaming\tmp_register.bat
2014-05-25 05:05 - 2014-05-25 05:05 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\BupSystem
2014-05-25 05:04 - 2014-05-25 05:05 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Security Systems
2014-05-25 05:03 - 2014-05-25 05:03 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\stflt.sys
2014-05-25 05:01 - 2014-05-25 14:55 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-05-25 05:00 - 2014-05-25 05:00 - 00937232 _____ (Crawler.com ) C:\Users\XXX\Desktop\SpywareTerminatorSetup.exe
2014-05-25 04:58 - 2014-05-25 04:58 - 00386920 _____ (Softonic ) C:\Users\XXX\Downloads\SoftonicDownloader_fuer_spyware-terminator.exe
2014-05-25 04:23 - 2014-05-25 04:23 - 00206336 _____ (VedSolutions Group) C:\Users\XXX\AppData\Roaming\0b18d88.exe
2014-05-25 03:38 - 2014-05-25 03:38 - 00001403 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-25 03:38 - 2014-05-25 03:38 - 00001391 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-25 03:38 - 2014-05-25 03:38 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-05-25 03:38 - 2014-05-25 03:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-25 03:37 - 2014-05-25 03:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-25 03:37 - 2014-05-25 03:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-25 03:37 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-05-25 03:34 - 2014-05-25 03:35 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\XXX\Downloads\spybot-2-2.exe
2014-05-25 03:12 - 2014-05-25 03:12 - 00000000 _____ () C:\autoexec.bat
2014-05-25 03:12 - 2012-06-22 11:01 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2014-05-25 03:11 - 2014-05-25 03:11 - 00003318 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2014-05-25 03:11 - 2014-05-25 03:11 - 00002270 _____ () C:\Users\XXX\Desktop\SpyHunter.lnk
2014-05-25 03:11 - 2014-05-25 03:11 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-05-25 03:11 - 2014-05-25 03:11 - 00000000 ____D () C:\sh4ldr
2014-05-25 03:11 - 2014-05-25 03:11 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-25 02:45 - 2014-05-25 03:33 - 00000000 ____D () C:\Users\XXX\AppData\Local\AVG SafeGuard toolbar
2014-05-25 02:45 - 2014-05-25 02:45 - 00000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-05-25 02:45 - 2014-05-25 02:44 - 00050464 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys
2014-05-25 02:44 - 2014-05-25 02:45 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-05-25 02:44 - 2014-05-25 02:44 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-05-25 02:44 - 2014-05-25 02:44 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-05-25 02:44 - 2014-05-25 02:44 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-05-25 02:43 - 2014-05-25 02:46 - 00001752 _____ () C:\Users\Public\Desktop\Installation von Reimage Repair fortsetzen.lnk
2014-05-25 02:43 - 2014-05-25 02:43 - 00000099 _____ () C:\WINDOWS\Reimage.ini
2014-05-25 01:53 - 2014-05-25 01:53 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-05-25 01:53 - 2014-05-25 01:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-25 01:53 - 2014-05-25 01:52 - 00313256 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-05-25 01:53 - 2014-05-25 01:52 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-05-25 01:53 - 2014-05-25 01:52 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-05-25 01:52 - 2014-05-25 01:52 - 00000000 ____D () C:\Program Files\Java
2014-05-25 01:39 - 2014-05-25 01:39 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\AVAST Software
2014-05-25 01:37 - 2014-05-25 01:37 - 00001982 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-25 01:37 - 2014-05-25 01:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-25 01:36 - 2014-05-25 01:39 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-05-25 01:35 - 2014-05-25 01:37 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-05-25 01:35 - 2014-05-25 01:37 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-05-25 01:35 - 2014-05-25 01:37 - 00085328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1400974622015
2014-05-25 01:35 - 2014-05-25 01:35 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1400974622015
2014-05-25 01:35 - 2014-05-25 01:35 - 00334648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-05-25 01:35 - 2014-05-25 01:35 - 00208416 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-05-25 01:35 - 2014-05-25 01:35 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-05-25 01:33 - 2014-05-25 01:33 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-25 01:33 - 2014-05-25 01:33 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-24 15:33 - 2014-05-24 15:33 - 00008566 _____ () C:\Users\XXX\Downloads\DECRYPT_INSTRUCTION.HTML
2014-05-24 15:33 - 2014-05-24 15:33 - 00004670 _____ () C:\Users\XXX\Downloads\DECRYPT_INSTRUCTION.TXT
2014-05-24 15:33 - 2014-05-24 15:33 - 00000280 _____ () C:\Users\XXX\Downloads\DECRYPT_INSTRUCTION.URL
2014-05-24 15:30 - 2014-05-24 15:30 - 00008566 _____ () C:\Users\XXX\Documents\DECRYPT_INSTRUCTION.HTML
2014-05-24 15:30 - 2014-05-24 15:30 - 00004670 _____ () C:\Users\XXX\Documents\DECRYPT_INSTRUCTION.TXT
2014-05-24 15:30 - 2014-05-24 15:30 - 00000280 _____ () C:\Users\XXX\Documents\DECRYPT_INSTRUCTION.URL
2014-05-24 15:28 - 2014-05-24 15:28 - 00008566 _____ () C:\Users\XXX\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-05-24 15:28 - 2014-05-24 15:28 - 00004670 _____ () C:\Users\XXX\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-05-24 15:28 - 2014-05-24 15:28 - 00000280 _____ () C:\Users\XXX\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-05-24 15:13 - 2014-05-24 15:14 - 14443040 _____ (XING) C:\Users\XXX\Downloads\xingoutlookconnector.exe
2014-05-22 22:53 - 2014-05-22 22:53 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-05-19 01:20 - 2014-05-19 01:20 - 00004096 ___SH () C:\Users\XXX\Documents\Thumbs.db
2014-05-15 13:11 - 2014-05-01 22:30 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-15 13:11 - 2014-05-01 22:30 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 00:07 - 2014-05-15 00:07 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-05-14 22:28 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 22:28 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 22:27 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 22:27 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 22:27 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 22:27 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 22:27 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 22:27 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 22:27 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 22:27 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 22:27 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-14 22:27 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 22:27 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 22:27 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 22:27 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 22:27 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 22:27 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 22:27 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 22:27 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 22:27 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 22:27 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 22:27 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 22:27 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 22:27 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 22:27 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 22:27 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 22:27 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 22:27 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 22:27 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 22:27 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 22:27 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 22:27 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 22:26 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 22:26 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 22:26 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 22:26 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 22:26 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 22:26 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 22:26 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 22:26 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 22:26 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-14 22:26 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-07 12:32 - 2014-05-24 15:31 - 15488252 _____ () C:\Users\XXX\Downloads\Mehr Kunden - Mehr Umsatz - YouTube.mp4
2014-05-03 18:03 - 2014-05-03 18:06 - 02565632 _____ () C:\Users\XXX\Downloads\MN100.exe
2014-05-03 18:00 - 2014-05-03 18:00 - 00509712 _____ (APPS installer) C:\Users\XXX\Downloads\MicroTek MN100 Camera Driver Driver.exe
2014-05-03 17:59 - 2014-05-03 17:59 - 00000000 _____ () C:\Users\XXX\Downloads\MICROTEK.exe
2014-05-03 17:32 - 2014-05-03 17:32 - 00000000 ____D () C:\Users\XXX\Documents\174765-520112-microtek-mn100.zip
2014-05-03 17:22 - 2014-05-03 17:22 - 00673992 _____ () C:\Users\XXX\Downloads\Brothersoft_downloader_For_MicroTek_MN100_Camera_Driver.exe
2014-05-03 16:51 - 2014-05-24 15:30 - 00000000 ____D () C:\Users\XXX\Documents\MODupRemover
2014-05-03 16:35 - 2014-05-03 16:51 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\MODupRemover
2014-05-03 16:34 - 2014-05-03 16:51 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heiko Schröder Software
2014-05-03 15:53 - 2014-05-24 15:28 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Itsth
2014-05-03 15:52 - 2014-05-03 16:19 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Systweak
2014-05-03 15:52 - 2014-05-03 15:51 - 04345120 _____ (IT-Services Thomas Holz ) C:\Users\XXX\Downloads\DuplicateDeleteOutlook_D.exe
2014-05-03 15:52 - 2014-04-25 14:49 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot64.exe
2014-05-03 14:01 - 2014-05-25 07:12 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-02 20:32 - 2014-05-24 15:33 - 00000000 ____D () C:\Users\XXX\Downloads\videorepair
2014-05-02 20:00 - 2014-05-02 20:02 - 39338513 _____ () C:\Users\XXX\Downloads\videorepair.zip
2014-05-02 11:37 - 2014-05-02 11:37 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 11:37 - 2014-05-02 11:37 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 12:48 - 2014-05-24 15:29 - 00717080 _____ () C:\Users\XXX\Documents\aa.pptx
2014-04-29 14:00 - 2014-04-29 14:00 - 00226727 _____ () C:\Users\XXX\Downloads\mlss052.grf
2014-04-29 14:00 - 2014-04-29 14:00 - 00226727 _____ () C:\Users\XXX\Desktop\mlss052.grf
2014-04-29 13:51 - 2014-04-29 13:51 - 05703932 _____ () C:\Users\XXX\Desktop\Kingdom and Co., 27th Oct 2640.sav
2014-04-29 07:55 - 2014-04-29 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-04-29 07:54 - 2014-04-29 07:54 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-04-29 07:18 - 2014-04-29 07:58 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak1
2014-04-28 12:17 - 2014-04-28 12:17 - 00422358 _____ () C:\Users\XXX\Desktop\Anschreiben und Kooperationsangebot Eco Viva GmbH 2014 - Foodloose.dotx
2014-04-28 11:21 - 2014-04-29 07:46 - 00000000 ____D () C:\Program Files (x86)\EMET 4.1
2014-04-28 06:33 - 2014-04-28 06:33 - 00599240 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btfilter.sys

==================== One Month Modified Files and Folders =======

2014-05-25 15:09 - 2014-05-25 15:08 - 00021263 _____ () C:\Users\XXX\Downloads\FRST.txt
2014-05-25 15:08 - 2014-05-25 15:08 - 02066944 _____ (Farbar) C:\Users\XXX\Downloads\FRST64.exe
2014-05-25 15:08 - 2014-05-25 15:08 - 00000000 ____D () C:\FRST
2014-05-25 15:07 - 2014-05-25 15:07 - 00050477 _____ () C:\Users\XXX\Downloads\Defogger.exe
2014-05-25 15:07 - 2014-05-25 15:07 - 00000472 _____ () C:\Users\XXX\Downloads\defogger_disable.log
2014-05-25 15:07 - 2014-05-25 15:07 - 00000000 _____ () C:\Users\XXX\defogger_reenable
2014-05-25 15:07 - 2013-12-15 00:30 - 00000000 ____D () C:\Users\XXX
2014-05-25 14:55 - 2014-05-25 05:01 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-05-25 13:26 - 2013-12-14 19:33 - 00000000 ____D () C:\ProgramData\tmp
2014-05-25 13:21 - 2013-12-15 00:52 - 01213868 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-25 08:54 - 2014-05-25 08:52 - 00000000 _____ () C:\Recovery.txt
2014-05-25 08:52 - 2013-12-15 00:01 - 00000000 ____D () C:\Recovery
2014-05-25 08:47 - 2014-05-25 08:47 - 00614661 _____ () C:\Users\XXX\Desktop\decrypt_cryptodefense.zip
2014-05-25 08:47 - 2014-05-25 08:47 - 00000000 ____D () C:\Users\XXX\Desktop\decrypt_cryptodefense
2014-05-25 08:32 - 2014-05-25 08:32 - 00000000 ____D () C:\Users\XXX\Desktop\scareuncrypt
2014-05-25 08:31 - 2014-05-25 08:22 - 05840418 _____ () C:\Users\XXX\Desktop\scareuncrypt.zip
2014-05-25 07:12 - 2014-05-03 14:01 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-25 07:06 - 2014-05-25 07:06 - 00002039 _____ () C:\Users\XXX\Desktop\Entfernen des Avira PC Cleaners.lnk
2014-05-25 07:06 - 2014-05-25 07:06 - 00001983 _____ () C:\Users\XXX\Desktop\Avira PC Cleaner.lnk
2014-05-25 07:05 - 2014-05-25 07:05 - 02278856 _____ () C:\Users\XXX\Downloads\avira_pc_cleaner_de.exe
2014-05-25 06:42 - 2014-05-25 06:42 - 00614661 _____ () C:\Users\XXX\Downloads\decrypt_cryptodefense.zip
2014-05-25 06:04 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-25 06:03 - 2013-05-17 21:06 - 00000000 ____D () C:\WINDOWS\pss
2014-05-25 06:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-25 05:41 - 2014-04-21 19:03 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-25 05:34 - 2013-05-17 21:15 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2844558096-537464712-762792896-1001
2014-05-25 05:33 - 2013-05-17 21:28 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Spotify
2014-05-25 05:31 - 2013-05-20 21:22 - 04951552 ___SH () C:\Users\XXX\Desktop\Thumbs.db
2014-05-25 05:31 - 2013-05-17 21:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-25 05:05 - 2014-05-25 05:05 - 00000136 _____ () C:\Users\XXX\AppData\Roaming\tmp_register.bat
2014-05-25 05:05 - 2014-05-25 05:05 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\BupSystem
2014-05-25 05:05 - 2014-05-25 05:04 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Security Systems
2014-05-25 05:03 - 2014-05-25 05:03 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\stflt.sys
2014-05-25 05:00 - 2014-05-25 05:00 - 00937232 _____ (Crawler.com ) C:\Users\XXX\Desktop\SpywareTerminatorSetup.exe
2014-05-25 04:58 - 2014-05-25 04:58 - 00386920 _____ (Softonic ) C:\Users\XXX\Downloads\SoftonicDownloader_fuer_spyware-terminator.exe
2014-05-25 04:46 - 2013-05-18 12:43 - 02347520 ___SH () C:\Users\XXX\Downloads\Thumbs.db
2014-05-25 04:23 - 2014-05-25 04:23 - 00206336 _____ (VedSolutions Group) C:\Users\XXX\AppData\Roaming\0b18d88.exe
2014-05-25 04:22 - 2014-03-31 01:31 - 00000000 __RDO () C:\Users\XXX\SkyDrive
2014-05-25 04:20 - 2013-11-14 00:18 - 00008510 _____ () C:\WINDOWS\PFRO.log
2014-05-25 04:20 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-25 04:15 - 2013-08-22 16:46 - 00302204 _____ () C:\WINDOWS\setupact.log
2014-05-25 03:43 - 2014-05-25 03:37 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-25 03:38 - 2014-05-25 03:38 - 00001403 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-25 03:38 - 2014-05-25 03:38 - 00001391 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-25 03:38 - 2014-05-25 03:38 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-05-25 03:38 - 2014-05-25 03:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-25 03:38 - 2014-05-25 03:37 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-25 03:35 - 2014-05-25 03:34 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\XXX\Downloads\spybot-2-2.exe
2014-05-25 03:33 - 2014-05-25 02:45 - 00000000 ____D () C:\Users\XXX\AppData\Local\AVG SafeGuard toolbar
2014-05-25 03:12 - 2014-05-25 03:12 - 00000000 _____ () C:\autoexec.bat
2014-05-25 03:11 - 2014-05-25 03:11 - 00003318 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2014-05-25 03:11 - 2014-05-25 03:11 - 00002270 _____ () C:\Users\XXX\Desktop\SpyHunter.lnk
2014-05-25 03:11 - 2014-05-25 03:11 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-05-25 03:11 - 2014-05-25 03:11 - 00000000 ____D () C:\sh4ldr
2014-05-25 03:11 - 2014-05-25 03:11 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-25 03:11 - 2014-02-27 11:38 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-25 02:46 - 2014-05-25 02:43 - 00001752 _____ () C:\Users\Public\Desktop\Installation von Reimage Repair fortsetzen.lnk
2014-05-25 02:45 - 2014-05-25 02:45 - 00000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-05-25 02:45 - 2014-05-25 02:44 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-05-25 02:44 - 2014-05-25 02:45 - 00050464 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys
2014-05-25 02:44 - 2014-05-25 02:44 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-05-25 02:44 - 2014-05-25 02:44 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-05-25 02:44 - 2014-05-25 02:44 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-05-25 02:43 - 2014-05-25 02:43 - 00000099 _____ () C:\WINDOWS\Reimage.ini
2014-05-25 02:20 - 2014-03-21 18:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-25 02:18 - 2013-05-27 13:06 - 00001509 _____ () C:\Users\XXX\Desktop\iexplore - Verknüpfung.lnk
2014-05-25 02:17 - 2014-03-21 18:58 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-25 02:17 - 2014-03-21 18:58 - 00001147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-25 01:53 - 2014-05-25 01:53 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-05-25 01:53 - 2014-05-25 01:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-25 01:52 - 2014-05-25 01:53 - 00313256 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-05-25 01:52 - 2014-05-25 01:53 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-05-25 01:52 - 2014-05-25 01:53 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-05-25 01:52 - 2014-05-25 01:52 - 00000000 ____D () C:\Program Files\Java
2014-05-25 01:50 - 2013-09-15 21:28 - 00001116 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2014-05-25 01:50 - 2013-09-15 21:27 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-25 01:39 - 2014-05-25 01:39 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\AVAST Software
2014-05-25 01:39 - 2014-05-25 01:36 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-05-25 01:37 - 2014-05-25 01:37 - 00001982 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-25 01:37 - 2014-05-25 01:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-25 01:37 - 2014-05-25 01:35 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-05-25 01:37 - 2014-05-25 01:35 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-05-25 01:37 - 2014-05-25 01:35 - 00085328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1400974622015
2014-05-25 01:35 - 2014-05-25 01:35 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1400974622015
2014-05-25 01:35 - 2014-05-25 01:35 - 00334648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-05-25 01:35 - 2014-05-25 01:35 - 00208416 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-05-25 01:35 - 2014-05-25 01:35 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-05-25 01:33 - 2014-05-25 01:33 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-25 01:33 - 2014-05-25 01:33 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-25 01:18 - 2013-12-15 14:17 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{33646DF5-EBCF-4B42-9921-E8947B80D34E}
2014-05-25 01:13 - 2013-05-17 21:08 - 00000000 ____D () C:\Users\XXX\Documents\Bluetooth Folder
2014-05-25 01:10 - 2013-08-22 16:46 - 00001196 _____ () C:\WINDOWS\setuperr.log
2014-05-25 00:53 - 2013-11-11 00:23 - 00000000 ____D () C:\Users\XXX\.gimp-2.8
2014-05-24 18:32 - 2013-05-17 21:28 - 00000000 ____D () C:\Users\XXX\AppData\Local\Spotify
2014-05-24 15:33 - 2014-05-24 15:33 - 00008566 _____ () C:\Users\XXX\Downloads\DECRYPT_INSTRUCTION.HTML
2014-05-24 15:33 - 2014-05-24 15:33 - 00004670 _____ () C:\Users\XXX\Downloads\DECRYPT_INSTRUCTION.TXT
2014-05-24 15:33 - 2014-05-24 15:33 - 00000280 _____ () C:\Users\XXX\Downloads\DECRYPT_INSTRUCTION.URL
2014-05-24 15:33 - 2014-05-02 20:32 - 00000000 ____D () C:\Users\XXX\Downloads\videorepair
2014-05-24 15:33 - 2013-12-15 16:14 - 39739928 _____ () C:\Users\XXX\Downloads\SME Merchant Presentation for Coaches DT.ppt
2014-05-24 15:32 - 2014-02-06 10:56 - 39739928 _____ () C:\Users\XXX\Downloads\SME Merchant Presentation for Coaches DT (1).ppt
2014-05-24 15:31 - 2014-05-07 12:32 - 15488252 _____ () C:\Users\XXX\Downloads\Mehr Kunden - Mehr Umsatz - YouTube.mp4
2014-05-24 15:31 - 2013-12-14 16:39 - 00000000 ____D () C:\Users\XXX\Downloads\GRF Editor v1.3.4
2014-05-24 15:31 - 2013-09-22 21:21 - 195937820 _____ () C:\Users\XXX\Downloads\Nass aber glücklich!).AVI
2014-05-24 15:31 - 2013-09-22 21:13 - 29649212 _____ () C:\Users\XXX\Downloads\MVI_4136.AVI
2014-05-24 15:30 - 2014-05-24 15:30 - 00008566 _____ () C:\Users\XXX\Documents\DECRYPT_INSTRUCTION.HTML
2014-05-24 15:30 - 2014-05-24 15:30 - 00004670 _____ () C:\Users\XXX\Documents\DECRYPT_INSTRUCTION.TXT
2014-05-24 15:30 - 2014-05-24 15:30 - 00000280 _____ () C:\Users\XXX\Documents\DECRYPT_INSTRUCTION.URL
2014-05-24 15:30 - 2014-05-03 16:51 - 00000000 ____D () C:\Users\XXX\Documents\MODupRemover
2014-05-24 15:30 - 2014-03-10 12:56 - 00030744 _____ () C:\Users\XXX\Downloads\140307 Party-Platzierungen Mintanine.xlsx
2014-05-24 15:30 - 2013-12-25 20:22 - 00000000 ____D () C:\Users\XXX\Documents\Paradox Interactive
2014-05-24 15:30 - 2013-06-11 14:13 - 00000000 ____D () C:\Users\XXX\Documents\PDF Architect Files
2014-05-24 15:29 - 2014-05-01 12:48 - 00717080 _____ () C:\Users\XXX\Documents\aa.pptx
2014-05-24 15:29 - 2014-04-08 18:03 - 00066584 _____ () C:\Users\XXX\Desktop\struktur.pptx
2014-05-24 15:29 - 2014-03-29 19:26 - 00009240 _____ () C:\Users\XXX\Documents\ant.xlsx
2014-05-24 15:29 - 2013-11-11 01:16 - 00067608 _____ () C:\Users\XXX\Desktop\Visitenkarte Alina.pptx
2014-05-24 15:29 - 2013-09-12 17:59 - 14254360 _____ () C:\Users\XXX\Desktop\Grundsatzpräsentation WWF Partnerschaft light kompr neu.ppt
2014-05-24 15:29 - 2013-08-04 21:25 - 00016920 _____ () C:\Users\XXX\Desktop\August.xlsx
2014-05-24 15:29 - 2013-07-20 21:19 - 00204824 _____ () C:\Users\XXX\Desktop\Entwurf.pptx
2014-05-24 15:28 - 2014-05-24 15:28 - 00008566 _____ () C:\Users\XXX\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-05-24 15:28 - 2014-05-24 15:28 - 00004670 _____ () C:\Users\XXX\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-05-24 15:28 - 2014-05-24 15:28 - 00000280 _____ () C:\Users\XXX\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-05-24 15:28 - 2014-05-03 15:53 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Itsth
2014-05-24 15:28 - 2014-03-28 15:03 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Skype
2014-05-24 15:28 - 2014-03-28 15:03 - 00000000 ____D () C:\Users\XXX\AppData\Local\Skype
2014-05-24 15:28 - 2014-03-21 18:58 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Mozilla
2014-05-24 15:28 - 2014-03-10 13:36 - 00011032 _____ () C:\Users\XXX\Desktop\140307 Party-Platzierungen Mintanine.xlsx
2014-05-24 15:28 - 2014-01-03 17:50 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\AudioXP
2014-05-24 15:28 - 2013-05-17 21:07 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Adobe
2014-05-24 15:28 - 2013-05-17 21:06 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Sony Corporation
2014-05-24 15:24 - 2014-01-03 19:35 - 00000000 ____D () C:\Users\XXX\AppData\Local\Luminescence_Software
2014-05-24 15:23 - 2013-12-14 19:33 - 00000000 ____D () C:\ProgramData\hps
2014-05-24 15:23 - 2013-09-22 15:26 - 00000000 ____D () C:\ProgramData\Sony
2014-05-24 15:23 - 2012-09-18 21:16 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-05-24 15:17 - 2013-05-17 21:07 - 00000000 ___RD () C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 15:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-24 15:14 - 2014-05-24 15:13 - 14443040 _____ (XING) C:\Users\XXX\Downloads\xingoutlookconnector.exe
2014-05-24 15:10 - 2013-05-17 21:05 - 00000000 ____D () C:\Users\XXX\AppData\Local\Packages
2014-05-24 01:30 - 2013-09-14 21:36 - 00000000 ____D () C:\Users\XXX\Documents\OpenTTD
2014-05-23 01:29 - 2014-01-03 19:35 - 00000000 ____D () C:\Update
2014-05-22 22:53 - 2014-05-22 22:53 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-05-22 22:53 - 2012-09-18 22:11 - 00000000 ____D () C:\Program Files\Sony
2014-05-22 22:53 - 2012-09-18 21:40 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Sony Corporation
2014-05-22 22:53 - 2012-09-18 21:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-20 13:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-05-20 12:35 - 2013-11-14 09:27 - 01785582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-20 12:35 - 2013-11-14 09:11 - 00769092 _____ () C:\WINDOWS\system32\perfh007.dat
2014-05-20 12:35 - 2013-11-14 09:11 - 00160376 _____ () C:\WINDOWS\system32\perfc007.dat
2014-05-19 01:20 - 2014-05-19 01:20 - 00004096 ___SH () C:\Users\XXX\Documents\Thumbs.db
2014-05-15 14:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-15 13:14 - 2013-05-17 21:07 - 00000000 ___RD () C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 00:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-15 00:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 00:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 00:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-15 00:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-15 00:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-15 00:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 00:14 - 2013-08-26 23:52 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-15 00:14 - 2013-05-17 21:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 00:10 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-15 00:10 - 2013-05-18 03:06 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-15 00:07 - 2014-05-15 00:07 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-05-14 17:41 - 2014-04-21 19:03 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-14 17:22 - 2012-09-18 21:58 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-06 06:40 - 2014-05-14 22:26 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-14 22:26 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-14 22:26 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 22:26 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-03 18:06 - 2014-05-03 18:03 - 02565632 _____ () C:\Users\XXX\Downloads\MN100.exe
2014-05-03 18:00 - 2014-05-03 18:00 - 00509712 _____ (APPS installer) C:\Users\XXX\Downloads\MicroTek MN100 Camera Driver Driver.exe
2014-05-03 17:59 - 2014-05-03 17:59 - 00000000 _____ () C:\Users\XXX\Downloads\MICROTEK.exe
2014-05-03 17:32 - 2014-05-03 17:32 - 00000000 ____D () C:\Users\XXX\Documents\174765-520112-microtek-mn100.zip
2014-05-03 17:22 - 2014-05-03 17:22 - 00673992 _____ () C:\Users\XXX\Downloads\Brothersoft_downloader_For_MicroTek_MN100_Camera_Driver.exe
2014-05-03 16:51 - 2014-05-03 16:35 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\MODupRemover
2014-05-03 16:51 - 2014-05-03 16:34 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heiko Schröder Software
2014-05-03 16:19 - 2014-05-03 15:52 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Systweak
2014-05-03 15:51 - 2014-05-03 15:52 - 04345120 _____ (IT-Services Thomas Holz ) C:\Users\XXX\Downloads\DuplicateDeleteOutlook_D.exe
2014-05-02 20:02 - 2014-05-02 20:00 - 39338513 _____ () C:\Users\XXX\Downloads\videorepair.zip
2014-05-02 11:37 - 2014-05-02 11:37 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 11:37 - 2014-05-02 11:37 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 22:30 - 2014-05-15 13:11 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:30 - 2014-05-15 13:11 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 12:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-04-30 12:13 - 2012-09-18 21:40 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-29 14:00 - 2014-04-29 14:00 - 00226727 _____ () C:\Users\XXX\Downloads\mlss052.grf
2014-04-29 14:00 - 2014-04-29 14:00 - 00226727 _____ () C:\Users\XXX\Desktop\mlss052.grf
2014-04-29 13:51 - 2014-04-29 13:51 - 05703932 _____ () C:\Users\XXX\Desktop\Kingdom and Co., 27th Oct 2640.sav
2014-04-29 07:58 - 2014-04-29 07:18 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak1
2014-04-29 07:55 - 2014-04-29 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-04-29 07:55 - 2014-04-21 19:03 - 00001947 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-04-29 07:54 - 2014-04-29 07:54 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-04-29 07:46 - 2014-04-28 11:21 - 00000000 ____D () C:\Program Files (x86)\EMET 4.1
2014-04-29 07:43 - 2014-04-21 19:03 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-04-29 07:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2014-04-28 12:17 - 2014-04-28 12:17 - 00422358 _____ () C:\Users\XXX\Desktop\Anschreiben und Kooperationsangebot Eco Viva GmbH 2014 - Foodloose.dotx
2014-04-28 06:33 - 2014-04-28 06:33 - 00599240 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btfilter.sys
2014-04-25 14:49 - 2014-05-03 15:52 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot64.exe

Some content of TEMP:
====================
C:\Users\XXX\AppData\Local\Temp\avgnt.exe
C:\Users\XXX\AppData\Local\Temp\FoxySecuritySetup.exe
C:\Users\XXX\AppData\Local\Temp\instloffer.exe
C:\Users\XXX\AppData\Local\Temp\oi_{49DF3D21-7B18-4829-B84D-F49B816F2989}.exe
C:\Users\XXX\AppData\Local\Temp\ReimagePackage.exe
C:\Users\XXX\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!


LastRegBack: 2014-05-23 11:43

==================== End Of Log ============================
         

Alt 25.05.2014, 18:02   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1 (64) : TR/crypt.zpack.gen und cryptowall: persönliche Datein verschlüsselt - Standard

Windows 8.1 (64) : TR/crypt.zpack.gen und cryptowall: persönliche Datein verschlüsselt



Mal abgesehen von der Seuche auf dem Rechner, gibt es leider keine Option die Daten zu entschlüsseln, ausser zu bezahlen.
__________________

__________________

Alt 28.05.2014, 11:48   #3
Amor79
 
Windows 8.1 (64) : TR/crypt.zpack.gen und cryptowall: persönliche Datein verschlüsselt - Standard

Windows 8.1 (64) : TR/crypt.zpack.gen und cryptowall: persönliche Datein verschlüsselt



Hallo! Gibt es denn bezeugte Fälle, in denen nach Zahlung wirklich eine Decryption und Wiederherstellung der Daten stattgefunden hat? Ich habe einige Back-Up-Fotos. So wie es aussieht ist die Dateigröße verändert worden. Gibt es ein Tool, mit welchem ich die Dateien "auslesen" kann und so selbst eine Entschlüsselung vornehmen kann? Was kann ich sonst noch tun? Wirklich zahlen???
__________________

Alt 29.05.2014, 06:09   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1 (64) : TR/crypt.zpack.gen und cryptowall: persönliche Datein verschlüsselt - Standard

Windows 8.1 (64) : TR/crypt.zpack.gen und cryptowall: persönliche Datein verschlüsselt



Zitat:
Gibt es denn bezeugte Fälle, in denen nach Zahlung wirklich eine Decryption und Wiederherstellung der Daten stattgefunden hat?
Nur bei Cryptolocker-Infektion. DOrt gab es sogar ein Interview mt dem Autor. Dort wurde auch ein Link auf dem Desktop platziert, falls ein AV Programm die Malware löscht und so ein Bezahlen und Wiederherstellen unmöglich macht, dann konnte man die Malware neu laden.
Bei allen andern Verschlüsselungs-Trojanern nein, nix bestätigtes.

Wenn DU mit den hier am Board gängigen Tools nicht weiter kommst und keine Schattenkopien hast, kannst DU das nicht selbst machen.

Die sind RSA verschlüsselt mit einem Private Key. Ohne diesen Key geht gar nix. Dieser liegt beim Auto auf einem C&C Server.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 8.1 (64) : TR/crypt.zpack.gen und cryptowall: persönliche Datein verschlüsselt
association, bitcoin, branding, cryptowall, device driver, entfernen, esgscanner.sys, firefox, flash player, help, homepage, iexplore.exe, installation, internet, kunde, programm, reimage, reimage repair, safer networking, secure search, security, software, spotify web helper, spyhunter, spyhunter entfernen, spyware, svchost.exe, thomas, tr/crypt.zpack.gen, updates, vtoolbarupdater, wscript.exe, xperia



Ähnliche Themen: Windows 8.1 (64) : TR/crypt.zpack.gen und cryptowall: persönliche Datein verschlüsselt


  1. Windows 7 (64bit): TR/Crypt.ZPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 20.09.2015 (3)
  2. Dateien verschlüsselt evt. Cryptowall
    Log-Analyse und Auswertung - 09.09.2015 (4)
  3. Bilder auf USB Festplatte teilweise(nicht alle Bilder)mit Cryptowall 3 verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 08.08.2015 (3)
  4. Meine Word Datein sind mit VCEMIYB verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 31.10.2014 (3)
  5. TR/Crypt.Zpack.96184 und TR/Crypt.Zpack.96450 entgültig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 14.09.2014 (13)
  6. TR/Crypt.ZPACK.65462 [Windows 7]
    Plagegeister aller Art und deren Bekämpfung - 19.07.2014 (8)
  7. Vermute TR/Crypt.ZPACK.47328 und TR/Crypt.ZPACK.56424 auf dem Rechner
    Log-Analyse und Auswertung - 12.05.2014 (10)
  8. BSI Trojaner februar 2013, datein verschlüsselt mögliche rettung der Datein
    Log-Analyse und Auswertung - 25.02.2013 (9)
  9. Ucash Trojaner - alle Datein verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (2)
  10. Verschüsselungs Trojaner Alles Datein verschlüsselt
    Log-Analyse und Auswertung - 04.09.2012 (7)
  11. Datein verschlüsselt nach Mail von Spreadshirt und Rechnung.zip
    Log-Analyse und Auswertung - 06.06.2012 (5)
  12. Windows Datein Verschlüsselt
    Log-Analyse und Auswertung - 06.06.2012 (3)
  13. Trojaner verschlüsselt persönliche Dateien! (Ohne Lock-Zusatz)
    Plagegeister aller Art und deren Bekämpfung - 29.05.2012 (3)
  14. TR/dldr.swizzor.gen2, TR/crypt.xpack.gen, TR/crypt.zpack.gen unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (15)
  15. Computer infiziert: Crypt.ZPACK.Gen, Vundo.Gen (3mal), Crypt.ZPACK.Gen, Alureon.CZ
    Log-Analyse und Auswertung - 25.12.2009 (11)
  16. TR/Crypt.ZPACK.Gen in C:\WINDOWS\Temp\
    Plagegeister aller Art und deren Bekämpfung - 31.10.2009 (11)
  17. TR/Crypt.ZPACK.Gen in C:\WINDOWS\Temp\b2.exe
    Plagegeister aller Art und deren Bekämpfung - 27.07.2009 (1)

Zum Thema Windows 8.1 (64) : TR/crypt.zpack.gen und cryptowall: persönliche Datein verschlüsselt - Ich habe seit gestern keinen Zugriff mehr auf meine persönlichen Dateien (Word,jpg's,pdf's,excel). In den Verzeichnissen befinden sich 3 Datein die auf eine Cryptowall-Verschlüsselung hinweisen mit der Ansage, dass ich innerhalb - Windows 8.1 (64) : TR/crypt.zpack.gen und cryptowall: persönliche Datein verschlüsselt...
Archiv
Du betrachtest: Windows 8.1 (64) : TR/crypt.zpack.gen und cryptowall: persönliche Datein verschlüsselt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.