Windows 8.1 (64) : TR/crypt.zpack.gen und cryptowall: persönliche Datein verschlüsselt
Ich habe seit gestern keinen Zugriff mehr auf meine persönlichen Dateien (Word,jpg's,pdf's,excel). In den Verzeichnissen befinden sich 3 Datein die auf eine Cryptowall-Verschlüsselung hinweisen mit der Ansage, dass ich innerhalb von 4 Tagen 500€ per Bitcoin überweisen soll. Danach kostet das Ganze 1.000€. Nach der Zahlung soll ich den Schlüssel zum Wiederherstellen meiner Dateien erhalten.
Gibt es einen anderen Weg meine Daten zu retten? Systemwiederherstellungspunkte wurden gelöscht / werden nicht angezeigt. Frühere Versionen meiner Dateien werden nicht angezeigt.
Antivir hat vorgestern TR/crypt.zpack.gen gefunden.
Ich bin für einen wichtigen Termin in drei Tagen auf einige dieser Daten extrem angewiesen.Wer kann mir helfen?:heulen:
Liebe Grüße
Anbei meine Logfiles:
AVIRA Code:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 24. Mai 2014 15:25
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 8.1
Windowsversion : (plain) [6.2.9200]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : VAIO
Versionsinformationen:
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_5374a0ae\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig
Abweichende Gefahrenkategorien........: +SPR,
Beginn des Suchlaufs: Samstag, 24. Mai 2014 15:25
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\XXX\AppData\Local\Temp\UpdateFlashPlayer_7263bd21.exe'
C:\Users\André\AppData\Local\Temp\UpdateFlashPlayer_7263bd21.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen
Beginne mit der Suche in 'C:\Users\XXX\AppData\Local\Temp\UpdateFlashPlayer_c1376349.exe'
Der zu durchsuchende Pfad C:\Users\XXX\AppData\Local\Temp\UpdateFlashPlayer_c1376349.exe konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Desinfektion:
C:\Users\XXX\AppData\Local\Temp\UpdateFlashPlayer_7263bd21.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.Gen
[WARNUNG] Die Datei wurde ignoriert.
Ende des Suchlaufs: Samstag, 24. Mai 2014 15:55
Benötigte Zeit: 00:11 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
1579 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1578 Dateien ohne Befall
0 Archive wurden durchsucht
1 Warnungen
0 Hinweise
Die Suchergebnisse werden an den Guard übermittelt.
GMER Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-25 15:21:22
Windows 6.3.9600 x64 \Device\Harddisk0\DR0 -> \Device\0000002d rev. 0,00MB
Running: Gmer-19357.exe; Driver: C:\Users\XXX\AppData\Local\Temp\pxldypog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\ntoskrnl.exe!NtCallbackReturn + 960 fffff80034b5cd00 12 bytes [C0, 52, AC, FF, 02, AD, 4E, ...]
.text C:\WINDOWS\system32\ntoskrnl.exe!NtCallbackReturn + 973 fffff80034b5cd0d 23 bytes [B2, A2, 02, 00, C4, FF, FF, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff96000245c00 15 bytes [00, 8E, 0B, 02, 80, 32, 6E, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff96000245c10 11 bytes [00, 41, FC, FF, C0, 7D, F9, ...]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\Explorer.EXE[1140] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 714 00007ffc37c2154a 4 bytes [C2, 37, FC, 7F]
.text C:\WINDOWS\Explorer.EXE[1140] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 722 00007ffc37c21552 4 bytes [C2, 37, FC, 7F]
.text C:\WINDOWS\Explorer.EXE[1140] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 98 00007ffc37c2162a 4 bytes [C2, 37, FC, 7F]
.text C:\WINDOWS\Explorer.EXE[1140] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 122 00007ffc37c21642 4 bytes [C2, 37, FC, 7F]
.text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[2320] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 714 00007ffc37c2154a 4 bytes [C2, 37, FC, 7F]
.text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[2320] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 722 00007ffc37c21552 4 bytes [C2, 37, FC, 7F]
.text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[2320] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 98 00007ffc37c2162a 4 bytes [C2, 37, FC, 7F]
.text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[2320] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 122 00007ffc37c21642 4 bytes [C2, 37, FC, 7F]
.text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[2320] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffc3c7c169a 4 bytes [7C, 3C, FC, 7F]
.text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[2320] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffc3c7c16a2 4 bytes [7C, 3C, FC, 7F]
.text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[2320] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffc3c7c181a 4 bytes [7C, 3C, FC, 7F]
.text C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe[2320] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffc3c7c1832 4 bytes [7C, 3C, FC, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [496:520] fffff96000895b90
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior
---- EOF - GMER 2.1 ----
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 01
Ran by XXX at 2014-05-25 15:09:41
Running from C:\Users\XXX\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
1&1 SmartFax (HKLM-x32\...\1&1 SmartFax) (Version: 2.00.231 - 1&1 Internet AG)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{AF091FA7-20BF-49D4-4C98-4E4AD04D6FB3}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AudioExpert 10.0 (HKLM-x32\...\{B65893CF-96D3-4085-917B-D79CBB69257A}_is1) (Version: - Ulrich Decker Software Entwicklung)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.0.443 - AVG Technologies)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
Build-a-lot: On Vacation (x32 Version: 2.2.0.110 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Chronicles of Albian (x32 Version: 2.2.0.110 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1923 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1923 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5601.52 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 9.0.5601.52 - CyberLink Corp.) Hidden
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Stylus SX400 Series Printer Uninstall (HKLM\...\EPSON Stylus SX400 Series) (Version: - SEIKO EPSON Corporation)
Europa Universalis IV (HKLM-x32\...\Steam App 236850) (Version: - Paradox Development Studio)
Fakturama (HKLM-x32\...\Fakturama) (Version: 1.6.1 - sebulli.com)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser)
Foxy Security (HKLM-x32\...\Foxy Security) (Version: - )
GIMP 2.8.8 (HKLM\...\GIMP-2_is1) (Version: 2.8.8 - The GIMP Team)
Heroes of Hellas 3: Athens (x32 Version: 2.2.0.110 - WildTangent) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 38645) (Version: 03.05.11 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.3.1004 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Luxor HD (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
Metatogger 5.0 (HKLM-x32\...\{07D70D2D-9A74-4091-A4CF-44C36906DCA4}) (Version: 5.0.2.1 - Luminescence Software)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Connector für soziale Netzerker 32-Bit (HKLM-x32\...\{95140000-004E-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly)
OpenTTD 1.3.2 (HKLM-x32\...\OpenTTD) (Version: 1.3.2 - OpenTTD)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Ihr Firmenname)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.28121 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Rome - Total War - Gold Edition (HKLM-x32\...\{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}) (Version: 1.6 - The Creative Assembly)
Rome: Total War - Alexander (HKLM-x32\...\Steam App 4770) (Version: - The Creative Assembly)
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version: - The Creative Assembly)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SimCity 4 Deluxe (HKLM-x32\...\Steam App 24780) (Version: - EA - Maxis)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sony PC Companion 2.10.197 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Star Trek Online (HKLM-x32\...\Star Trek Online) (Version: - Cryptic Studios)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.0.0.08170 - Sony Corporation)
VAIO Care (HKLM\...\{92907606-B2FC-4193-B0CE-A21159DA3ABB}) (Version: 8.4.0.14286 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.0.0.08200 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.2.0.08150 - Sony Corporation) Hidden
VAIO Gate (HKLM-x32\...\{14AC95A2-7675-4988-A5BD-3F5B943AED08}) (Version: 3.0.0.08140 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.0.0.08060 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.0.0.08240 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.0.0.08240 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.0.00.08170 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.0.0.08090 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.0.08240 - Sony Corporation)
VAIO Movie Creator Template Data (HKLM-x32\...\InstallShield_{00A663F1-6C03-48CA-8E85-55806AAE2615}) (Version: 4.0.00.08170 - Sony Corporation)
VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO-Handbuch (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.8.0.08212 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VGClientX64 (Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WildTangent Games App (x32 Version: 4.0.8.7 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent sony Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XING Connector 1.2 (HKLM-x32\...\XING Connector) (Version: 1.2 - XING AG)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
==================== Restore Points =========================
25-05-2014 01:09:23 Installed SpyHunter
==================== Hosts content: ==========================
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {05CC2271-AE24-4B90-B11D-9D053A117A0C} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0FA42C04-BEBA-4F38-8CE6-8A4393494F1C} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {0FD1B5AA-A99B-4001-BC03-BE273E5B5FE7} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {14E2E53F-EBC2-4251-B5EE-3449691145B3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-25] (AVAST Software)
Task: {1506FD89-F3C4-49FE-9D02-D7CB263627B4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {25A89776-18C3-4B87-8BB2-458AEA29C9D6} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {31A1A25A-9172-4FD7-8B3F-2A25A441DFE1} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2012-08-14] (Sony Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {37742EC8-9F86-4D29-B982-41C0FC24CD1A} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4371F3B5-6705-40F3-93F3-CBD19B897CEE} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4B02E4FF-7CBA-4042-8245-CD84CAC2B72E} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation)
Task: {4DD61481-F347-476E-81B8-337CCE6261F4} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {4F8B8A52-86AF-4C38-986D-56203F89D5E1} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {548F9A57-7B3F-4A6B-96F5-BFA7A9B30CC2} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {54E87E50-6660-44AC-8C5B-C935FDD29576} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {56169C08-EDB5-4B81-B738-099901D6580D} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {6A73D9DE-B503-40DD-9CF3-8FC3C7DFA700} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-08-04] (Sony Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {72DEA927-BC98-4105-AD72-23B3D2273913} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-01-09] (Enigma Software Group USA, LLC.)
Task: {7341B5F8-E8D6-4AAD-A693-3D8CD4031EE4} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7D462285-B3A2-4342-B4BA-41E4D3D27833} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8AF70323-A085-45F8-B5CE-7BB0A0172265} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {904ACE57-6EA3-4223-AFDD-A44CF4862DCD} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {90A98F08-EED9-4BA8-AFD9-FF0AD4EC29DA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-15] (Microsoft Corporation)
Task: {9D8B614A-18D5-4E4F-9327-CCA726A8810E} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-07-31] (Sony Corporation)
Task: {9F0990E4-F568-4507-8C62-ABAFA104C6C8} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A31AAA18-D361-4231-89F9-1F3D551CDA11} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {A5D1729B-BDC9-42D6-B4DE-436A7EB93DC7} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {AA25F5C3-1602-4A05-99E2-5F2BF1A5C3D4} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {AA9C574F-EB34-4B1B-807A-70CDA7318808} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2012-08-09] (Sony Corporation)
Task: {AB38F923-30C3-425A-AFDD-F6855F11B909} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2012-08-09] (Sony Corporation)
Task: {B245A492-A9BC-4FC6-B1FD-60E3088B130C} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)
Task: {BC743E72-01AB-47B1-8B75-630C2DA9F84F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E200E5AC-B037-47A1-839A-8204B7979F44} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)
Task: {E63FE443-3D41-4B91-B469-0C19C5DB7B99} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F8087607-DDE4-4F9D-82EB-FEE428479FD3} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-08-09] (Sony Corporation)
Task: {FA339EB1-B9E4-4429-8D1B-8599E3B72FD4} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {FA56538F-6E18-49F1-A3D6-4AC2D1D25020} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {FB8B5B2E-3D9B-4257-B7DF-A539147D1654} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2014-05-25 02:44 - 2014-05-25 02:44 - 02557976 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2014-05-25 15:07 - 2014-05-25 15:07 - 00050477 _____ () C:\Users\XXX\Downloads\Defogger.exe
2014-03-21 18:58 - 2014-05-25 02:19 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-25 02:45 - 2014-05-25 02:44 - 00689688 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\18.1.0\NativeBrowserApi.dll
2014-05-25 02:44 - 2014-05-25 02:44 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\log4cplusU.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:9FF7C773
AlternateDataStreams: C:\Users\XXX\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\XXX\SkyDrive.old:ms-properties
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (whitelisted) =============
HKU\S-1-5-21-2844558096-537464712-762792896-1001\Software\Classes\.exe: exefile => <===== ATTENTION!
HKU\S-1-5-21-2844558096-537464712-762792896-1001\Software\Classes\exefile: <===== ATTENTION!
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Qualcomm Atheros AR3012 Bluetooth(R) Adapter
Description: Qualcomm Atheros AR3012 Bluetooth(R) Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/25/2014 02:41:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17037, Zeitstempel: 0x5312c30a
Name des fehlerhaften Moduls: MFMediaEngine.dll, Version: 6.3.9600.17042, Zeitstempel: 0x531ab26e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000761b3
ID des fehlerhaften Prozesses: 0xa78
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (05/25/2014 01:18:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17037, Zeitstempel: 0x5312c30a
Name des fehlerhaften Moduls: MFMediaEngine.dll, Version: 6.3.9600.17042, Zeitstempel: 0x531ab26e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000761b3
ID des fehlerhaften Prozesses: 0xd78
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (05/25/2014 01:18:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17037, Zeitstempel: 0x5312c30a
Name des fehlerhaften Moduls: MFMediaEngine.dll, Version: 6.3.9600.17042, Zeitstempel: 0x531ab26e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000761b3
ID des fehlerhaften Prozesses: 0x490
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (05/25/2014 09:18:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17037, Zeitstempel: 0x5312c30a
Name des fehlerhaften Moduls: MFMediaEngine.dll, Version: 6.3.9600.17042, Zeitstempel: 0x531ab26e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000761b3
ID des fehlerhaften Prozesses: 0xfdc
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (05/25/2014 09:18:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17037, Zeitstempel: 0x5312c30a
Name des fehlerhaften Moduls: MFMediaEngine.dll, Version: 6.3.9600.17042, Zeitstempel: 0x531ab26e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000761b3
ID des fehlerhaften Prozesses: 0x4c0
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5
Error: (05/25/2014 05:31:56 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "Coordinator" kann nicht gestartet werden. [0x80070005, Zugriff verweigert
]
Error: (05/25/2014 05:04:03 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (05/25/2014 04:59:14 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (05/25/2014 04:59:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Error: (05/25/2014 04:58:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
System errors:
=============
Error: (05/25/2014 03:09:57 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (05/25/2014 03:09:49 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (05/25/2014 03:09:49 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (05/25/2014 03:09:49 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (05/25/2014 03:09:49 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (05/25/2014 03:09:49 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (05/25/2014 03:09:49 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (05/25/2014 03:09:49 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (05/25/2014 03:09:49 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (05/25/2014 03:09:49 PM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchNicht verfügbar{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Microsoft Office Sessions:
=========================
Error: (04/02/2014 01:06:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 652 seconds with 0 seconds of active time. This session ended with a crash.
Error: (03/10/2014 08:22:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 25836 seconds with 1080 seconds of active time. This session ended with a crash.
Error: (05/27/2013 01:04:05 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 859 seconds with 600 seconds of active time. This session ended with a crash.
Error: (05/27/2013 00:49:31 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18090 seconds with 2940 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-03-04 13:52:26.477
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-03-04 13:52:26.281
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-03-04 13:52:24.653
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-03-04 13:52:23.377
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-02-28 06:18:13.293
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-02-28 06:18:13.137
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-02-28 06:18:11.121
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-02-28 06:18:10.684
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-02-28 04:39:59.619
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-02-28 04:39:59.416
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Percentage of memory in use: 49%
Total physical RAM: 4043.28 MB
Available physical RAM: 2048.3 MB
Total Pagefile: 6731.28 MB
Available Pagefile: 4759.46 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:435.9 GB) (Free:215.15 GB) NTFS
Drive d: (SONYSYS) (Fixed) (Total:0.25 GB) (Free:0.23 GB) FAT32
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 01
Ran by XXX (administrator) on VAIO on 25-05-2014 15:08:54
Running from C:\Users\XXX\Downloads
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avconfig.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
() C:\Users\XXX\Downloads\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-13] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-13] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-21] (Synaptics Incorporated)
HKLM\...\Run: [SpywareTerminatorShield] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] => C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [152896 2012-06-25] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3888648 2014-05-25] (AVAST Software)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2557976 2014-05-25] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2844558096-537464712-762792896-1001\...\Run: [Spotify] => C:\Users\XXX\AppData\Roaming\Spotify\Spotify.exe [6170168 2014-05-16] (Spotify Ltd)
HKU\S-1-5-21-2844558096-537464712-762792896-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1825984 2014-04-24] (Valve Corporation)
HKU\S-1-5-21-2844558096-537464712-762792896-1001\...\Run: [Spotify Web Helper] => C:\Users\XXX\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-16] (Spotify Ltd)
HKU\S-1-5-21-2844558096-537464712-762792896-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-2844558096-537464712-762792896-1001\...\Run: [Extion] => regsvr32.exe C:\Users\XXX\AppData\Local\Extion\AUDFoundation.dll <===== ATTENTION
HKU\S-1-5-21-2844558096-537464712-762792896-1001\...\Run: [EPSON Stylus SX400 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIEGE.EXE [221696 2007-12-17] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sony MSS.lnk
ShortcutTarget: Sony MSS.lnk -> C:\Program Files\Sony\MSS\3.8.141\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0b18d88.exe (VedSolutions Group)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {0B965EAE-EE5E-42B9-9C7F-3E048A68E0DA} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q312&_nkw={searchTerms}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={AD31AA94-C3F9-4133-9D5C-1F74AEFE735E}&mid=e3848176d5bc47d29d0cd977c83fbb47-a06706cc2bd61143ea2b512934e1a28a9fa07103&lang=en&ds=re011&coid=avgtbdisre&cmpid=&pr=sa&d=2014-05-25 02:45:34&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BEBEB37-6815-4B62-BE26-4B25C9D422EE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\Sony\MSS\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.0.443\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.0.443\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\zudj6mpe.default
FF DefaultSearchEngine: AVG Secure Search
FF SearchEngineOrder.1: Microsoft (Bing)
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxp://mysearch.avg.com?pid=safeguard&sg=&cid=%7B4a66fb63-8ca1-4709-8440-6d954941273e%7D&mid=e3848176d5bc47d29d0cd977c83fbb47-a06706cc2bd61143ea2b512934e1a28a9fa07103&ds=re011&coid=avgtbdisre&cmpid=&v=18.1.0.443&lang=en&pr=sa&d=2014-05-25%2002%3A45%3A34&sap=hp
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.0\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\Sony\MSS\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\zudj6mpe.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\zudj6mpe.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Foxy Security - C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\zudj6mpe.default\Extensions\sys@foxysecurity.com [2014-05-25]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-25]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.0.443
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.0.443 [2014-05-25]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
==================== Services (Whitelisted) =================
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-27] (Avira Operations GmbH & Co. KG)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-13] (Qualcomm Atheros Commnucations)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-25] (AVAST Software)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S3 McComponentHostServiceSony; C:\Program Files\Sony\MSS\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [625240 2013-09-28] (Sony Corporation)
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2012-08-08] (Sony Corporation)
S2 vToolbarUpdater18.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1801240 2014-05-25] (AVG Secure Search)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-13] (Atheros)
==================== Drivers (Whitelisted) ====================
R0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-25] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-25] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-25] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-25] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-25] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-25] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-25] ()
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-08-20] (Advanced Micro Devices)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-27] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50464 2014-05-25] (AVG Technologies)
S1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2014-02-27] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-14] (Avira Operations GmbH & Co. KG)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-13] (Qualcomm Atheros)
S3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-08-13] (Qualcomm Atheros)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
R0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-12-15] (Microsoft Corporation)
R0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-12-15] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-21] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation)
R0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-25 15:08 - 2014-05-25 15:09 - 00021263 _____ () C:\Users\XXX\Downloads\FRST.txt
2014-05-25 15:08 - 2014-05-25 15:08 - 02066944 _____ (Farbar) C:\Users\XXX\Downloads\FRST64.exe
2014-05-25 15:08 - 2014-05-25 15:08 - 00000000 ____D () C:\FRST
2014-05-25 15:07 - 2014-05-25 15:07 - 00050477 _____ () C:\Users\XXX\Downloads\Defogger.exe
2014-05-25 15:07 - 2014-05-25 15:07 - 00000472 _____ () C:\Users\XXX\Downloads\defogger_disable.log
2014-05-25 15:07 - 2014-05-25 15:07 - 00000000 _____ () C:\Users\XXX\defogger_reenable
2014-05-25 08:52 - 2014-05-25 08:54 - 00000000 _____ () C:\Recovery.txt
2014-05-25 08:47 - 2014-05-25 08:47 - 00614661 _____ () C:\Users\XXX\Desktop\decrypt_cryptodefense.zip
2014-05-25 08:47 - 2014-05-25 08:47 - 00000000 ____D () C:\Users\XXX\Desktop\decrypt_cryptodefense
2014-05-25 08:32 - 2014-05-25 08:32 - 00000000 ____D () C:\Users\XXX\Desktop\scareuncrypt
2014-05-25 08:22 - 2014-05-25 08:31 - 05840418 _____ () C:\Users\XXX\Desktop\scareuncrypt.zip
2014-05-25 07:06 - 2014-05-25 07:06 - 00002039 _____ () C:\Users\XXX\Desktop\Entfernen des Avira PC Cleaners.lnk
2014-05-25 07:06 - 2014-05-25 07:06 - 00001983 _____ () C:\Users\XXX\Desktop\Avira PC Cleaner.lnk
2014-05-25 07:05 - 2014-05-25 07:05 - 02278856 _____ () C:\Users\XXX\Downloads\avira_pc_cleaner_de.exe
2014-05-25 06:42 - 2014-05-25 06:42 - 00614661 _____ () C:\Users\XXX\Downloads\decrypt_cryptodefense.zip
2014-05-25 05:05 - 2014-05-25 05:05 - 00000136 _____ () C:\Users\XXX\AppData\Roaming\tmp_register.bat
2014-05-25 05:05 - 2014-05-25 05:05 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\BupSystem
2014-05-25 05:04 - 2014-05-25 05:05 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Security Systems
2014-05-25 05:03 - 2014-05-25 05:03 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\stflt.sys
2014-05-25 05:01 - 2014-05-25 14:55 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-05-25 05:00 - 2014-05-25 05:00 - 00937232 _____ (Crawler.com ) C:\Users\XXX\Desktop\SpywareTerminatorSetup.exe
2014-05-25 04:58 - 2014-05-25 04:58 - 00386920 _____ (Softonic ) C:\Users\XXX\Downloads\SoftonicDownloader_fuer_spyware-terminator.exe
2014-05-25 04:23 - 2014-05-25 04:23 - 00206336 _____ (VedSolutions Group) C:\Users\XXX\AppData\Roaming\0b18d88.exe
2014-05-25 03:38 - 2014-05-25 03:38 - 00001403 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-25 03:38 - 2014-05-25 03:38 - 00001391 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-25 03:38 - 2014-05-25 03:38 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-05-25 03:38 - 2014-05-25 03:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-25 03:37 - 2014-05-25 03:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-25 03:37 - 2014-05-25 03:38 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-25 03:37 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-05-25 03:34 - 2014-05-25 03:35 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\XXX\Downloads\spybot-2-2.exe
2014-05-25 03:12 - 2014-05-25 03:12 - 00000000 _____ () C:\autoexec.bat
2014-05-25 03:12 - 2012-06-22 11:01 - 00022704 _____ () C:\WINDOWS\system32\Drivers\EsgScanner.sys
2014-05-25 03:11 - 2014-05-25 03:11 - 00003318 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2014-05-25 03:11 - 2014-05-25 03:11 - 00002270 _____ () C:\Users\XXX\Desktop\SpyHunter.lnk
2014-05-25 03:11 - 2014-05-25 03:11 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-05-25 03:11 - 2014-05-25 03:11 - 00000000 ____D () C:\sh4ldr
2014-05-25 03:11 - 2014-05-25 03:11 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-25 02:45 - 2014-05-25 03:33 - 00000000 ____D () C:\Users\XXX\AppData\Local\AVG SafeGuard toolbar
2014-05-25 02:45 - 2014-05-25 02:45 - 00000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-05-25 02:45 - 2014-05-25 02:44 - 00050464 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys
2014-05-25 02:44 - 2014-05-25 02:45 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-05-25 02:44 - 2014-05-25 02:44 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-05-25 02:44 - 2014-05-25 02:44 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-05-25 02:44 - 2014-05-25 02:44 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-05-25 02:43 - 2014-05-25 02:46 - 00001752 _____ () C:\Users\Public\Desktop\Installation von Reimage Repair fortsetzen.lnk
2014-05-25 02:43 - 2014-05-25 02:43 - 00000099 _____ () C:\WINDOWS\Reimage.ini
2014-05-25 01:53 - 2014-05-25 01:53 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-05-25 01:53 - 2014-05-25 01:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-25 01:53 - 2014-05-25 01:52 - 00313256 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-05-25 01:53 - 2014-05-25 01:52 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-05-25 01:53 - 2014-05-25 01:52 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-05-25 01:52 - 2014-05-25 01:52 - 00000000 ____D () C:\Program Files\Java
2014-05-25 01:39 - 2014-05-25 01:39 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\AVAST Software
2014-05-25 01:37 - 2014-05-25 01:37 - 00001982 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-25 01:37 - 2014-05-25 01:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-25 01:36 - 2014-05-25 01:39 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-05-25 01:35 - 2014-05-25 01:37 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-05-25 01:35 - 2014-05-25 01:37 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-05-25 01:35 - 2014-05-25 01:37 - 00085328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1400974622015
2014-05-25 01:35 - 2014-05-25 01:35 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1400974622015
2014-05-25 01:35 - 2014-05-25 01:35 - 00334648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-05-25 01:35 - 2014-05-25 01:35 - 00208416 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-05-25 01:35 - 2014-05-25 01:35 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-05-25 01:33 - 2014-05-25 01:33 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-25 01:33 - 2014-05-25 01:33 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-24 15:33 - 2014-05-24 15:33 - 00008566 _____ () C:\Users\XXX\Downloads\DECRYPT_INSTRUCTION.HTML
2014-05-24 15:33 - 2014-05-24 15:33 - 00004670 _____ () C:\Users\XXX\Downloads\DECRYPT_INSTRUCTION.TXT
2014-05-24 15:33 - 2014-05-24 15:33 - 00000280 _____ () C:\Users\XXX\Downloads\DECRYPT_INSTRUCTION.URL
2014-05-24 15:30 - 2014-05-24 15:30 - 00008566 _____ () C:\Users\XXX\Documents\DECRYPT_INSTRUCTION.HTML
2014-05-24 15:30 - 2014-05-24 15:30 - 00004670 _____ () C:\Users\XXX\Documents\DECRYPT_INSTRUCTION.TXT
2014-05-24 15:30 - 2014-05-24 15:30 - 00000280 _____ () C:\Users\XXX\Documents\DECRYPT_INSTRUCTION.URL
2014-05-24 15:28 - 2014-05-24 15:28 - 00008566 _____ () C:\Users\XXX\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-05-24 15:28 - 2014-05-24 15:28 - 00004670 _____ () C:\Users\XXX\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-05-24 15:28 - 2014-05-24 15:28 - 00000280 _____ () C:\Users\XXX\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-05-24 15:13 - 2014-05-24 15:14 - 14443040 _____ (XING) C:\Users\XXX\Downloads\xingoutlookconnector.exe
2014-05-22 22:53 - 2014-05-22 22:53 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-05-19 01:20 - 2014-05-19 01:20 - 00004096 ___SH () C:\Users\XXX\Documents\Thumbs.db
2014-05-15 13:11 - 2014-05-01 22:30 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-15 13:11 - 2014-05-01 22:30 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 00:07 - 2014-05-15 00:07 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-05-14 22:28 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 22:28 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 22:27 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 22:27 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 22:27 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 22:27 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 22:27 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 22:27 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 22:27 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 22:27 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 22:27 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-14 22:27 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 22:27 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 22:27 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 22:27 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 22:27 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 22:27 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 22:27 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 22:27 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 22:27 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 22:27 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 22:27 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 22:27 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 22:27 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 22:27 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 22:27 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 22:27 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 22:27 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 22:27 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 22:27 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 22:27 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 22:27 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 22:26 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 22:26 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 22:26 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 22:26 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 22:26 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 22:26 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 22:26 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 22:26 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 22:26 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-14 22:26 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-07 12:32 - 2014-05-24 15:31 - 15488252 _____ () C:\Users\XXX\Downloads\Mehr Kunden - Mehr Umsatz - YouTube.mp4
2014-05-03 18:03 - 2014-05-03 18:06 - 02565632 _____ () C:\Users\XXX\Downloads\MN100.exe
2014-05-03 18:00 - 2014-05-03 18:00 - 00509712 _____ (APPS installer) C:\Users\XXX\Downloads\MicroTek MN100 Camera Driver Driver.exe
2014-05-03 17:59 - 2014-05-03 17:59 - 00000000 _____ () C:\Users\XXX\Downloads\MICROTEK.exe
2014-05-03 17:32 - 2014-05-03 17:32 - 00000000 ____D () C:\Users\XXX\Documents\174765-520112-microtek-mn100.zip
2014-05-03 17:22 - 2014-05-03 17:22 - 00673992 _____ () C:\Users\XXX\Downloads\Brothersoft_downloader_For_MicroTek_MN100_Camera_Driver.exe
2014-05-03 16:51 - 2014-05-24 15:30 - 00000000 ____D () C:\Users\XXX\Documents\MODupRemover
2014-05-03 16:35 - 2014-05-03 16:51 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\MODupRemover
2014-05-03 16:34 - 2014-05-03 16:51 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heiko Schröder Software
2014-05-03 15:53 - 2014-05-24 15:28 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Itsth
2014-05-03 15:52 - 2014-05-03 16:19 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Systweak
2014-05-03 15:52 - 2014-05-03 15:51 - 04345120 _____ (IT-Services Thomas Holz ) C:\Users\XXX\Downloads\DuplicateDeleteOutlook_D.exe
2014-05-03 15:52 - 2014-04-25 14:49 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot64.exe
2014-05-03 14:01 - 2014-05-25 07:12 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-02 20:32 - 2014-05-24 15:33 - 00000000 ____D () C:\Users\XXX\Downloads\videorepair
2014-05-02 20:00 - 2014-05-02 20:02 - 39338513 _____ () C:\Users\XXX\Downloads\videorepair.zip
2014-05-02 11:37 - 2014-05-02 11:37 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 11:37 - 2014-05-02 11:37 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 12:48 - 2014-05-24 15:29 - 00717080 _____ () C:\Users\XXX\Documents\aa.pptx
2014-04-29 14:00 - 2014-04-29 14:00 - 00226727 _____ () C:\Users\XXX\Downloads\mlss052.grf
2014-04-29 14:00 - 2014-04-29 14:00 - 00226727 _____ () C:\Users\XXX\Desktop\mlss052.grf
2014-04-29 13:51 - 2014-04-29 13:51 - 05703932 _____ () C:\Users\XXX\Desktop\Kingdom and Co., 27th Oct 2640.sav
2014-04-29 07:55 - 2014-04-29 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-04-29 07:54 - 2014-04-29 07:54 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-04-29 07:18 - 2014-04-29 07:58 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak1
2014-04-28 12:17 - 2014-04-28 12:17 - 00422358 _____ () C:\Users\XXX\Desktop\Anschreiben und Kooperationsangebot Eco Viva GmbH 2014 - Foodloose.dotx
2014-04-28 11:21 - 2014-04-29 07:46 - 00000000 ____D () C:\Program Files (x86)\EMET 4.1
2014-04-28 06:33 - 2014-04-28 06:33 - 00599240 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btfilter.sys
==================== One Month Modified Files and Folders =======
2014-05-25 15:09 - 2014-05-25 15:08 - 00021263 _____ () C:\Users\XXX\Downloads\FRST.txt
2014-05-25 15:08 - 2014-05-25 15:08 - 02066944 _____ (Farbar) C:\Users\XXX\Downloads\FRST64.exe
2014-05-25 15:08 - 2014-05-25 15:08 - 00000000 ____D () C:\FRST
2014-05-25 15:07 - 2014-05-25 15:07 - 00050477 _____ () C:\Users\XXX\Downloads\Defogger.exe
2014-05-25 15:07 - 2014-05-25 15:07 - 00000472 _____ () C:\Users\XXX\Downloads\defogger_disable.log
2014-05-25 15:07 - 2014-05-25 15:07 - 00000000 _____ () C:\Users\XXX\defogger_reenable
2014-05-25 15:07 - 2013-12-15 00:30 - 00000000 ____D () C:\Users\XXX
2014-05-25 14:55 - 2014-05-25 05:01 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-05-25 13:26 - 2013-12-14 19:33 - 00000000 ____D () C:\ProgramData\tmp
2014-05-25 13:21 - 2013-12-15 00:52 - 01213868 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-25 08:54 - 2014-05-25 08:52 - 00000000 _____ () C:\Recovery.txt
2014-05-25 08:52 - 2013-12-15 00:01 - 00000000 ____D () C:\Recovery
2014-05-25 08:47 - 2014-05-25 08:47 - 00614661 _____ () C:\Users\XXX\Desktop\decrypt_cryptodefense.zip
2014-05-25 08:47 - 2014-05-25 08:47 - 00000000 ____D () C:\Users\XXX\Desktop\decrypt_cryptodefense
2014-05-25 08:32 - 2014-05-25 08:32 - 00000000 ____D () C:\Users\XXX\Desktop\scareuncrypt
2014-05-25 08:31 - 2014-05-25 08:22 - 05840418 _____ () C:\Users\XXX\Desktop\scareuncrypt.zip
2014-05-25 07:12 - 2014-05-03 14:01 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-05-25 07:06 - 2014-05-25 07:06 - 00002039 _____ () C:\Users\XXX\Desktop\Entfernen des Avira PC Cleaners.lnk
2014-05-25 07:06 - 2014-05-25 07:06 - 00001983 _____ () C:\Users\XXX\Desktop\Avira PC Cleaner.lnk
2014-05-25 07:05 - 2014-05-25 07:05 - 02278856 _____ () C:\Users\XXX\Downloads\avira_pc_cleaner_de.exe
2014-05-25 06:42 - 2014-05-25 06:42 - 00614661 _____ () C:\Users\XXX\Downloads\decrypt_cryptodefense.zip
2014-05-25 06:04 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-25 06:03 - 2013-05-17 21:06 - 00000000 ____D () C:\WINDOWS\pss
2014-05-25 06:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-25 05:41 - 2014-04-21 19:03 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-25 05:34 - 2013-05-17 21:15 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2844558096-537464712-762792896-1001
2014-05-25 05:33 - 2013-05-17 21:28 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Spotify
2014-05-25 05:31 - 2013-05-20 21:22 - 04951552 ___SH () C:\Users\XXX\Desktop\Thumbs.db
2014-05-25 05:31 - 2013-05-17 21:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-25 05:05 - 2014-05-25 05:05 - 00000136 _____ () C:\Users\XXX\AppData\Roaming\tmp_register.bat
2014-05-25 05:05 - 2014-05-25 05:05 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\BupSystem
2014-05-25 05:05 - 2014-05-25 05:04 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Security Systems
2014-05-25 05:03 - 2014-05-25 05:03 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\stflt.sys
2014-05-25 05:00 - 2014-05-25 05:00 - 00937232 _____ (Crawler.com ) C:\Users\XXX\Desktop\SpywareTerminatorSetup.exe
2014-05-25 04:58 - 2014-05-25 04:58 - 00386920 _____ (Softonic ) C:\Users\XXX\Downloads\SoftonicDownloader_fuer_spyware-terminator.exe
2014-05-25 04:46 - 2013-05-18 12:43 - 02347520 ___SH () C:\Users\XXX\Downloads\Thumbs.db
2014-05-25 04:23 - 2014-05-25 04:23 - 00206336 _____ (VedSolutions Group) C:\Users\XXX\AppData\Roaming\0b18d88.exe
2014-05-25 04:22 - 2014-03-31 01:31 - 00000000 __RDO () C:\Users\XXX\SkyDrive
2014-05-25 04:20 - 2013-11-14 00:18 - 00008510 _____ () C:\WINDOWS\PFRO.log
2014-05-25 04:20 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-25 04:15 - 2013-08-22 16:46 - 00302204 _____ () C:\WINDOWS\setupact.log
2014-05-25 03:43 - 2014-05-25 03:37 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-25 03:38 - 2014-05-25 03:38 - 00001403 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-25 03:38 - 2014-05-25 03:38 - 00001391 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-25 03:38 - 2014-05-25 03:38 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-05-25 03:38 - 2014-05-25 03:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-25 03:38 - 2014-05-25 03:37 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-25 03:35 - 2014-05-25 03:34 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\XXX\Downloads\spybot-2-2.exe
2014-05-25 03:33 - 2014-05-25 02:45 - 00000000 ____D () C:\Users\XXX\AppData\Local\AVG SafeGuard toolbar
2014-05-25 03:12 - 2014-05-25 03:12 - 00000000 _____ () C:\autoexec.bat
2014-05-25 03:11 - 2014-05-25 03:11 - 00003318 _____ () C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2014-05-25 03:11 - 2014-05-25 03:11 - 00002270 _____ () C:\Users\XXX\Desktop\SpyHunter.lnk
2014-05-25 03:11 - 2014-05-25 03:11 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-05-25 03:11 - 2014-05-25 03:11 - 00000000 ____D () C:\sh4ldr
2014-05-25 03:11 - 2014-05-25 03:11 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-25 03:11 - 2014-02-27 11:38 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-05-25 02:46 - 2014-05-25 02:43 - 00001752 _____ () C:\Users\Public\Desktop\Installation von Reimage Repair fortsetzen.lnk
2014-05-25 02:45 - 2014-05-25 02:45 - 00000000 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-05-25 02:45 - 2014-05-25 02:44 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-05-25 02:44 - 2014-05-25 02:45 - 00050464 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys
2014-05-25 02:44 - 2014-05-25 02:44 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-05-25 02:44 - 2014-05-25 02:44 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-05-25 02:44 - 2014-05-25 02:44 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-05-25 02:43 - 2014-05-25 02:43 - 00000099 _____ () C:\WINDOWS\Reimage.ini
2014-05-25 02:20 - 2014-03-21 18:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-25 02:18 - 2013-05-27 13:06 - 00001509 _____ () C:\Users\XXX\Desktop\iexplore - Verknüpfung.lnk
2014-05-25 02:17 - 2014-03-21 18:58 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-25 02:17 - 2014-03-21 18:58 - 00001147 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-25 01:53 - 2014-05-25 01:53 - 00108968 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2014-05-25 01:53 - 2014-05-25 01:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-25 01:52 - 2014-05-25 01:53 - 00313256 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-05-25 01:52 - 2014-05-25 01:53 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-05-25 01:52 - 2014-05-25 01:53 - 00189352 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-05-25 01:52 - 2014-05-25 01:52 - 00000000 ____D () C:\Program Files\Java
2014-05-25 01:50 - 2013-09-15 21:28 - 00001116 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2014-05-25 01:50 - 2013-09-15 21:27 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-25 01:39 - 2014-05-25 01:39 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\AVAST Software
2014-05-25 01:39 - 2014-05-25 01:36 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-05-25 01:37 - 2014-05-25 01:37 - 00001982 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-25 01:37 - 2014-05-25 01:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-05-25 01:37 - 2014-05-25 01:35 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-05-25 01:37 - 2014-05-25 01:35 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-05-25 01:37 - 2014-05-25 01:35 - 00085328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1400974622015
2014-05-25 01:35 - 2014-05-25 01:35 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1400974622015
2014-05-25 01:35 - 2014-05-25 01:35 - 00334648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-05-25 01:35 - 2014-05-25 01:35 - 00208416 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-05-25 01:35 - 2014-05-25 01:35 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-05-25 01:35 - 2014-05-25 01:35 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-05-25 01:33 - 2014-05-25 01:33 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-25 01:33 - 2014-05-25 01:33 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-25 01:18 - 2013-12-15 14:17 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{33646DF5-EBCF-4B42-9921-E8947B80D34E}
2014-05-25 01:13 - 2013-05-17 21:08 - 00000000 ____D () C:\Users\XXX\Documents\Bluetooth Folder
2014-05-25 01:10 - 2013-08-22 16:46 - 00001196 _____ () C:\WINDOWS\setuperr.log
2014-05-25 00:53 - 2013-11-11 00:23 - 00000000 ____D () C:\Users\XXX\.gimp-2.8
2014-05-24 18:32 - 2013-05-17 21:28 - 00000000 ____D () C:\Users\XXX\AppData\Local\Spotify
2014-05-24 15:33 - 2014-05-24 15:33 - 00008566 _____ () C:\Users\XXX\Downloads\DECRYPT_INSTRUCTION.HTML
2014-05-24 15:33 - 2014-05-24 15:33 - 00004670 _____ () C:\Users\XXX\Downloads\DECRYPT_INSTRUCTION.TXT
2014-05-24 15:33 - 2014-05-24 15:33 - 00000280 _____ () C:\Users\XXX\Downloads\DECRYPT_INSTRUCTION.URL
2014-05-24 15:33 - 2014-05-02 20:32 - 00000000 ____D () C:\Users\XXX\Downloads\videorepair
2014-05-24 15:33 - 2013-12-15 16:14 - 39739928 _____ () C:\Users\XXX\Downloads\SME Merchant Presentation for Coaches DT.ppt
2014-05-24 15:32 - 2014-02-06 10:56 - 39739928 _____ () C:\Users\XXX\Downloads\SME Merchant Presentation for Coaches DT (1).ppt
2014-05-24 15:31 - 2014-05-07 12:32 - 15488252 _____ () C:\Users\XXX\Downloads\Mehr Kunden - Mehr Umsatz - YouTube.mp4
2014-05-24 15:31 - 2013-12-14 16:39 - 00000000 ____D () C:\Users\XXX\Downloads\GRF Editor v1.3.4
2014-05-24 15:31 - 2013-09-22 21:21 - 195937820 _____ () C:\Users\XXX\Downloads\Nass aber glücklich!).AVI
2014-05-24 15:31 - 2013-09-22 21:13 - 29649212 _____ () C:\Users\XXX\Downloads\MVI_4136.AVI
2014-05-24 15:30 - 2014-05-24 15:30 - 00008566 _____ () C:\Users\XXX\Documents\DECRYPT_INSTRUCTION.HTML
2014-05-24 15:30 - 2014-05-24 15:30 - 00004670 _____ () C:\Users\XXX\Documents\DECRYPT_INSTRUCTION.TXT
2014-05-24 15:30 - 2014-05-24 15:30 - 00000280 _____ () C:\Users\XXX\Documents\DECRYPT_INSTRUCTION.URL
2014-05-24 15:30 - 2014-05-03 16:51 - 00000000 ____D () C:\Users\XXX\Documents\MODupRemover
2014-05-24 15:30 - 2014-03-10 12:56 - 00030744 _____ () C:\Users\XXX\Downloads\140307 Party-Platzierungen Mintanine.xlsx
2014-05-24 15:30 - 2013-12-25 20:22 - 00000000 ____D () C:\Users\XXX\Documents\Paradox Interactive
2014-05-24 15:30 - 2013-06-11 14:13 - 00000000 ____D () C:\Users\XXX\Documents\PDF Architect Files
2014-05-24 15:29 - 2014-05-01 12:48 - 00717080 _____ () C:\Users\XXX\Documents\aa.pptx
2014-05-24 15:29 - 2014-04-08 18:03 - 00066584 _____ () C:\Users\XXX\Desktop\struktur.pptx
2014-05-24 15:29 - 2014-03-29 19:26 - 00009240 _____ () C:\Users\XXX\Documents\ant.xlsx
2014-05-24 15:29 - 2013-11-11 01:16 - 00067608 _____ () C:\Users\XXX\Desktop\Visitenkarte Alina.pptx
2014-05-24 15:29 - 2013-09-12 17:59 - 14254360 _____ () C:\Users\XXX\Desktop\Grundsatzpräsentation WWF Partnerschaft light kompr neu.ppt
2014-05-24 15:29 - 2013-08-04 21:25 - 00016920 _____ () C:\Users\XXX\Desktop\August.xlsx
2014-05-24 15:29 - 2013-07-20 21:19 - 00204824 _____ () C:\Users\XXX\Desktop\Entwurf.pptx
2014-05-24 15:28 - 2014-05-24 15:28 - 00008566 _____ () C:\Users\XXX\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-05-24 15:28 - 2014-05-24 15:28 - 00004670 _____ () C:\Users\XXX\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-05-24 15:28 - 2014-05-24 15:28 - 00000280 _____ () C:\Users\XXX\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-05-24 15:28 - 2014-05-03 15:53 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Itsth
2014-05-24 15:28 - 2014-03-28 15:03 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Skype
2014-05-24 15:28 - 2014-03-28 15:03 - 00000000 ____D () C:\Users\XXX\AppData\Local\Skype
2014-05-24 15:28 - 2014-03-21 18:58 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Mozilla
2014-05-24 15:28 - 2014-03-10 13:36 - 00011032 _____ () C:\Users\XXX\Desktop\140307 Party-Platzierungen Mintanine.xlsx
2014-05-24 15:28 - 2014-01-03 17:50 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\AudioXP
2014-05-24 15:28 - 2013-05-17 21:07 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Adobe
2014-05-24 15:28 - 2013-05-17 21:06 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Sony Corporation
2014-05-24 15:24 - 2014-01-03 19:35 - 00000000 ____D () C:\Users\XXX\AppData\Local\Luminescence_Software
2014-05-24 15:23 - 2013-12-14 19:33 - 00000000 ____D () C:\ProgramData\hps
2014-05-24 15:23 - 2013-09-22 15:26 - 00000000 ____D () C:\ProgramData\Sony
2014-05-24 15:23 - 2012-09-18 21:16 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-05-24 15:17 - 2013-05-17 21:07 - 00000000 ___RD () C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 15:15 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-24 15:14 - 2014-05-24 15:13 - 14443040 _____ (XING) C:\Users\XXX\Downloads\xingoutlookconnector.exe
2014-05-24 15:10 - 2013-05-17 21:05 - 00000000 ____D () C:\Users\XXX\AppData\Local\Packages
2014-05-24 01:30 - 2013-09-14 21:36 - 00000000 ____D () C:\Users\XXX\Documents\OpenTTD
2014-05-23 01:29 - 2014-01-03 19:35 - 00000000 ____D () C:\Update
2014-05-22 22:53 - 2014-05-22 22:53 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-05-22 22:53 - 2012-09-18 22:11 - 00000000 ____D () C:\Program Files\Sony
2014-05-22 22:53 - 2012-09-18 21:40 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Sony Corporation
2014-05-22 22:53 - 2012-09-18 21:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-20 13:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-05-20 12:35 - 2013-11-14 09:27 - 01785582 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-20 12:35 - 2013-11-14 09:11 - 00769092 _____ () C:\WINDOWS\system32\perfh007.dat
2014-05-20 12:35 - 2013-11-14 09:11 - 00160376 _____ () C:\WINDOWS\system32\perfc007.dat
2014-05-19 01:20 - 2014-05-19 01:20 - 00004096 ___SH () C:\Users\XXX\Documents\Thumbs.db
2014-05-15 14:12 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-15 13:14 - 2013-05-17 21:07 - 00000000 ___RD () C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 00:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-15 00:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 00:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 00:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-15 00:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-15 00:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-15 00:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 00:14 - 2013-08-26 23:52 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-15 00:14 - 2013-05-17 21:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 00:10 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-15 00:10 - 2013-05-18 03:06 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-15 00:07 - 2014-05-15 00:07 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-05-14 17:41 - 2014-04-21 19:03 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-14 17:22 - 2012-09-18 21:58 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-06 06:40 - 2014-05-14 22:26 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-14 22:26 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-14 22:26 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 22:26 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-03 18:06 - 2014-05-03 18:03 - 02565632 _____ () C:\Users\XXX\Downloads\MN100.exe
2014-05-03 18:00 - 2014-05-03 18:00 - 00509712 _____ (APPS installer) C:\Users\XXX\Downloads\MicroTek MN100 Camera Driver Driver.exe
2014-05-03 17:59 - 2014-05-03 17:59 - 00000000 _____ () C:\Users\XXX\Downloads\MICROTEK.exe
2014-05-03 17:32 - 2014-05-03 17:32 - 00000000 ____D () C:\Users\XXX\Documents\174765-520112-microtek-mn100.zip
2014-05-03 17:22 - 2014-05-03 17:22 - 00673992 _____ () C:\Users\XXX\Downloads\Brothersoft_downloader_For_MicroTek_MN100_Camera_Driver.exe
2014-05-03 16:51 - 2014-05-03 16:35 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\MODupRemover
2014-05-03 16:51 - 2014-05-03 16:34 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heiko Schröder Software
2014-05-03 16:19 - 2014-05-03 15:52 - 00000000 ____D () C:\Users\XXX\AppData\Roaming\Systweak
2014-05-03 15:51 - 2014-05-03 15:52 - 04345120 _____ (IT-Services Thomas Holz ) C:\Users\XXX\Downloads\DuplicateDeleteOutlook_D.exe
2014-05-02 20:02 - 2014-05-02 20:00 - 39338513 _____ () C:\Users\XXX\Downloads\videorepair.zip
2014-05-02 11:37 - 2014-05-02 11:37 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 11:37 - 2014-05-02 11:37 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 22:30 - 2014-05-15 13:11 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:30 - 2014-05-15 13:11 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 12:13 - 2013-08-22 17:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-04-30 12:13 - 2012-09-18 21:40 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-04-29 14:00 - 2014-04-29 14:00 - 00226727 _____ () C:\Users\XXX\Downloads\mlss052.grf
2014-04-29 14:00 - 2014-04-29 14:00 - 00226727 _____ () C:\Users\XXX\Desktop\mlss052.grf
2014-04-29 13:51 - 2014-04-29 13:51 - 05703932 _____ () C:\Users\XXX\Desktop\Kingdom and Co., 27th Oct 2640.sav
2014-04-29 07:58 - 2014-04-29 07:18 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak1
2014-04-29 07:55 - 2014-04-29 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-04-29 07:55 - 2014-04-21 19:03 - 00001947 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-04-29 07:54 - 2014-04-29 07:54 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-04-29 07:46 - 2014-04-28 11:21 - 00000000 ____D () C:\Program Files (x86)\EMET 4.1
2014-04-29 07:43 - 2014-04-21 19:03 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-04-29 07:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2014-04-28 12:17 - 2014-04-28 12:17 - 00422358 _____ () C:\Users\XXX\Desktop\Anschreiben und Kooperationsangebot Eco Viva GmbH 2014 - Foodloose.dotx
2014-04-28 06:33 - 2014-04-28 06:33 - 00599240 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btfilter.sys
2014-04-25 14:49 - 2014-05-03 15:52 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot64.exe
Some content of TEMP:
====================
C:\Users\XXX\AppData\Local\Temp\avgnt.exe
C:\Users\XXX\AppData\Local\Temp\FoxySecuritySetup.exe
C:\Users\XXX\AppData\Local\Temp\instloffer.exe
C:\Users\XXX\AppData\Local\Temp\oi_{49DF3D21-7B18-4829-B84D-F49B816F2989}.exe
C:\Users\XXX\AppData\Local\Temp\ReimagePackage.exe
C:\Users\XXX\AppData\Local\Temp\SHSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!
LastRegBack: 2014-05-23 11:43
==================== End Of Log ============================
|
