Log vom Virenprogramm Code:
Risiko,Dateiname,Typ,Quelladresse,Status,Datum,Dateierstellungsdatum
"Trojan.ADH.SMH","qEOn7Lnw.exe.part","Backup","C:\Users\Fate\AppData\Local\Temp\","Infiziert","20.08.2014 16:38","20.08.2014 15:37"
"Trojan.ADH.SMH","FJI9eeKw.exe.part","Backup","C:\Users\Fate\AppData\Local\Temp\","Infiziert","20.08.2014 16:38","20.08.2014 15:37"
"Trojan.ADH.SMH","_DlASyhH.exe.part","Backup","C:\Users\Fate\AppData\Local\Temp\","Infiziert","20.08.2014 16:38","20.08.2014 15:38"
"NetCat","nc.exe","Isolieren","C:\Users\Fate\AppData\Local\Temp\Rar$EXa0.733\router\FRITZ!Box\","Infiziert","25.07.2014 17:56","25.07.2014 16:55"
"NetCat","nc.exe","Isolieren","C:\Users\Fate\AppData\Local\Temp\Rar$EXa0.568\router\FRITZ!Box\","Infiziert","25.07.2014 17:56","25.07.2014 16:56"
"WS.Reputation.1","Java_Portable_7.0.650.19_32-64_bit_Online.exe","Wiederhergestellt","C:\Users\Administrator\Desktop\","Infiziert","16.07.2014 17:34","16.07.2014 16:33"
"WS.Reputation.1","Flash_Portable_14.0.0.145_32-64_Plugin.exe","Wiederhergestellt","C:\Users\Administrator\Desktop\","Infiziert","16.07.2014 17:36","16.07.2014 16:33"
"Trojan.ADH.2","Windows.7.Loader.exe","Backup","C:\Users\Fate\Downloads\Windows.7.Aktivator.Loader.exe\","Infiziert","21.08.2014 08:59","21.08.2014 07:32"
"Trojan.ADH.2","JDownloader2Setup[1].exe","Backup","C:\Users\Fate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3I8OFFKQ\","Infiziert","25.07.2014 23:42","25.07.2014 22:42"
"Trojan.ADH.2","JDSetup130507981355622980.exe","Backup","C:\Users\Fate\AppData\Local\Temp\","Infiziert","25.07.2014 23:42","25.07.2014 22:42"
"Trojan.ADH.2","JDSetup130507990517106987.exe","Backup","C:\Users\Fate\AppData\Local\Temp\","Infiziert","25.07.2014 23:57","25.07.2014 22:57"
"Trojan.ADH.2","JDownloader2Setup[1].exe","Backup","C:\Users\Fate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLQFIQQK\","Infiziert","25.07.2014 23:57","25.07.2014 22:57"
"Trojan.ADH.2","Windows.7.Loader.exe","Backup","C:\Users\Fate\Downloads\Windows.7.Aktivator.Loader.exe\","Infiziert","21.08.2014 08:34","21.08.2014 07:32"
"Trojan.ADH.2","JDSetup130507991129662023.exe","Backup","C:\Users\Fate\AppData\Local\Temp\","Infiziert","26.07.2014 10:10","25.07.2014 22:58"
"SearchProtect","sp-downloader[1].exe","Isolieren","C:\Users\Fate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLQFIQQK\","Infiziert","23.09.2014 12:24","23.09.2014 11:23"
"SearchProtect","sp-downloader.exe","Isolieren","C:\Users\Fate\AppData\Local\Temp\nsa66D3.tmp\","Infiziert","23.09.2014 12:24","23.09.2014 11:23"
"Trojan.ADH.2","xxx.rar","Isolieren","C:\$Recycle.Bin\S-1-5-21-3339884646-4194768031-2543446111-1002\$RQZ8AMC.exe\","Infiziert","24.08.2014 18:44","21.08.2014 07:32" Rest kommt gleich
FRST Teil 1
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014
Ran by Fate (administrator) on FATE-PC on 27-10-2014 15:17:34
Running from C:\Users\Fate\Downloads
Loaded Profile: Fate (Available profiles: Fate)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncservice.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
() C:\Program Files (x86)\Search Extensions\Client.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserverui.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
(ICQ) C:\Users\Fate\AppData\Roaming\ICQM\icq.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CHIP) C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\SmcGui.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112856 2014-04-14] (VMware, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3339884646-4194768031-2543446111-1002\...\Run: [icq] => C:\Users\Fate\AppData\Roaming\ICQM\icq.exe [34983944 2014-07-22] (ICQ)
Startup: C:\Users\Fate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Fate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49257;https=127.0.0.1:49257
SearchScopes: HKCU - DefaultScope {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKCU - {637D6E3C-DF93-48A5-8362-159A8AC56B11} URL = hxxp://www.google.com/search?hl=en&q={searchTerms}&meta=
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Fate\AppData\Roaming\Mozilla\Firefox\Profiles\8ft9w066.default
FF NewTab: about:home
FF Homepage: hxxp://www.ballpython-community.com/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20((url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*'))%20%7B%20return%20'PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Fate\AppData\Roaming\Mozilla\Firefox\Profiles\8ft9w066.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Fate\AppData\Roaming\Mozilla\Firefox\Profiles\8ft9w066.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Fate\AppData\Roaming\Mozilla\Firefox\Profiles\8ft9w066.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Fate\AppData\Roaming\Mozilla\Firefox\Profiles\8ft9w066.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Fate\AppData\Roaming\Mozilla\Firefox\Profiles\8ft9w066.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WEB.DE MailCheck - C:\Users\Fate\AppData\Roaming\Mozilla\Firefox\Profiles\8ft9w066.default\Extensions\toolbar@web.de [2014-09-19]
FF Extension: YouTube Unblocker - C:\Users\Fate\AppData\Roaming\Mozilla\Firefox\Profiles\8ft9w066.default\Extensions\youtubeunblocker@unblocker.yt [2014-10-17]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Fate\AppData\Roaming\Mozilla\Firefox\Profiles\8ft9w066.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-09-15]
FF Extension: TrueDownloader - C:\Users\Fate\AppData\Roaming\Mozilla\Firefox\Profiles\8ft9w066.default\Extensions\{49396D47-2ACE-4BEA-8E7B-A6B67F17DDBE}.xpi [2014-08-25]
FF Extension: UITBAutoInstaller - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2014-09-25]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\IPSFF [2014-10-11]
FF HKLM-x32\...\Firefox\Extensions: [{b5c5f665-7989-464f-8ec3-30b9885084df}] - C:\Program Files (x86)\WinGuard\winguard.xpi
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-08-04]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe [153600 2010-09-17] (Firebird Project) [File not signed]
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [5624320 2010-09-17] (Firebird Project) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [37176 2014-06-05] (The OpenVPN Project)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [144496 2014-09-13] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe [394592 2014-09-13] (Symantec Corporation)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-04-14] ()
R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [638272 2014-06-03] (RealVNC Ltd)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20141003.013\BHDrvx64.sys [1586904 2014-09-13] (Symantec Corporation)
R1 ccSettings_{D4C97850-91FC-41F0-835D-8F51DF18E7B4}; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [162392 2014-09-13] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20141023.013\IDSvia64.sys [525016 2014-10-23] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141026.020\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20141026.020\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
S3 rccfg; C:\Windows\system32\drivers\rccfg.sys [21680 2013-03-28] (AMD, Inc.)
S3 rcraid; C:\Windows\system32\drivers\rcraid.sys [526000 2013-03-28] (AMD, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSP64.SYS [880856 2014-09-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSPX64.SYS [37592 2014-09-13] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys [36952 2014-09-13] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys [1611992 2014-10-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS [266968 2014-09-13] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS [593112 2014-09-13] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159552 2014-10-11] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [107504 2014-09-13] (Symantec Corporation)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [32472 2014-04-14] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 SymEPSecFlt; [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-27 15:14 - 2014-10-27 15:14 - 00002751 _____ () C:\Users\Fate\Documents\1.txt
2014-10-27 15:05 - 2014-10-27 15:05 - 00002751 _____ () C:\Users\Fate\Documents\1.csv
2014-10-27 15:04 - 2014-10-27 15:17 - 00016777 _____ () C:\Users\Fate\Downloads\FRST.txt
2014-10-27 15:04 - 2014-10-27 15:05 - 00018066 _____ () C:\Users\Fate\Downloads\Addition.txt
2014-10-27 15:03 - 2014-10-27 15:17 - 00000000 ____D () C:\FRST
2014-10-27 15:02 - 2014-10-27 15:02 - 02113024 _____ (Farbar) C:\Users\Fate\Downloads\FRST64.exe
2014-10-26 22:09 - 2014-10-26 22:10 - 00000000 ____D () C:\Users\Fate\Downloads\Sweethearts Porn Tour 13
2014-10-26 22:07 - 2014-10-26 22:08 - 00000000 ____D () C:\Users\Fate\Downloads\She Loves To Fuck
2014-10-26 16:28 - 2014-10-26 16:29 - 00000000 ____D () C:\Neuer Ordner
2014-10-26 15:19 - 2014-10-26 15:19 - 00000000 ____D () C:\Users\Fate\Downloads\Anikka Vol 2
2014-10-26 15:15 - 2014-10-26 15:16 - 00000000 ____D () C:\Users\Fate\Downloads\Horny Black Babysitters 3
2014-10-26 15:07 - 2014-10-26 15:07 - 00000000 ____D () C:\Users\Fate\Downloads\Horny Black Babysitters 2
2014-10-26 15:06 - 2014-10-26 15:06 - 00000000 ____D () C:\Users\Fate\Downloads\Discovering The Girl Next Door 4
2014-10-26 15:00 - 2014-10-26 15:03 - 00000000 ____D () C:\Users\Fate\Downloads\Couples Seeking Teens 5
2014-10-26 15:00 - 2014-10-26 15:02 - 00000000 ____D () C:\Users\Fate\Downloads\Couples Seeking Teens 2
2014-10-26 15:00 - 2014-10-26 15:01 - 00000000 ____D () C:\Users\Fate\Downloads\Couples Seeking Teens 3
2014-10-26 14:57 - 2014-10-26 14:57 - 00000000 ____D () C:\Users\Fate\Downloads\When Girls Play 2
2014-10-26 14:46 - 2014-10-26 14:47 - 00000000 ____D () C:\Users\Fate\Downloads\When Girls Play 7
2014-10-26 14:26 - 2014-10-26 14:26 - 00000000 ____D () C:\Users\Fate\Downloads\Smokin Hot Latinas 5
2014-10-26 14:17 - 2014-10-26 14:17 - 00000000 ____D () C:\Users\Fate\Downloads\New Girl In Town 8
2014-10-26 14:15 - 2014-10-26 14:15 - 00000000 ____D () C:\Users\Fate\Downloads\Mary Pops In The Magical Nanny
2014-10-24 12:02 - 2014-10-24 12:02 - 00001001 _____ () C:\Users\Fate\Desktop\Winamp.lnk
2014-10-24 11:56 - 2014-10-24 11:56 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-24 11:55 - 2014-10-24 11:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2014-10-24 11:53 - 2014-10-24 11:56 - 00000000 ____D () C:\Users\Fate\AppData\Roaming\Winamp
2014-10-24 11:50 - 2014-10-24 11:55 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-10-23 19:22 - 2014-10-23 19:22 - 1433336664 _____ () C:\Users\Fate\Downloads\A.Million.Ways.to.Die.in.the.West.UNRATED.German.AC3D.HDRip.x264-Chefflo.mkv
2014-10-20 11:14 - 2014-10-20 11:14 - 00000000 ____D () C:\Users\Fate\AppData\Roaming\mp3DirectCut
2014-10-20 11:03 - 2014-10-20 11:03 - 00001059 _____ () C:\Users\Fate\Desktop\mp3DirectCut.lnk
2014-10-20 11:03 - 2014-10-20 11:03 - 00000000 ____D () C:\Program Files (x86)\mp3DirectCut
2014-10-17 08:49 - 2014-10-17 08:49 - 00505384 _____ () C:\Windows\Minidump\101714-37237-01.dmp
2014-10-17 08:41 - 2014-10-17 08:41 - 00505384 _____ () C:\Windows\Minidump\101714-37455-01.dmp
2014-10-16 11:24 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 11:24 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 11:24 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 11:24 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 11:24 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 11:24 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 11:24 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 11:24 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 11:24 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 11:24 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 11:24 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 11:24 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 11:24 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 11:24 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 11:24 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 11:24 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 11:24 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 11:24 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 11:24 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 11:24 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 11:24 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 11:24 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 11:24 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 11:24 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 11:24 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 11:24 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 11:24 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 11:24 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 11:24 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 11:24 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 11:24 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 11:24 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 11:24 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 11:24 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 11:24 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 11:24 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 11:24 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 11:24 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 11:24 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 11:24 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 11:24 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 11:24 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 11:24 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 11:24 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 11:24 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 11:24 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 11:24 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 11:24 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 11:24 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 11:24 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 11:24 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 11:24 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 11:24 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 11:24 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 11:24 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 11:24 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 11:24 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 11:24 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 11:24 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 11:24 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 11:24 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 11:24 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 11:24 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 11:24 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 11:24 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 11:24 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 11:23 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 11:23 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 11:23 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 11:23 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 11:23 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 11:23 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 11:23 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 11:23 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 11:23 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 11:23 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 11:23 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 11:23 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 11:23 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 11:23 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 11:23 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 11:23 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 11:23 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 11:23 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 11:23 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 11:23 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-10 19:15 - 2014-10-10 19:15 - 00000000 ____D () C:\Windows\system32\Drivers\symefasi
2014-10-10 19:15 - 2014-10-10 19:15 - 00000000 ____D () C:\ProgramData\SymEFASI
2014-10-07 12:52 - 2014-10-07 12:52 - 00000000 ____D () C:\Users\Fate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SAM Broadcaster
2014-10-01 07:00 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 07:00 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-27 12:11 - 2014-09-27 12:11 - 00505384 _____ () C:\Windows\Minidump\092714-36987-01.dmp
2014-09-27 12:05 - 2014-09-27 12:05 - 00505352 _____ () C:\Windows\Minidump\092714-35630-01.dmp
FRST Teil 2 Code:
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-27 14:49 - 2014-09-16 08:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-27 12:19 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-27 12:19 - 2009-07-14 05:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-27 11:36 - 2014-07-16 16:17 - 00000000 ____D () C:\ProgramData\Symantec
2014-10-27 11:20 - 2010-11-21 07:50 - 00701568 _____ () C:\Windows\system32\perfh007.dat
2014-10-27 11:20 - 2010-11-21 07:50 - 00150234 _____ () C:\Windows\system32\perfc007.dat
2014-10-27 11:20 - 2009-07-14 06:13 - 01626622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-27 11:15 - 2014-07-21 17:19 - 01065513 _____ () C:\Windows\WindowsUpdate.log
2014-10-27 11:11 - 2014-07-24 19:17 - 00024780 _____ () C:\Windows\setupact.log
2014-10-27 11:11 - 2014-07-16 15:57 - 00000000 ____D () C:\ProgramData\VMware
2014-10-27 11:11 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 11:40 - 2014-09-04 13:06 - 00000000 ____D () C:\Users\Fate\Desktop\1
2014-10-23 18:12 - 2014-07-28 19:30 - 00000000 ____D () C:\Users\Fate\AppData\Roaming\vlc
2014-10-21 13:02 - 2014-07-31 12:13 - 00000000 ____D () C:\ProgramData\firebird
2014-10-17 12:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 12:09 - 2014-08-19 10:42 - 00149504 ___SH () C:\Users\Fate\Documents\Thumbs.db
2014-10-17 08:49 - 2014-08-05 07:19 - 694474277 _____ () C:\Windows\MEMORY.DMP
2014-10-17 08:49 - 2014-08-05 07:19 - 00000000 ____D () C:\Windows\Minidump
2014-10-16 18:19 - 2009-07-14 05:45 - 00298224 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 18:18 - 2014-07-21 18:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-14 19:13 - 2014-07-25 22:59 - 00000000 ____D () C:\Users\Fate\AppData\Local\JDownloader v2.0
2014-10-13 09:28 - 2014-07-25 16:24 - 00610910 _____ () C:\Windows\PFRO.log
2014-10-11 06:25 - 2014-07-21 17:27 - 00000000 ____D () C:\Users\Fate
2014-10-11 05:03 - 2014-07-16 16:17 - 00579936 _____ (Symantec Corporation) C:\Windows\system32\SymVPN.dll
2014-10-11 05:03 - 2014-07-16 16:17 - 00462688 _____ (Symantec Corporation) C:\Windows\system32\sysfer.dll
2014-10-11 05:03 - 2014-07-16 16:17 - 00424288 _____ (Symantec Corporation) C:\Windows\SysWOW64\SymVPN.dll
2014-10-11 05:03 - 2014-07-16 16:17 - 00363872 _____ (Symantec Corporation) C:\Windows\SysWOW64\sysfer.dll
2014-10-11 05:03 - 2014-07-16 16:17 - 00159552 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SysPlant.sys
2014-10-11 05:03 - 2014-07-16 16:17 - 00159072 _____ (Symantec Corporation) C:\Windows\system32\FwsVpn.dll
2014-10-11 05:03 - 2014-07-16 16:17 - 00139104 _____ (Symantec Corporation) C:\Windows\SysWOW64\FwsVpn.dll
2014-10-11 05:03 - 2014-07-16 16:17 - 00058720 _____ (Symantec Corporation) C:\Windows\system32\snacnp.dll
2014-10-11 05:03 - 2014-07-16 16:17 - 00051552 _____ (Symantec Corporation) C:\Windows\SysWOW64\snacnp.dll
2014-10-11 05:03 - 2014-07-16 16:17 - 00039384 _____ (Symantec Corporation) C:\Windows\system32\Drivers\WGX64.SYS
2014-10-11 05:03 - 2014-07-16 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2014-10-10 19:15 - 2014-07-16 16:19 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-10-10 19:15 - 2014-07-16 16:19 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-10-10 19:13 - 2014-07-16 16:17 - 00000000 ____D () C:\Windows\system32\Drivers\SEP
2014-10-10 19:13 - 2014-07-16 16:17 - 00000000 ____D () C:\ProgramData\regid.1992-12.com.symantec
2014-10-07 12:53 - 2014-07-31 12:13 - 00000000 ____D () C:\Users\Fate\AppData\Local\SpacialAudio
2014-10-07 12:52 - 2014-07-31 12:11 - 00002032 _____ () C:\Users\Fate\Desktop\SAM Broadcaster.lnk
2014-10-05 09:27 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-01 21:01 - 2014-07-24 14:00 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-28 10:15 - 2014-08-19 17:11 - 00000000 ____D () C:\Users\Fate\AppData\Roaming\TS3Client
2014-09-27 12:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
Some content of TEMP:
====================
C:\Users\Fate\AppData\Local\Temp\amazonicon_v8.exe
C:\Users\Fate\AppData\Local\Temp\foxy_security.exe
C:\Users\Fate\AppData\Local\Temp\JDownloader2betaSetup.exe
C:\Users\Fate\AppData\Local\Temp\JDSetup130507981355622980.exe
C:\Users\Fate\AppData\Local\Temp\JDSetup130507990517106987.exe
C:\Users\Fate\AppData\Local\Temp\jre-8u20-windows-au.exe
C:\Users\Fate\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Fate\AppData\Local\Temp\proxy_vole9112970660696067226.dll
C:\Users\Fate\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Fate\AppData\Local\Temp\sdapskill.exe
C:\Users\Fate\AppData\Local\Temp\sdaspwn.exe
C:\Users\Fate\AppData\Local\Temp\sqlite3.exe
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite11261.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite13875.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite13968.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite14054.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite14460.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite15185.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite15933.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite16092.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite16731.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite19989.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite19998.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite20208.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite20383.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite21208.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite21386.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite21409.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite21605.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite22501.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite23994.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite24885.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite25138.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite25382.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite25772.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite28243.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite29543.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite30004.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite30729.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite31037.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite31201.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite31674.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite32392.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite32765.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite32909.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite33734.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite34157.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite35046.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite35056.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite35144.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite35307.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite35428.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite35886.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite36123.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite36570.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite36805.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite37422.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite37444.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite38741.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite39216.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite39953.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite40658.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite40988.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite40999.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite43552.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite44756.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite44763.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite44851.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite45171.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite45187.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite47742.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite48648.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite48997.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite49220.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite49540.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite50123.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite50334.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite50634.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite52667.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite53217.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite54597.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite55858.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite55916.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite57122.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite58013.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite58479.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite59380.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite60171.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite60315.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite60865.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite62371.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite63309.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite65092.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite65478.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite65653.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite65840.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite65917.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite65998.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite66236.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite66334.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite68625.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite68756.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite69731.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite70152.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite70408.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite70583.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite71553.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite71972.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite72621.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite73094.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite75691.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite76088.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite76416.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite76439.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite77957.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite78938.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite79753.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite79916.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite81437.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite81701.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite83195.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite83592.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite83983.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite84716.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite85385.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite85417.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite86761.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite87028.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite87114.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite88447.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite88455.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite89235.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite89449.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite89696.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite90769.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite90869.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite91530.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite91670.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite92112.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite92305.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite92685.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite93818.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite93942.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite94590.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite95274.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite95482.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite95624.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite95854.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite97517.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite97792.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite97968.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite98145.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite99179.dll
C:\Users\Fate\AppData\Local\Temp\System.Data.SQLite99553.dll
C:\Users\Fate\AppData\Local\Temp\tester.dll
C:\Users\Fate\AppData\Local\Temp\tmd_34013690.exe
C:\Users\Fate\AppData\Local\Temp\tmd_34015329.exe
C:\Users\Fate\AppData\Local\Temp\WEB.DE_MailCheck_FF_Setup_2.10.1.1735.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-26 12:32
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- ---
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014
Ran by Fate at 2014-10-27 15:17:57
Running from C:\Users\Fate\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BEWERBUNGSMASTER (HKLM-x32\...\ST6UNST #1) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.26 - Abelssoft)
ffdshow v1.3.4531 [2014-06-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4531.0 - )
Firebird 2.5.0.26074 (x64) (HKLM\...\FBDBServer_2_5_x64_is1) (Version: 2.5.0.26074 - Firebird Project)
Free YouTube to MP3 Converter version 3.12.42.716 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.42.716 - DVDVideoSoft Ltd.)
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
ICQ 8.2 (build 7100) (HKCU\...\ICQ) (Version: 8.2.7100.0 - ICQ)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
K-Lite Codec Pack 9.9.9 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.9 - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaInfo 0.7.69 (HKLM\...\MediaInfo) (Version: 0.7.69 - MediaArea.net)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{EBFC96E5-4409-426E-88B7-650ADB342E78}) (Version: 8.0.50727.42 - The Firebird Project)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
OpenVPN 2.3.4-I002 (HKLM\...\OpenVPN) (Version: 2.3.4-I002 - )
RocketTab (HKLM-x32\...\RocketTab) (Version: - RocketTab) <==== ATTENTION
SAM Broadcaster v4 (HKLM-x32\...\SAM3) (Version: v4 - Spacial Audio Solutions, LLC)
Symantec Endpoint Protection (HKLM\...\{D1D6827C-3CEE-4416-AB04-CB97A289CE91}) (Version: 12.1.5337.5000 - Symantec Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
tools-freebsd (x32 Version: 9.6.2.1744117 - VMware, Inc.) Hidden
tools-linux (x32 Version: 9.6.2.1744117 - VMware, Inc.) Hidden
tools-netware (x32 Version: 9.6.2.1744117 - VMware, Inc.) Hidden
tools-solaris (x32 Version: 9.6.2.1744117 - VMware, Inc.) Hidden
tools-windows (x32 Version: 9.6.2.1744117 - VMware, Inc.) Hidden
tools-winPre2k (x32 Version: 9.6.2.1744117 - VMware, Inc.) Hidden
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.2 - VMware, Inc)
VMware Workstation (Version: 10.0.2 - VMware, Inc.) Hidden
VNC Server 5.2.0 (HKLM\...\{30F8A5EC-1BA9-459B-82F6-F364132D2324}) (Version: 5.2.0 - RealVNC Ltd)
VNC Viewer 5.2.0 (HKLM\...\{7F6A0AFE-6D55-4E4F-9806-3D798CDF8283}) (Version: 5.2.0 - RealVNC Ltd)
VueScan x64 (HKLM\...\VueScan x64) (Version: - )
WEB.DE MailCheck für Mozilla Firefox (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 2.10.1.1735 - 1&1 Mail & Media GmbH)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
x64 Components v4.6.9 (HKLM\...\Advanced x64Components_is1) (Version: 4.6.9 - Shark007)
XMedia Recode Version 3.1.9.1 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.9.1 - XMedia Recode)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
27-10-2014 10:22:24 OTL Restore Point - 27.10.2014 11:22:22
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-07-15 20:51 - 00013859 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 ocsp.godaddy.com
127.0.0.1 watson.microsoft.com
127.0.0.1 65.55.53.190
127.0.0.1 google-analystics.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 update10.oo-software.com
127.0.0.1 secure.tune-up.com
127.0.0.1 www.order.tune-up.com
127.0.0.1 www.tune-up.com
127.0.0.1 www.tune-up.com/order
127.0.0.1 www.registertuneup.com
127.0.0.1 live.virtualdj.com
127.0.0.1 88.190.229.28
127.0.0.1 liveupdate.inicom.net
127.0.0.1 update.inicom.net
127.0.0.1 inicom.net
127.0.0.1 www.inicom.net
127.0.0.1 liveupdate.flashfxp.com
127.0.0.1 update.flashfxp.com
127.0.0.1 flashfxp.com
127.0.0.1 www.flashfxp.com
127.0.0.1 192.168.112.2O7.net
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.adobe.com:443
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
There are 358 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {134AB9C1-8B10-4D32-A17D-54717A3D4F83} - System32\Tasks\RocketTab => C:\Windows\system32\cmd.exe [2010-11-21] (Microsoft Corporation) <==== ATTENTION
Task: {42BBB134-8D72-4B77-92D1-CF41D5FAA7A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-16] (Adobe Systems Incorporated)
Task: {C459A28F-F67B-4986-A6A3-D7E108842A40} - System32\Tasks\fsupdate => C:\PROGRA~2\Flowsurf\fsupd.exe
Task: {DEEC3D7F-F527-4AFD-AFCE-F9528B0F2438} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-07-21] (CHIP)
Task: {F2582F31-0223-47D2-A367-EBAB352149C8} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-09-23] () <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-04-14 15:04 - 2014-04-14 15:04 - 14407384 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2014-09-23 11:25 - 2014-09-23 11:25 - 01423080 _____ () C:\Program Files (x86)\Search Extensions\Client.exe
2014-07-28 19:28 - 2014-07-21 19:03 - 00054024 _____ () C:\Program Files (x86)\CHIP Updater\AbSettings.dll
2014-07-28 19:28 - 2014-07-21 19:03 - 01399048 _____ () C:\Program Files (x86)\CHIP Updater\AbGui.dll
2014-07-28 19:28 - 2014-07-21 19:03 - 00020232 _____ () C:\Program Files (x86)\CHIP Updater\AbStartManager.dll
2014-07-28 19:28 - 2014-07-21 19:03 - 00041224 _____ () C:\Program Files (x86)\CHIP Updater\AbApi.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-14 15:41 - 2014-04-14 15:41 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2014-07-22 09:19 - 2014-07-22 09:19 - 00859144 _____ () C:\Users\Fate\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-08-10 15:50 - 2012-08-10 15:50 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
2014-09-25 08:31 - 2014-09-25 08:31 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-16 08:33 - 2014-09-16 08:33 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{D4C97850-91FC-41F0-835D-8F51DF18E7B4}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-3339884646-4194768031-2543446111-500 - Administrator - Disabled)
Fate (S-1-5-21-3339884646-4194768031-2543446111-1002 - Administrator - Enabled) => C:\Users\Fate
Gast (S-1-5-21-3339884646-4194768031-2543446111-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/27/2014 03:11:54 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensing: No valid license installed.
Error: (10/27/2014 02:53:18 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensing: No valid license installed.
Error: (10/27/2014 02:53:18 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensing: No valid license installed.
Error: (10/27/2014 02:51:59 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensing: No valid license installed.
Error: (10/27/2014 02:51:57 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensing: No valid license installed.
Error: (10/27/2014 02:51:36 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensing: No valid license installed.
Error: (10/27/2014 02:51:36 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensing: No valid license installed.
Error: (10/27/2014 02:48:10 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensing: No valid license installed.
Error: (10/27/2014 02:48:10 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensing: No valid license installed.
Error: (10/27/2014 02:46:48 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensing: No valid license installed.
System errors:
=============
Error: (10/25/2014 09:45:17 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (10/25/2014 09:45:17 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (10/25/2014 09:45:16 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (10/25/2014 09:45:15 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (10/25/2014 09:45:14 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (10/25/2014 09:45:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (10/23/2014 08:27:17 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (10/23/2014 08:27:16 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (10/23/2014 08:27:15 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (10/23/2014 08:27:13 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Microsoft Office Sessions:
=========================
Error: (10/27/2014 03:11:54 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensingNo valid license installed.
Error: (10/27/2014 02:53:18 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensingNo valid license installed.
Error: (10/27/2014 02:53:18 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensingNo valid license installed.
Error: (10/27/2014 02:51:59 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensingNo valid license installed.
Error: (10/27/2014 02:51:57 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensingNo valid license installed.
Error: (10/27/2014 02:51:36 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensingNo valid license installed.
Error: (10/27/2014 02:51:36 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensingNo valid license installed.
Error: (10/27/2014 02:48:10 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensingNo valid license installed.
Error: (10/27/2014 02:48:10 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensingNo valid license installed.
Error: (10/27/2014 02:46:48 PM) (Source: VNC Server) (EventID: 256) (User: )
Description: FeatureLicensingNo valid license installed.
==================== Memory info ===========================
Processor: AMD A8-3870 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 32%
Total physical RAM: 7913.64 MB
Available physical RAM: 5370.09 MB
Total Pagefile: 15825.45 MB
Available Pagefile: 13216.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:292.97 GB) (Free:158.24 GB) NTFS
Drive d: () (Fixed) (Total:784.97 GB) (Free:738.33 GB) NTFS
Drive e: () (Fixed) (Total:784.97 GB) (Free:503.83 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D7D6110E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=785 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=785 GB) - (Type=07 NTFS)
==================== End Of Log ============================ |