So alles gemacht. Hier die Logs:
mbam: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 25.07.2014
Suchlauf-Zeit: 08:21:53
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.07.25.01
Rootkit Datenbank: v2014.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: d.sadlowski
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 471799
Verstrichene Zeit: 47 Min, 7 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 0
(No malicious items detected)
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 4
PUP.Optional.Babylon.A, C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage, Löschen bei Neustart, [f6bf148f106b76c0557ab0250af8a759],
PUP.Optional.Babylon.A, C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal, Löschen bei Neustart, [7f362e75dba01e189a35666f16ec26da],
PUP.Optional.Trovi.A, C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MC948235E-0F93-4947-A028-92E79013E69E&SearchSource=55&CUI=&UM=5&UP=SP7571E747-0A8C-4BEC-8103-F7036C4035DD&SSPV=", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=1e03b980-3985-432e-a4c6-68adb106d03b&searchtype=hp", "hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&mntrId=0E7514DAE9EF9856", "hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=CAA500FF8E3FB1F5&affID=121562&tt=250613_gr4&tsp=4927", "hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN29563250422329920&UM=2", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutCyE0D0A0Ezy0E0FzyzzyDyCtAyBzy0AtN0D0Tzu0SyCzyyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=513532471&ir=", "hxxp://search.babylon.com/?affID=113480&tt=3012_3&babsrc=HP_ss&mntrId=0e7582dc000000000000801f0225445e" ],), Ersetzt,[cce9cdd695e669cd1d97aa37c73dea16]
PUP.Optional.Trovi.A, C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MC948235E-0F93-4947-A028-92E79013E69E&SearchSource=55&CUI=&UM=5&UP=SP7571E747-0A8C-4BEC-8103-F7036C4035DD&SSPV=",), Ersetzt,[5f56881b116a1125c9ec03de2fd5e917]
Physische Sektoren: 0
(No malicious items detected)
(end) adwcleaner: Code:
# AdwCleaner v3.216 - Bericht erstellt am 25/07/2014 um 09:34:16
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : d.sadlowski - WBLPC001
# Gestartet von : C:\Users\d.sadlowski\Desktop\adwcleaner_3.216.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdicklfajomdgpciofajkedchajbnhkk
Datei Gelöscht : C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
Datei Gelöscht : C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
Datei Gelöscht : C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage
Datei Gelöscht : C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.17028
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\d.sadlowski\AppData\Roaming\Mozilla\Firefox\Profiles\f0kok9mt.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Gelöscht [Extension] : kincjchfokkeneeofpeefomkikfkiedl
[ Datei : C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://start.facemoods.com/?a=ddrnw&f=4&q={searchTerms}
Gelöscht [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=361&systemid=406&sr=0&q={searchTerms}
Gelöscht [Search Provider] : hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=1e03b980-3985-432e-a4c6-68adb106d03b&searchtype=ds&q={searchTerms}
Gelöscht [Search Provider] : hxxps://isearch.avg.com/search?cid={F2B8BF10-83CC-4839-84EF-270DDBD96640}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
Gelöscht [Search Provider] : hxxp://www1.delta-search.com/?q={searchTerms}&affID=119370&tt=220413_d9116&babsrc=SP_ss&mntrId=0E7514DAE9EF9856
Gelöscht [Search Provider] : hxxp://www.holasearch.com/?q={searchTerms}&affID=121962&tt=gc_&babsrc=SP_ss&mntrId=0E7514DAE9EF9856
Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN29563250422329920&ctid=CT3281675&UM=2
Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutCyE0D0A0Ezy0E0FzyzzyDyCtAyBzy0AtN0D0Tzu0SyCzyyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=513532471&ir=
Gelöscht [Search Provider] : hxxp://www.fahrrad.de/index.php?id=3200&strSearchQuery={searchTerms}
Gelöscht [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MC948235E-0F93-4947-A028-92E79013E69E&SearchSource=55&CUI=&UM=5&UP=SP7571E747-0A8C-4BEC-8103-F7036C4035DD&SSPV=
Gelöscht [Startup_urls] : hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=1e03b980-3985-432e-a4c6-68adb106d03b&searchtype=hp
Gelöscht [Startup_urls] : hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&mntrId=0E7514DAE9EF9856
Gelöscht [Startup_urls] : hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=CAA500FF8E3FB1F5&affID=121562&tt=250613_gr4&tsp=4927
Gelöscht [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN29563250422329920&UM=2
Gelöscht [Startup_urls] : hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutCyE0D0A0Ezy0E0FzyzzyDyCtAyBzy0AtN0D0Tzu0SyCzyyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=513532471&ir=
Gelöscht [Startup_urls] : hxxp://search.babylon.com/?affID=113480&tt=3012_3&babsrc=HP_ss&mntrId=0e7582dc000000000000801f0225445e
Gelöscht [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MC948235E-0F93-4947-A028-92E79013E69E&SearchSource=55&CUI=&UM=5&UP=SP7571E747-0A8C-4BEC-8103-F7036C4035DD&SSPV=
Gelöscht [Extension] : fdicklfajomdgpciofajkedchajbnhkk
*************************
AdwCleaner[R0].txt - [3323 octets] - [25/07/2014 09:30:59]
AdwCleaner[S0].txt - [4598 octets] - [25/07/2014 09:34:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4658 octets] ########## JRT: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by d.sadlowski on 25.07.2014 at 9:40:33,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\d.sadlowski\appdata\local\{20C8C91F-38C0-463E-8E5E-67B9F6FD0CE0}
Successfully deleted: [Empty Folder] C:\Users\d.sadlowski\appdata\local\{9FC83E11-1869-4BD4-B937-B6FEE3CC069D}
Successfully deleted: [Empty Folder] C:\Users\d.sadlowski\appdata\local\{CA0950D6-1C2D-4AAF-A0F4-CD41EBF7817F}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.07.2014 at 9:46:42,92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014
Ran by d.sadlowski (administrator) on WBLPC001 on 25-07-2014 09:54:31
Running from C:\Users\d.sadlowski\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Google Inc.) C:\Users\d.sadlowski\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\d.sadlowski\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\d.sadlowski\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\d.sadlowski\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\d.sadlowski\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\d.sadlowski\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\d.sadlowski\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\d.sadlowski\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\d.sadlowski\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\d.sadlowski\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\d.sadlowski\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\d.sadlowski\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\d.sadlowski\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\d.sadlowski\AppData\Local\Google\Chrome\Application\chrome.exe
(hxxp://www.ruby-lang.org/) C:\HashiCorp\Vagrant\embedded\bin\ruby.exe
(Oracle Corporation) C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
() C:\Program Files\Oracle\VirtualBox\VBoxManage.exe
(Google Inc.) C:\Users\d.sadlowski\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-15] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-06-24] (Conexant Systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3071021822-1824698966-4173804176-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3071021822-1824698966-4173804176-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-3071021822-1824698966-4173804176-1000\...\Run: [Google Update] => C:\Users\d.sadlowski\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-06] (Google Inc.)
HKU\S-1-5-21-3071021822-1824698966-4173804176-1000\...\Run: [WinLess] => C:\Program Files (x86)\Mark Lagendijk\WinLess\WinLess.exe
HKU\S-1-5-21-3071021822-1824698966-4173804176-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3071021822-1824698966-4173804176-1000\...\Run: [GoogleChromeAutoLaunch_238635F962F8300745B13D0507AA0ED5] => C:\Users\d.sadlowski\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
HKU\S-1-5-21-3071021822-1824698966-4173804176-1000\...\MountPoints2: {44d0cac8-5715-11e2-9a45-806e6f6e6963} - D:\SETUP.EXE
HKU\S-1-5-21-3071021822-1824698966-4173804176-1000\...\MountPoints2: {5f35d7d3-f812-11e2-9c16-dc57d5254e64} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3071021822-1824698966-4173804176-1000\...\MountPoints2: {624767f3-6886-11e3-ba84-d56626731e8b} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3071021822-1824698966-4173804176-1000\...\MountPoints2: {cb0fcf9f-d032-11e3-9604-080027005c43} - D:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3071021822-1824698966-4173804176-1001\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13-comm.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13-comm.msn.com
SearchScopes: HKLM - DefaultScope {4318FB8A-42CD-4C6D-B6BB-D5B72A3BDFE1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {4318FB8A-42CD-4C6D-B6BB-D5B72A3BDFE1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {4318FB8A-42CD-4C6D-B6BB-D5B72A3BDFE1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MDDRJS
SearchScopes: HKCU - {4318FB8A-42CD-4C6D-B6BB-D5B72A3BDFE1} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\d.sadlowski\AppData\Roaming\Mozilla\Firefox\Profiles\f0kok9mt.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\d.sadlowski\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\d.sadlowski\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\d.sadlowski\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: LastPass - C:\Users\d.sadlowski\AppData\Roaming\Mozilla\Firefox\Profiles\f0kok9mt.default\Extensions\support@lastpass.com [2014-03-11]
FF Extension: Firebug - C:\Users\d.sadlowski\AppData\Roaming\Mozilla\Firefox\Profiles\f0kok9mt.default\Extensions\firebug@software.joehewitt.com.xpi [2013-07-11]
FF Extension: CodeBurner for Firebug - C:\Users\d.sadlowski\AppData\Roaming\Mozilla\Firefox\Profiles\f0kok9mt.default\Extensions\firebug@tools.sitepoint.com.xpi [2013-07-11]
FF Extension: Firefinder for Firebug - C:\Users\d.sadlowski\AppData\Roaming\Mozilla\Firefox\Profiles\f0kok9mt.default\Extensions\firefinder@robertnyman.com.xpi [2013-07-11]
FF Extension: Omnibar - C:\Users\d.sadlowski\AppData\Roaming\Mozilla\Firefox\Profiles\f0kok9mt.default\Extensions\omnibar@ajitk.com.xpi [2013-07-11]
FF Extension: Firebug Autocompleter - C:\Users\d.sadlowski\AppData\Roaming\Mozilla\Firefox\Profiles\f0kok9mt.default\Extensions\{9aad3da6-6c46-4ef0-9109-6df5eaaf597c}.xpi [2013-07-11]
Chrome:
=======
CHR HomePage: hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MC948235E-0F93-4947-A028-92E79013E69E&SearchSource=55&CUI=&UM=5&UP=SP7571E747-0A8C-4BEC-8103-F7036C4035DD&SSPV=
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MC948235E-0F93-4947-A028-92E79013E69E&SearchSource=55&CUI=&UM=5&UP=SP7571E747-0A8C-4BEC-8103-F7036C4035DD&SSPV=", "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=1e03b980-3985-432e-a4c6-68adb106d03b&searchtype=hp", "hxxp://www.holasearch.com/?affID=121962&tt=gc_&babsrc=HP_ss&mntrId=0E7514DAE9EF9856", "hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=CAA500FF8E3FB1F5&affID=121562&tt=250613_gr4&tsp=4927", "hxxp://search.conduit.com/?ctid=CT3281675&SearchSource=48&CUI=UN29563250422329920&UM=2", "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutCyE0D0A0Ezy0E0FzyzzyDyCtAyBzy0AtN0D0Tzu0SyCzyyBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=513532471&ir=", "hxxp://search.babylon.com/?affID=113480&tt=3012_3&babsrc=HP_ss&mntrId=0e7582dc000000000000801f0225445e"
CHR Plugin: (Shockwave Flash) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (ProxFlow) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2014-05-22]
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2013-03-20]
CHR Extension: (Google Drive) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-10]
CHR Extension: (Web Developer) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2013-01-16]
CHR Extension: (YouTube) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-10]
CHR Extension: (Google-Suche) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-10]
CHR Extension: (W3C (x)HTML Validator) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdicklfajomdgpciofajkedchajbnhkk [2014-07-25]
CHR Extension: (AdBlock) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-28]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-07-11]
CHR Extension: (Google Notizen – Notizen und Listen) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2013-11-08]
CHR Extension: (Google Mail Multi-Account Checker) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpnehokodklgijkcakcfmccgpanipfp [2013-07-11]
CHR Extension: (BrowserStack Local) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfiddfehmfdojjfdpfngagldgaaafcfo [2014-05-20]
CHR Extension: (Hangouts) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-12-27]
CHR Extension: (Diablo 3 profile +) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncoghbpbhlmmoajjnhienleaanmaagaj [2014-05-27]
CHR Extension: (Save to Pocket) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-11-14]
CHR Extension: (Google Wallet) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Google Mail) - C:\Users\d.sadlowski\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-05] (Avira Operations GmbH & Co. KG) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG) [File not signed]
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG) [File not signed]
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-06] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-25 09:47 - 2014-07-25 09:54 - 00025319 _____ () C:\Users\d.sadlowski\Desktop\FRST.txt
2014-07-25 09:42 - 2014-07-25 09:42 - 00000000 ____D () C:\Users\d.sadlowski\Desktop\scann 1
2014-07-25 09:40 - 2014-07-25 09:40 - 00000000 ____D () C:\Windows\ERUNT
2014-07-25 09:31 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-25 09:30 - 2014-07-25 09:34 - 00000000 ____D () C:\AdwCleaner
2014-07-25 09:27 - 2014-07-24 17:12 - 01354223 _____ () C:\Users\d.sadlowski\Desktop\adwcleaner_3.216.exe
2014-07-24 17:15 - 2014-07-25 09:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-24 17:15 - 2014-07-24 17:15 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-24 17:15 - 2014-07-24 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-24 17:15 - 2014-07-24 17:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-24 17:15 - 2014-07-24 17:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-24 17:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-24 17:15 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-24 17:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-24 17:10 - 2014-07-25 09:47 - 00000000 ____D () C:\Users\d.sadlowski\Desktop\killItWithFire
2014-07-24 08:47 - 2014-07-25 09:54 - 00000000 ____D () C:\FRST
2014-07-24 08:46 - 2014-07-24 08:46 - 02093568 _____ (Farbar) C:\Users\d.sadlowski\Desktop\FRST64.exe
2014-07-22 12:51 - 2014-07-22 12:51 - 00000000 ____D () C:\Users\d.sadlowski\AppData\Roaming\LolClient
2014-07-22 12:10 - 2014-07-22 12:10 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-22 12:09 - 2014-07-22 12:09 - 00000000 ____D () C:\Riot Games
2014-07-22 12:09 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-07-22 12:09 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-07-22 12:09 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-07-22 12:09 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-07-22 12:09 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-07-22 12:04 - 2014-07-24 12:51 - 00000000 ____D () C:\Users\d.sadlowski\AppData\Local\PMB Files
2014-07-22 12:04 - 2014-07-23 13:24 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-22 12:04 - 2014-07-22 12:04 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-07-22 12:03 - 2014-07-22 12:04 - 00000000 ____D () C:\Users\d.sadlowski\AppData\Roaming\Riot Games
2014-07-16 09:56 - 2014-07-16 09:55 - 00495616 _____ (Simon Tatham) C:\Windows\system32\putty.exe
2014-07-16 09:55 - 2014-07-16 09:55 - 00495616 _____ (Simon Tatham) C:\Users\d.sadlowski\putty.exe
2014-07-16 09:55 - 2014-07-16 09:55 - 00495616 _____ (Simon Tatham) C:\Users\d.sadlowski\Desktop\putty.exe
2014-07-14 15:04 - 2014-07-14 15:04 - 00000034 _____ () C:\Users\d.sadlowski\AppData\Roaming\AdobeWLCMCache.dat
2014-07-10 08:35 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 08:35 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 08:35 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 08:35 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 08:34 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 08:34 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 08:34 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 08:34 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 08:34 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 08:34 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 08:34 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 08:34 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 08:34 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 08:34 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-10 08:34 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 08:34 - 2014-06-19 04:10 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 08:34 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 08:34 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 08:34 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 08:34 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-10 08:34 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 08:34 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 08:34 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 08:34 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 08:34 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 08:34 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 08:34 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 08:34 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 08:34 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 08:34 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 08:34 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 08:34 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 08:34 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 08:34 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 08:34 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-10 08:34 - 2014-06-19 02:52 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 08:34 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 08:34 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 08:34 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 08:34 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-10 08:34 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 08:34 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 08:34 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 08:34 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 08:34 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 08:34 - 2014-06-19 01:37 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-10 08:34 - 2014-06-19 01:34 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-10 08:34 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 08:34 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 08:34 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 08:34 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 08:34 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 08:34 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-10 08:34 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 08:34 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 08:34 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 08:34 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 08:34 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 08:34 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 08:34 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 08:34 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 08:34 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 08:34 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 08:34 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 08:34 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 08:34 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 08:34 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 08:34 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 11:58 - 2014-07-09 11:58 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-04 09:27 - 2014-07-08 08:46 - 00001074 _____ () C:\Users\d.sadlowski\Desktop\Adobe Photoshop CC 2014.lnk
2014-07-03 09:47 - 2014-07-15 17:00 - 00008201 _____ () C:\Users\d.sadlowski\Desktop\momati.txt
2014-07-02 18:58 - 2014-07-02 18:58 - 00001099 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2014-07-02 18:51 - 2014-07-02 18:51 - 00001042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2014-07-02 18:42 - 2014-07-02 18:42 - 00001485 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2014.lnk
2014-07-02 18:29 - 2014-07-02 18:29 - 00001265 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2014.lnk
2014-06-30 12:33 - 2014-06-30 12:33 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2014.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-25 09:54 - 2014-07-25 09:47 - 00025319 _____ () C:\Users\d.sadlowski\Desktop\FRST.txt
2014-07-25 09:54 - 2014-07-24 08:47 - 00000000 ____D () C:\FRST
2014-07-25 09:54 - 2013-04-08 13:51 - 00000000 ____D () C:\Users\d.sadlowski\VirtualBox VMs
2014-07-25 09:54 - 2013-04-08 13:46 - 00000000 ____D () C:\Users\d.sadlowski\.VirtualBox
2014-07-25 09:54 - 2013-01-05 10:58 - 01818547 _____ () C:\Windows\WindowsUpdate.log
2014-07-25 09:49 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-25 09:49 - 2009-07-14 06:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-25 09:47 - 2014-07-24 17:10 - 00000000 ____D () C:\Users\d.sadlowski\Desktop\killItWithFire
2014-07-25 09:42 - 2014-07-25 09:42 - 00000000 ____D () C:\Users\d.sadlowski\Desktop\scann 1
2014-07-25 09:40 - 2014-07-25 09:40 - 00000000 ____D () C:\Windows\ERUNT
2014-07-25 09:37 - 2014-01-13 11:13 - 00000000 ___RD () C:\Users\d.sadlowski\Google Drive
2014-07-25 09:36 - 2013-01-10 09:30 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-25 09:35 - 2013-03-13 17:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-25 09:35 - 2010-11-21 05:47 - 00350948 _____ () C:\Windows\PFRO.log
2014-07-25 09:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-25 09:35 - 2009-07-14 06:51 - 00070315 _____ () C:\Windows\setupact.log
2014-07-25 09:34 - 2014-07-25 09:30 - 00000000 ____D () C:\AdwCleaner
2014-07-25 09:32 - 2013-01-10 09:30 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-25 09:28 - 2014-07-24 17:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-25 09:14 - 2013-09-06 08:07 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3071021822-1824698966-4173804176-1000UA.job
2014-07-25 09:14 - 2013-09-06 08:06 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3071021822-1824698966-4173804176-1000Core.job
2014-07-25 08:58 - 2013-03-13 12:53 - 00000952 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3071021822-1824698966-4173804176-1000UA.job
2014-07-25 08:58 - 2013-01-05 10:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-25 08:50 - 2013-01-10 09:00 - 00000000 ____D () C:\Users\d.sadlowski
2014-07-25 08:30 - 2013-01-10 09:55 - 00000000 ____D () C:\Users\d.sadlowski\AppData\Local\Adobe
2014-07-24 17:15 - 2014-07-24 17:15 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-24 17:15 - 2014-07-24 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-24 17:15 - 2014-07-24 17:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-24 17:15 - 2014-07-24 17:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-24 17:12 - 2014-07-25 09:27 - 01354223 _____ () C:\Users\d.sadlowski\Desktop\adwcleaner_3.216.exe
2014-07-24 15:20 - 2013-01-10 11:23 - 00001456 _____ () C:\Users\d.sadlowski\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-07-24 12:51 - 2014-07-22 12:04 - 00000000 ____D () C:\Users\d.sadlowski\AppData\Local\PMB Files
2014-07-24 12:01 - 2014-03-04 12:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 12:00 - 2014-03-04 12:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 12:00 - 2014-03-04 12:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 11:58 - 2013-03-13 12:53 - 00000930 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3071021822-1824698966-4173804176-1000Core.job
2014-07-24 08:46 - 2014-07-24 08:46 - 02093568 _____ (Farbar) C:\Users\d.sadlowski\Desktop\FRST64.exe
2014-07-23 13:24 - 2014-07-22 12:04 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-22 12:51 - 2014-07-22 12:51 - 00000000 ____D () C:\Users\d.sadlowski\AppData\Roaming\LolClient
2014-07-22 12:10 - 2014-07-22 12:10 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-22 12:09 - 2014-07-22 12:09 - 00000000 ____D () C:\Riot Games
2014-07-22 12:04 - 2014-07-22 12:04 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2014-07-22 12:04 - 2014-07-22 12:03 - 00000000 ____D () C:\Users\d.sadlowski\AppData\Roaming\Riot Games
2014-07-16 10:02 - 2014-03-14 14:29 - 00000600 _____ () C:\Users\d.sadlowski\AppData\Local\PUTTY.RND
2014-07-16 09:55 - 2014-07-16 09:56 - 00495616 _____ (Simon Tatham) C:\Windows\system32\putty.exe
2014-07-16 09:55 - 2014-07-16 09:55 - 00495616 _____ (Simon Tatham) C:\Users\d.sadlowski\putty.exe
2014-07-16 09:55 - 2014-07-16 09:55 - 00495616 _____ (Simon Tatham) C:\Users\d.sadlowski\Desktop\putty.exe
2014-07-15 17:00 - 2014-07-03 09:47 - 00008201 _____ () C:\Users\d.sadlowski\Desktop\momati.txt
2014-07-14 15:04 - 2014-07-14 15:04 - 00000034 _____ () C:\Users\d.sadlowski\AppData\Roaming\AdobeWLCMCache.dat
2014-07-10 14:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 12:18 - 2009-07-14 06:45 - 05289904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 12:16 - 2014-05-07 12:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 12:16 - 2010-11-21 09:01 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 12:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 12:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 11:58 - 2014-07-09 11:58 - 11204096 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-09 11:58 - 2013-01-05 10:59 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 11:58 - 2013-01-05 10:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 11:58 - 2013-01-05 10:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 08:33 - 2013-01-10 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-08 08:46 - 2014-07-04 09:27 - 00001074 _____ () C:\Users\d.sadlowski\Desktop\Adobe Photoshop CC 2014.lnk
2014-07-04 09:27 - 2013-01-10 09:13 - 00107328 _____ () C:\Users\d.sadlowski\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-03 17:42 - 2013-01-18 09:44 - 00000000 ____D () C:\Users\d.sadlowski\AppData\Roaming\Spotify
2014-07-03 14:27 - 2013-01-18 09:44 - 00000000 ____D () C:\Users\d.sadlowski\AppData\Local\Spotify
2014-07-03 08:32 - 2013-01-10 09:02 - 00000000 ____D () C:\Temp
2014-07-03 08:29 - 2013-01-10 09:01 - 00000000 ____D () C:\Windows\System32\Tasks\Dell
2014-07-03 08:17 - 2013-03-14 11:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-02 18:58 - 2014-07-02 18:58 - 00001099 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2014-07-02 18:58 - 2013-01-10 10:22 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-02 18:51 - 2014-07-02 18:51 - 00001042 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2014-07-02 18:51 - 2013-01-10 10:17 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-02 18:51 - 2013-01-10 09:11 - 00000000 ____D () C:\Users\d.sadlowski\AppData\Roaming\Adobe
2014-07-02 18:50 - 2013-01-10 10:25 - 00000000 ____D () C:\Program Files\Adobe
2014-07-02 18:42 - 2014-07-02 18:42 - 00001485 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2014.lnk
2014-07-02 18:29 - 2014-07-02 18:29 - 00001265 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2014.lnk
2014-06-30 16:06 - 2014-02-03 11:00 - 00000000 ____D () C:\Users\d.sadlowski\Desktop\PNG
2014-06-30 12:33 - 2014-06-30 12:33 - 00001030 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2014.lnk
2014-06-30 12:29 - 2013-01-10 11:08 - 00000000 ____D () C:\xampp
2014-06-30 12:29 - 2013-01-10 09:05 - 00000000 ____D () C:\Users\Administrator
2014-06-30 12:28 - 2014-06-24 12:24 - 00000000 ____D () C:\devkit
2014-06-30 12:28 - 2014-06-24 12:10 - 00000000 ____D () C:\ruby
2014-06-30 12:28 - 2013-01-10 13:19 - 00000000 ____D () C:\## WBL ##
2014-06-30 12:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-30 12:27 - 2013-01-10 09:30 - 00004116 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-30 12:27 - 2013-01-10 09:30 - 00003864 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-30 04:09 - 2014-07-10 08:35 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-10 08:35 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
Files to move or delete:
====================
C:\Users\d.sadlowski\putty.exe
Some content of TEMP:
====================
C:\Users\d.sadlowski\AppData\Local\Temp\AAMHelper.exe
C:\Users\d.sadlowski\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\d.sadlowski\AppData\Local\Temp\AskSLib.dll
C:\Users\d.sadlowski\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\d.sadlowski\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\d.sadlowski\AppData\Local\Temp\csgq7l85.dll
C:\Users\d.sadlowski\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\d.sadlowski\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\d.sadlowski\AppData\Local\Temp\GURAAEE.exe
C:\Users\d.sadlowski\AppData\Local\Temp\i4jdel0.exe
C:\Users\d.sadlowski\AppData\Local\Temp\Quarantine.exe
C:\Users\d.sadlowski\AppData\Local\Temp\restarter1153486042710178087.exe
C:\Users\d.sadlowski\AppData\Local\Temp\restarter1935916654619067824.exe
C:\Users\d.sadlowski\AppData\Local\Temp\restarter2755185779651137585.exe
C:\Users\d.sadlowski\AppData\Local\Temp\restarter2823801017114507451.exe
C:\Users\d.sadlowski\AppData\Local\Temp\restarter296020675752251379.exe
C:\Users\d.sadlowski\AppData\Local\Temp\restarter3692836621352209392.exe
C:\Users\d.sadlowski\AppData\Local\Temp\restarter3908506811931996056.exe
C:\Users\d.sadlowski\AppData\Local\Temp\restarter4079831027247160420.exe
C:\Users\d.sadlowski\AppData\Local\Temp\restarter4124764772994869994.exe
C:\Users\d.sadlowski\AppData\Local\Temp\restarter4751706848142503366.exe
C:\Users\d.sadlowski\AppData\Local\Temp\restarter5982922239069794790.exe
C:\Users\d.sadlowski\AppData\Local\Temp\restarter6807374234387741225.exe
C:\Users\d.sadlowski\AppData\Local\Temp\restarter684484506684506216.exe
C:\Users\d.sadlowski\AppData\Local\Temp\restarter6982752092860974111.exe
C:\Users\d.sadlowski\AppData\Local\Temp\restarter8649586734085705970.exe
C:\Users\d.sadlowski\AppData\Local\Temp\restarter875088196778865100.exe
C:\Users\d.sadlowski\AppData\Local\Temp\restarter882856940265723596.exe
C:\Users\d.sadlowski\AppData\Local\Temp\swt-win32-3349.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-18 09:27
==================== End Of Log ============================ --- --- ---
--- --- --- |